Vincent Fox skrev den 2013-07-26 21:44:
I've been puzzling over a ClamAV installation I was handed.
?
Is there an easy way to verify which signatures are being
loaded/used?
?
if it exists in databasedir then its used, unless its disabled in
clamd.conf
when clamd starts see its logs
It's not clear to me, where you go to enable/disable signatures.
disable signatures is possible with ignore file defination, see and
example in "sigtool --unpack-current=daily" in the ign2 extenion
filename
I see quite a lot of signatures being downloaded by freshclam and/or
the unofficial-sigs.sh jobs.
+1 :)
i hope you disable some in there setups if only 6 hits ?
However I don't see evidence in my maillogs
of hits on more than 6 of them. We have fairly busy mail routers so
I'd expect to hit on some of the others at least once a day.
what are your problem really ?, out of mem ?
so far i have not seen virus from main.cvd yet :(
clamav team can begin make databases so its possible to drop very old
signatures that does not hit anywhere, but still create a new
store-<yaer>.cvd with all the old signature just in case anyone like to
use it where mem is not a concern, where <year> is here 2013 or 2012 so
freshclam dont waste trafic on sync again
I hunted around on Wiki/FAQ and web searches couldn't find an
answer to this.
you are the first that asked imho, i think freshclam should have git
update sync aswell, more or less i see safebrowsing now dont work with
scripted updates, i dont know what the heck google does there, not even
mirror there own database files, hmp !
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
