-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stephen Gran wanted us to know:
>> However, the VERSION command and clamdscan -V report the new database
>> version immediately after putting the new databases in place.
>Both do indeed scan the on disk databases for version information.
Verified here too:
In one window, running:
[EMAIL PROTECTED] ~]$ ./clamversion.pl --socket=/var/lib/clamav/clamd.socket
- --command="VERSION"
ClamAV 0.86.2/1034/Thu Aug 18 13:07:58 2005
[EMAIL PROTECTED] ~]$
Causes this:
[EMAIL PROTECTED] ~]# strace -f -p `pidof clamd`
Process 4332 attached - interrupt to quit
accept(0, 0, NULL) = 5
gettimeofday({1124469478, 23699}, NULL) = 0
mmap2(NULL, 8392704, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb73a0000
mprotect(0xb73a0000, 4096, PROT_NONE) = 0
clone(Process 4393 attached
child_stack=0xb7ba04c4,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID|CLONE_DETACHED,
parent_tidptr=0xb7ba0bf8, {entry_number:6, base_addr:0xb7ba0bb0,
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,
limit_in_pages:1, seg_not_present:0, useable:1},
child_tidptr=0xb7ba0bf8) = 4393
[pid 4332] time([1124469478]) = 1124469478
[pid 4332] accept(0, <unfinished ...>
[pid 4393] time(NULL) = 1124469478
[pid 4393] rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], NULL, 8) = 0
[pid 4393] poll([{fd=5, events=POLLIN, revents=POLLIN}], 1, 300000) = 1
[pid 4393] recvmsg(5, {msg_name(0)=NULL,
msg_iov(1)=[{"VERSION\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
1024}], msg_controllen=0, msg_flags=0}, 0) = 7
[pid 4393] open("/var/lib/clamav/daily.cvd", O_RDONLY) = 6
[pid 4393] fstat64(6, {st_mode=S_IFREG|0644, st_size=221105, ...}) = 0
[pid 4393] mmap2(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb739f000
[pid 4393] read(6, "ClamAV-VDB:18 Aug 2005 22-07 +02"..., 4096) = 4096
[pid 4393] close(6) = 0
[pid 4393] munmap(0xb739f000, 4096) = 0
[pid 4393] write(5, "ClamAV 0.86.2/1034/Thu Aug 18 13"..., 44) = 44
[pid 4393] close(5) = 0
[pid 4393] time(NULL) = 1124469478
[pid 4393] clock_gettime(CLOCK_REALTIME, {1124469478, 25912000}) = 0
[pid 4393] futex(0x8745bcc, FUTEX_WAIT, 1, {29, 974088000} <unfinished
...>
Process 4332 detached
Process 4393 detached
[EMAIL PROTECTED] ~]#
I honestly expected the VERSION command to query memory instead of
triggering a read of the files on disk. But then again, I can see where
a read of memory could be wrong since (IIRC) a RELOAD doesn't actually
perform the reload until the next new message comes in. Is that still
the case?
- --
Regards... Todd
We should not be building surveillance technology into standards.
Law enforcement was not supposed to be easy. Where it is easy,
it's called a police state. -- Jeff Schiller on NANOG
Linux kernel 2.6.11-12mdksmp 1 user, load average: 1.52, 1.18, 1.12
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFDBgvKY2VBGxIDMLwRAtGNAJ95npjssh0Ve1S0HKwmEIN2wqslQgCaAu1n
HPsZO1dEFPlHUEGe+LASUqs=
=LS1k
-----END PGP SIGNATURE-----
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
