On 2010-01-07 19:49, John Corelli wrote:
> Hi All -
>
> I'm new to clamav, but I've spent time looking through the archives and
> FAQs, so I hope my question is not too "newbish".
>
> I'm running clam 0.95.3 on a single Centos 5.3 system. That system will not
> be connected to the internet ever, but I have DSS/NISPOM security
> requirements that I run AV tools on that computer and update the virus
> dat/database files on a regular basis. I see that freshclam is a nice way
> to get the updated sigs etc., but I will be running without that tool.
>
If you are not connected to the internet what are you scanning? Network
shares?
> What is the best way to get virus sig updates via sneakernet? From the
> setup I have, I see that there is the main.cvd, daily.cvd and daily.cld
> files which are all the ones that need to get updated.
>
> I believe it is the two daily.* files that need to be the same version at
> all times, correct? Is main.cvd the engine then?
>
Both main.cvd and daily.* are the database, main.cvd is updated less often,
while daily.cvd is updated several times a day.
The CVD and CLD files store the same information, the former is the
compressed database,
the latter is a previous CVD/CLD, with an incremental update applied to it.
Thus if you have a .cld file you shouldn't have a .cvd file. If the
incremental update fails you'll get a CVD file again.
The simplest way would be to run freshclam, copy {main,daily}.c[vl]d to
your device, then
stop clamd on the CentOS system, remove main.*, daily.* from the DBdir,
copy over your new databases,
and start clamd.
Best regards,
--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
