Hi,
Following the long thread of "Idea for more timely virusdb updates", I have put together
a basic system of putting daily.cvd in DNS TXT records.
It stores current version of daily.cvd, new signatures, and what time a particular signature was added.
Which means the next time clamav come up with a signature sooner than other AV vendors, we'll
have a record of it without having to lookup each mail from clamav-db :)
This is still an early version, so record names might change (or added, or even removed) later.
Here's how it work:
Nice, we could actually build a wrapper around freshclam to only fetch when there is a new version ready.
I would still prefer to use another protocol to actually pass the virus data, I am not particularly fond of http, but it's simple and proven and, if we could settle on an incremental update method, it would be fairly painless too.
I checked the possibility to build an incremental update
1) get the current ID, I used a saved cvd file daily.foo
luna:/var/lib/clamav # /usr/local/bin/sigtool -i daily.foo
Build time: 10 Aug 2004 23-53 +0200
Version: 448
# of signatures: 1555
Functionality level: 2
Builder: ccordes
MD5: d87fe8f4a522413be7ee58fb2286aa2e
Digital signature: 9l9GekAZ+eU5cSKT07lXvLm2WvaHxzDPLm68mXoBFw0coCxkZXn6BsFTrnReEm/KHlSj5FchPiZdMj/DNfHH9uf5oI9z3PKqjZmmjPilGboEyka7Ukx3o1TwwEoi76LxeCUaG6WpuyNkTwLMQRNF1eqWD3l9AsQY8/aRBnUwRUe
Verification OK.
OK, so it's old
>>>>>>>>>>>>> the following needs to be done on the server:
2) unpack the new file using sigtool
luna:/var/lib/clamav # /usr/local/bin/sigtool -u daily.cvd luna:/var/lib/clamav # mv viruses.db2 viruses.451
3) unpack the old file using sigtool
luna:/var/lib/clamav # /usr/local/bin/sigtool -u daily.foo luna:/var/lib/clamav # mv viruses.db2 viruses.448
4) diff the two files
luna:/var/lib/clamav # diff -U 5 viruses.448 viruses.451 > daily.448to451
-rw-r--r-- 1 root root 18260 2004-08-13 19:23 daily.448to451
Mhhh, still 18K we better compress it......
-rw-r--r-- 1 root root 8189 2004-08-13 19:23 daily.448to451.gz
OK only 8K to copy across the net now.
>>>>>>>>>>>>>>> back to the client
5) get the diff file somehow and uncompress it
......
gunzip daily.448to451.gz
6) apply the patch to the old file
luna:/var/lib/clamav # patch < daily.448to451 patching file viruses.448 luna:/var/lib/clamav #
7) rebuild a .CVD file
I have not been able to rebuild the cvd file using sigtool, so this is for someone with more sigtool experience, but the diff of the two files show that a patch is easily feasible
-rw-r--r-- 1 clamav clamav 1103636 2004-08-10 17:00 main.cvd -rw-r--r-- 1 root root 351165 2004-08-13 19:28 viruses.448 -rw-r--r-- 1 root root 351165 2004-08-13 19:21 viruses.451
luna:/var/lib/clamav # diff viruses.448 viruses.451 luna:/var/lib/clamav #
Comments
Erich
THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16
------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
