Hi there, On Thu, 11 Mar 2021, Harv Azad via clamav-users wrote:
I’m a simple QNAP 509 (x2) user ...
Full disclosure: I know nothing about QNAP.
I can see that there is some mention of Freshclam. Happy to use this but could someone please clarify if this is something that sits on my qnap or on my pc? Can I then use this to manually download the definition files to update my qnaps manually.
Freshclam is designed to update the ClamAV database using the minimum of network resources. Normally it is run as a 'daemon' (which means it runs indefinitely) and periodically sends out DNS requests to find out if the database needs updating. DNS requests are very small and quick to execute; if the reply to the request indicates that there is no update needed, the daemon goes back to sleep until the next time it's scheduled to wake up. If an update is required, it requests the 'difference' files which it needs to update the existing, out-of-date database to the up-to-date version. The difference files tend to be small too - very much smaller than the main and daily databases. The daemon then creates a new database from the old one and the difference files, optionally tests the result, replaces the old database with the new one and optionally signals the clamd scanning daemon to reload it. Normally it then deletes the difference files but you can tell it to keep them if you wish. When freshclam (optionally) tests the database which it has just updated, it will briefly use a lot of memory. Freshclam can also be run from the command line to do one-off updates instead of running as a daemon. It starts and does those DNS checks; if there's nothing to do it stops and never runs again until you tell it to with another command; otherwise it updates in the same way and then stops. Most people run freshclam on a PC. I've only ever run it under Linux but I'm sure it can run under Windows too. I've seen mention that it runs on QNAP devices but I gather that some of these devices are very short on memory, and as the minimum ClamAV database thesedays uses in the region of 1 Gbyte of memory it can be difficult to use it directly on devices with relatively small amounts of memory. It's possible for the ClamAV scanner to scan devices other than the computer on which the scanner is running. It requires at least some understanding of the use of network connections to do that. You can tell the device to be scanned to connect to a TCP port on the device which will do the scanning and send the data to be scanned over this connection. On the scanning device you would run the clamd daemon, which will be told to listen on a TCP port and scan anything it sees. Because it loads the database entirely into memory, the clamd daemon uses a lot of memory too. Then it just waits for something to scan. There's a utility called 'clamdscan' which can be run on the device to be scanned. This utility is relatively small and lightweight, it does the job of taking data from the scanned device and passing it to the clamd daemon on the scanning device over the TCP connection. If your QNAP device is short on memory I'd suggest that you look into putting a copy of clamdscan on it, and running clamd on something which has plenty of memory. You should be aware that the clamd daemon will not place any restrictions on anything connecting to its port, so if your network is not implicitly trusted then you need to take precautions. I hope this makes sense to you, please get back to us if you need to. -- 73, Ged. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
