I am developing SHIM layer for ClamAV to support Freescale pattern 
matching hardware. Could you please clarify a few queries:

1. Freescale has a pattern matching engine with 64k pattern capacity. 
But clamAV has approx 169000 signatures. This means hardware engine 
will not be able to accomodate all the signatures. So we plan to read 
.db & .ndb files line by line & load as many possible signatures in 
hardware pattern table & then let the remaining signatures into 
software data structures.

     - With the above logic, the signatures in daily.cvd always end 
up in software data structures.Can we assume that daily.cvd file 
contains the currently prevalent signatures ? If so, does it improve 
the performance if we store the daily.cvd signatures in hardware tables ?
     - Is main.cvd organized in such a fashion that prevalent 
signatures are at the top ? If not, the concern is that hardware scan 
hit rate is not as optimal as possible.

2. In clamd signature reloading process, does it always unload the 
current signatures & then reload the fresh signatures ? Even if only 
daily.cvd is updated in the freshclam update ?

3. When the signature database is updated, Feshclam returns 0. Is 
there a way to find whether main.cvd is updated or daily.cvd is 
updated or both ?

Please clarify.


Please submit your patches to our Bugzilla: http://bugs.clamav.net

Reply via email to