>
> On 2010-01-07 19:49, John Corelli wrote:
> > Hi All -
> >
> > I'm new to clamav, but I've spent time looking through the archives
> > and FAQs, so I hope my question is not too "newbish".
> >
> > I'm running clam 0.95.3 on a single Centos 5.3 system. That system
> > will not be connected to the internet ever, but I have DSS/NISPOM
> > security requirements that I run AV tools on that computer
> and update
> > the virus dat/database files on a regular basis. I see
> that freshclam
> > is a nice way to get the updated sigs etc., but I will be
> running without that tool.
> >
>
> If you are not connected to the internet what are you
> scanning? Network shares?
>
Any PDFs or other docs that get brought into the system.
> > What is the best way to get virus sig updates via sneakernet? From
> > the setup I have, I see that there is the main.cvd, daily.cvd and
> > daily.cld files which are all the ones that need to get updated.
> >
> > I believe it is the two daily.* files that need to be the
> same version
> > at all times, correct? Is main.cvd the engine then?
> >
>
> Both main.cvd and daily.* are the database, main.cvd is
> updated less often, while daily.cvd is updated several times a day.
>
> The CVD and CLD files store the same information, the former
> is the compressed database, the latter is a previous CVD/CLD,
> with an incremental update applied to it.
> Thus if you have a .cld file you shouldn't have a .cvd file.
> If the incremental update fails you'll get a CVD file again.
>
> The simplest way would be to run freshclam, copy
> {main,daily}.c[vl]d to your device, then stop clamd on the
> CentOS system, remove main.*, daily.* from the DBdir, copy
> over your new databases, and start clamd.
>
Okay, seems reasonable...but why run freshclam at all if I am manually
copying the databases over onto the device? Are the steps you described the
ones that actually get done automatically when you run freshclam? (save
for the getting the databases from the 'net) Or are you running freshclam
in the above sequence to verify versions at the start?
Regards
John
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
