In embedded application, is the hard constraint efficiently addressable writeable memory space, or simply available random accessable memory? I am having a little trouble envisioning a fileserver design that would run well on an embedded system that couldn't comfortably support extra memory for sigs, wouldn't the code to implement a robust filesystem plus the buffering needed for cache dominate?
I haven't set up ClamAV in a while. Can't seem to quickly find signature database format from my phone. Does the format not include category classification, like snort's? For some security policies, I could easily see a subset of the database sufficing, especially if you could occasionally check from a bigger system. _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
