Hi,
I am developing SHIM layer for ClamAV to support Freescale pattern
matching hardware. Could you please clarify a few queries:
1. Freescale has a pattern matching engine with 64k pattern capacity.
But clamAV has approx 169000 signatures. This means hardware engine
will not be able to accomodate all the signatures. So we plan to read
.db & .ndb files line by line & load as many possible signatures in
hardware pattern table & then let the remaining signatures into
software data structures.
Queries:
- With the above logic, the signatures in daily.cvd always end
up in software data structures.Can we assume that daily.cvd file
contains the currently prevalent signatures ? If so, does it improve
the performance if we store the daily.cvd signatures in hardware tables ?
- Is main.cvd organized in such a fashion that prevalent
signatures are at the top ? If not, the concern is that hardware scan
hit rate is not as optimal as possible.
2. In clamd signature reloading process, does it always unload the
current signatures & then reload the fresh signatures ? Even if only
daily.cvd is updated in the freshclam update ?
3. When the signature database is updated, Feshclam returns 0. Is
there a way to find whether main.cvd is updated or daily.cvd is
updated or both ?
Please clarify.
Thanks,
Babu
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
