Noel Jones wrote:
> At 02:02 PM 7/12/2007, John Rudd wrote:
>>> Such scripts have
>>> been posted frequently and several good ones are available from
>>> http://sanesecurity.co.uk/clamav/usage.htm
>> I saw the supporting material on sanesecurity's downloads page, but it
>> looked like it was almost all windows oriented (ie. useless to me).
>
> There are 5 scripts on the page, only the last one is labeled as a
> windows script.
>
>> Plus, I want one thing that I can apply to all 3rd parties, and I
>> (perhaps incorrectly) assumed sanesecurity's stuff would be oriented
>> just around their own stuff.
>
> All those scripts are clearly labeled as working with MSRBL.
Like I said, what I looked at was their downloads page.
Their downloads page has:
1) their phishing signatures
2) their scam signatures
3) a windows installer for their phishing signatures
4) a windows installer for their scam signatures
5) a build of clamav for windows
6) a signature updater that doesn't give a platform, but is from the
same source as #5
7) rsync for windows
8&9) references to MSRBL signatures
So, as I said: the only specifics of the page I looked at, before you
made me aware of their usage page, were windows specific, and the
installers were also highly specific.
>
>> Yes, I am/was aware that I'm undermining rsync's bandwidth savings. I
>> just hadn't figured out the best way to address that. I don't think
>> that leaving it in /tmp/{something} works well for that. I had been
>> thinking about doing the scratch space in
>> /usr/local/share/{something}/tmp, but wasn't sure if that would be
>> standard enough.
>
> Consensus seems to be that /var/tmp/clamdb or similar is an
> appropriate place to hold the scratch/work files.
>
> checking for updates every hour is wasteful, every 4 hours is more reasonable.
noted.
>
> Here's a perl "one-liner" you might want to integrate in your script
> - it signals clamd to reload the database. Only run this if one of
> the databases has changed.
>
> # perl -MIO::Socket::UNIX -we 'my $s = IO::Socket::UNIX->new (shift);
> $s->print("RELOAD"); print $s->getline; $s->close'
> /var/run/clamav/clamd.socket
>
When I switch to the Mail::ClamAV method, it has a means of detecting
and reloading as necessary. I'm doing that this week.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
