Noel Jones wrote: > At 02:02 PM 7/12/2007, John Rudd wrote: >>> Such scripts have >>> been posted frequently and several good ones are available from >>> http://sanesecurity.co.uk/clamav/usage.htm >> I saw the supporting material on sanesecurity's downloads page, but it >> looked like it was almost all windows oriented (ie. useless to me). > > There are 5 scripts on the page, only the last one is labeled as a > windows script. > >> Plus, I want one thing that I can apply to all 3rd parties, and I >> (perhaps incorrectly) assumed sanesecurity's stuff would be oriented >> just around their own stuff. > > All those scripts are clearly labeled as working with MSRBL.
Like I said, what I looked at was their downloads page. Their downloads page has: 1) their phishing signatures 2) their scam signatures 3) a windows installer for their phishing signatures 4) a windows installer for their scam signatures 5) a build of clamav for windows 6) a signature updater that doesn't give a platform, but is from the same source as #5 7) rsync for windows 8&9) references to MSRBL signatures So, as I said: the only specifics of the page I looked at, before you made me aware of their usage page, were windows specific, and the installers were also highly specific. > >> Yes, I am/was aware that I'm undermining rsync's bandwidth savings. I >> just hadn't figured out the best way to address that. I don't think >> that leaving it in /tmp/{something} works well for that. I had been >> thinking about doing the scratch space in >> /usr/local/share/{something}/tmp, but wasn't sure if that would be >> standard enough. > > Consensus seems to be that /var/tmp/clamdb or similar is an > appropriate place to hold the scratch/work files. > > checking for updates every hour is wasteful, every 4 hours is more reasonable. noted. > > Here's a perl "one-liner" you might want to integrate in your script > - it signals clamd to reload the database. Only run this if one of > the databases has changed. > > # perl -MIO::Socket::UNIX -we 'my $s = IO::Socket::UNIX->new (shift); > $s->print("RELOAD"); print $s->getline; $s->close' > /var/run/clamav/clamd.socket > When I switch to the Mail::ClamAV method, it has a means of detecting and reloading as necessary. I'm doing that this week. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html