Re: [clamav-users] Question about Clamav compressed file support

2018-01-11 Thread botnec 

Hello,

Thank you all very much for explanation and thoughts. I almost expected 
these answers.

Thanks again for your help and best regards

Rob


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Question about Clamav compressed file support

2018-01-11 Thread Noel Jones 
Clamav has no support for unpacking and scanning inside the Acronis
.tib backup images.  I wouldn't bother scanning it.




  -- Noel Jones


On 1/11/2018 9:41 AM, botnec wrote:
> Hello,
> 
> I'm using a QNAP NAS server as destination for Acronis Tue Image
> backup files.
> The extension of these files is .tib. I did not find anything in the
> clam doc file about it.
> 
> Now my question is, how does ClamAV deal with these files ? Will
> they be uncompressed
> and the contents checked anyway? I hope so because it takes some
> hours if ClamAV
> checks the whole backup folder (2.5 TB). If this would be not the
> case, I possible do not
> need to start the virus check procedure at all.
> (btw. I'm using another virus checker on my PC anyway, I just
> thought to use CalmAV
> additionally)
> 
> Can anybody answer please ?
> 
> Thank you.
> Regards
> 
> Rob
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Question about Clamav compressed file support

2018-01-11 Thread Micah Snyder (micasnyd) 
Hi Rob,

At this time, ClamAV does not have the means to decompress and parse the 
proprietary Acronis .tib format.  I only took a brief peek at Wikipedia 
(https://en.wikipedia.org/wiki/Acronis_True_Image#File_format) to learn more 
about Acronis image files.

Unless someone in the community writes a parser to add support to identify 
these file types, parse, decompress, etc and submits a pull request to add the 
feature to the Git repository, I doubt you’ll ever see support in ClamAV for 
this file type.

Regards,

Micah


Micah Snyder
Software Engineer
Talos
Cisco Systems, Inc.



On Jan 11, 2018, at 10:41 AM, botnec > 
wrote:

Hello,

I'm using a QNAP NAS server as destination for Acronis Tue Image backup files.
The extension of these files is .tib. I did not find anything in the clam doc 
file about it.

Now my question is, how does ClamAV deal with these files ? Will they be 
uncompressed
and the contents checked anyway? I hope so because it takes some hours if ClamAV
checks the whole backup folder (2.5 TB). If this would be not the case, I 
possible do not
need to start the virus check procedure at all.
(btw. I'm using another virus checker on my PC anyway, I just thought to use 
CalmAV
additionally)

Can anybody answer please ?

Thank you.
Regards

Rob

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Question about Clamav compressed file support

2018-01-11 Thread botnec 

Hello,

I'm using a QNAP NAS server as destination for Acronis Tue Image backup 
files.
The extension of these files is .tib. I did not find anything in the 
clam doc file about it.


Now my question is, how does ClamAV deal with these files ? Will they be 
uncompressed
and the contents checked anyway? I hope so because it takes some hours 
if ClamAV
checks the whole backup folder (2.5 TB). If this would be not the case, 
I possible do not

need to start the virus check procedure at all.
(btw. I'm using another virus checker on my PC anyway, I just thought to 
use CalmAV

additionally)

Can anybody answer please ?

Thank you.
Regards

Rob

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Detected duplicate databases

2018-01-11 Thread Al Varnell 
On Thu, Jan 11, 2018 at 01:15 AM, Hugo Deprez wrote:
> Hello,
> 
> thank you for the answer.
> I don't think my freshclam is trying to download the cdiff file because I
> use : ScriptedUpdates no
> 
> Is this parameter you are talking about incremental updates ?

Yes, that's what I was referring to.

> I know this is not bandwith efficient, but I had to many issues with
> freshclam and my local repository made by clamdownloader.pl

So you are using an option 3 private local mirror as described in 
. Make sure you also 
change freshclam.conf "DatabaseMirror machine1.mylan" where machine1.mylan is 
the name of your mirror server.

Also make sure you are using the latest version of the clamavdownloader.pl 
 

The existing clamdownloader.pl script does not have any error correction it 
simply bails out if a downloaded file is not valid and is unable to retry 
different mirrors if one fails. That is the most likely reason for those 404 
errors.

I have no experience with private local mirrors, but you might have better luck 
with the clamavmirror script .

-Al-

> Best regards,
> 
> On 10 January 2018 at 10:20, Al Varnell  > wrote:
> 
>> The first time freshclam pulls down a daily.cdiff file, your daily.cvd
>> file will be decompressed to daily.cld and the .cdiff file added to it.
>> From that point on you should only have the daily.cld file. One exception
>> is that if for some reason freshclam is unable to find needed .cdiff files
>> on a mirror, it will download a new .cvd file which will start the process
>> again.
>> 
>> It is possible to reconfigure freshclam to download .cvd files by
>> disabling incremental updates, but that would be very inefficient use of
>> bandwidth and mirror server time, so unless you have a overriding need for
>> that, I don't recommend it.
>> 
>> -Al-
>> 
>> On Wed, Jan 10, 2018 at 01:12 AM, Hugo Deprez wrote:
>>> Hello,
>>> 
>>> I have a question about daily.cvd and daily.cld files. If I understood
>>> correctly, those two files are almost the same : one is compressed, the
>>> other is not.
>>> Still I have an issue in my setup :
>>> 
>>> If I put both filtes in apache2 server (which act as PrivateMirror) :
>>> 
>>> -rw-r--r-- 1 www-data www-data 117892267 07.06.2017 23:38 main.cvd
>>> -rw-r--r-- 1 www-data www-data153228 07.12.2017 03:17 bytecode.cvd
>>> lrwxrwxrwx 1 root root 8 05.01.2018 10:14 main.cld ->
>>> main.cvd
>>> lrwxrwxrwx 1 root root 9 05.01.2018 10:14 daily.cld ->
>>> daily.cvd
>>> lrwxrwxrwx 1 root root12 05.01.2018 10:14 bytecode.cld ->
>>> bytecode.cvd
>>> -rw-r--r-- 1 www-data www-data  43804052 10.01.2018 06:17 daily.cvd
>>> 
>>> On the client side I have this Warning :
>>> 
>>> LibClamAV Warning: Detected duplicate databases /var/lib/clamav/daily.cvd
>>> and /var/lib/clamav/daily.cld, please manually remove one of them
>>> 
>>> 
>>> But If I remove the *.cld files on my PrivateMirror I got multiples 404
>>> errors from the Freshclam clients.
>>> 
>>> Is there a way to configure Freshclam in order to grabe only the cvd
>> files
>>> ?
>>> 
>>> Best regards,
>> 
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net 
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
>> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net 
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

-Al-
-- 
Al Varnell
Mountain View, CA






smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Detected duplicate databases

2018-01-11 Thread Hugo Deprez 
Hello,

thank you for the answer.
I don't think my freshclam is trying to download the cdiff file because I
use : ScriptedUpdates no

Is this parameter you are talking about incremental updates ?

I know this is not bandwith efficient, but I had to many issues with
freshclam and my local repository made by clamdownloader.pl

Best regards,

On 10 January 2018 at 10:20, Al Varnell  wrote:

> The first time freshclam pulls down a daily.cdiff file, your daily.cvd
> file will be decompressed to daily.cld and the .cdiff file added to it.
> From that point on you should only have the daily.cld file. One exception
> is that if for some reason freshclam is unable to find needed .cdiff files
> on a mirror, it will download a new .cvd file which will start the process
> again.
>
> It is possible to reconfigure freshclam to download .cvd files by
> disabling incremental updates, but that would be very inefficient use of
> bandwidth and mirror server time, so unless you have a overriding need for
> that, I don't recommend it.
>
> -Al-
>
> On Wed, Jan 10, 2018 at 01:12 AM, Hugo Deprez wrote:
> > Hello,
> >
> > I have a question about daily.cvd and daily.cld files. If I understood
> > correctly, those two files are almost the same : one is compressed, the
> > other is not.
> > Still I have an issue in my setup :
> >
> > If I put both filtes in apache2 server (which act as PrivateMirror) :
> >
> > -rw-r--r-- 1 www-data www-data 117892267 07.06.2017 23:38 main.cvd
> > -rw-r--r-- 1 www-data www-data153228 07.12.2017 03:17 bytecode.cvd
> > lrwxrwxrwx 1 root root 8 05.01.2018 10:14 main.cld ->
> > main.cvd
> > lrwxrwxrwx 1 root root 9 05.01.2018 10:14 daily.cld ->
> > daily.cvd
> > lrwxrwxrwx 1 root root12 05.01.2018 10:14 bytecode.cld ->
> > bytecode.cvd
> > -rw-r--r-- 1 www-data www-data  43804052 10.01.2018 06:17 daily.cvd
> >
> > On the client side I have this Warning :
> >
> > LibClamAV Warning: Detected duplicate databases /var/lib/clamav/daily.cvd
> > and /var/lib/clamav/daily.cld, please manually remove one of them
> >
> >
> > But If I remove the *.cld files on my PrivateMirror I got multiples 404
> > errors from the Freshclam clients.
> >
> > Is there a way to configure Freshclam in order to grabe only the cvd
> files
> > ?
> >
> > Best regards,
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml