At 03:06 PM 8/20/2007, Adam Gibson wrote: >Bill Landry wrote: > > Adam Gibson wrote: >--- CUT--- > >> I think we are saying the same thing. By checking to make sure it > >> detects eicar before copying the dat files over it also makes sure the > >> dat files are not corrupt. The dat files are initially downloaded to a > >> temporary staging area which does not impact the running clamd. Only > >> after testing the dat files to see if they properly detect the eicar > >> test virus do they get copied into the default clam dat signature > >> database directory. This solves both problems at the same time. > > > > Sounds like a lot of needless extra effort versus the sanctioned and ClamAV > > developed and supported way of testing signature files for corruption. > > > > Bill > >Maybe I am just paranoid but I personally see the test to make sure the >dat files detect a virus as a worthwhile step. A dat pattern that >passes corruption tests does not guarantee that the dat file detects >viruses IMHO. I am not that familiar with clamav though so maybe they >do some checks like that. By using the same method for all virus >scanners I feel more comfortable. It only takes parsing the output of >the virus scanner that you are testing to see if it detected the virus >and if so move the dat files to the production dat directory. This >seems like a pretty simple step to me.
Testing for EICAR detection is OK if you're talking about the standard clamav signatures. But this discussion is also about testing add-on signatures, such as the excellent ones from SaneSecurity. Add-on files don't contain an EICAR signature (although some of them have a separate test file published). -- Noel Jones ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
