Hi!
6-Янв-2005 17:40 [EMAIL PROTECTED] (Brian Morrison) wrote to ClamAV users ML
<clamav-users@lists.clamav.net>:
>> SG> There is a main.db and a daily.db. Every so often, signatures
>> SG> from daily.db are pushed into main.db.
>> "Pushed"? Do you mean, that some ClamAV component (which one?)
>> permanently modifies main.db? How it detects, that it should make
>> another change to main.db? And how to be sure, that some updates
>> wasn't missed?
BM> What he means is that the database file creators update the version of
BM> main.cvd when they include many of the daily.cvd contents in it and then
BM> daily.cvd shrinks to a small size but then grows again with each
BM> increment of its version number. This is done by the virus signature
BM> extraction team, not by users.
Well, if I right understand, then this happens in such way:
- there are (only) two base files: main.cvd and daily.cvd.
- new signatures added to daily.cvd, and its new (increased) edition
released to public each day.
- each new edition of daily.cvd replaces previous one.
- at some point, records from daily.cvd moved to (new edition of) main.cvd
and daily.cvd reduced.
I'm right? If yes, how frequently changed (increased) main.cvd (and why it
so big)? Which was max size of latest daily.cvd (and, thus, how complex to
download it)? If daily.cvd isn't very big, is it possible to spread it
through clamav-virusdb group? What happens, if main.cvd and daily.cvd are
mismatch (main.cvd used together with old daily,cvd, which already included
into given main.cvd)?
PS: There is one unexpected "feature" in ClamAV: it _removes_ archive (with
bases for F-PROT antivirus) with EICAR test file. I was very swear, when saw
this. :) :(
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
