On Tue, 06 Dec 2005 at 2:45:47 +0000, Mike Bremford wrote: > Hi all. I've recently installed ClamAV 0.87.1 and although it's > picking up geniune virii successfully, we're getting a large number > of mangled W32/Mytob-GH through. I say mangled because the ZIP file > appears to be damaged or truncated. [...] > As a poor second alternative, is there a way to get clamd to pick up > on MD5 signatures? I know about the .db files, but what I really want > to do is something like "sigtool --md5 brokenzips/* > /var/lib/clamav/ > badzips.hdb"
It's highly unlikely that you manage to stop other copies of damaged zip files with MD5 signatures. Because such files differ. > and have that file picked up by clamd for it's automatic > scanning. Currently it seems that clamd looks for .db and .cvb files, > but not .hdb files. It does. If you mean that it doesn't work for you it may be due to the reason given above (next damaged zipfiles are different) or to some local misconfiguration at your site, like DatabaseDirectory other than /var/lib/clamav/ or so (if clamd really doesn't use your .hdb file). When you restart clamd, is the number in "Protecting against 41294 viruses" in clamd.log the same _with_ and _without_ your .hdb file? -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner _______________________________________________ http://lurker.clamav.net/list/clamav-users.html