Noel Jones wrote the following on 12/9/2006 3:46 PM -0800:
> At 05:29 PM 12/9/2006, Bill Landry wrote:
>> Tomasz Kojm wrote the following on 12/7/2006 2:01 AM -0800:
>> > You should be more careful with what you're downloading into the
>> database
>> > directory. For the official database freshclam makes a number of
>> tests to
>> > prevent installing broken files. For 3rd party databases I'd
>> suggest calling
>> > 'clamscan -d file.ndb' before installing file.ndb in the database
>> dir and/or
>> > asking the creator to provide you with online checksum for the file.
>>
>> I must be doing something wrong here. I am running Fedora Core 3 with:
>>
>> clamscan -V
>> ClamAV 0.88.6/2312/Sat Dec 9 10:46:45 2006
>>
>> However, when I attempt to scan an individual file as Tomasz shows
>> above, I get all files in the directory scanned:
>>
>> clamscan -d scam.ndb
>> /var/tmp/clamdb/phish.ndb: OK
>> /var/tmp/clamdb/MSRBL-Images.hdb: OK
>> /var/tmp/clamdb/phish.ndb.gz: OK
>> /var/tmp/clamdb/scam.ndb: OK
>> /var/tmp/clamdb/MSRBL-SPAM.ndb: OK
>> /var/tmp/clamdb/scam.ndb.gz: OK
>>
>> ----------- SCAN SUMMARY -----------
>> Known viruses: 3841
>> Engine version: 0.88.6
>> Scanned directories: 1
>> Scanned files: 6
>> Infected files: 0
>> Data scanned: 6.27 MB
>> Time: 2.852 sec (0 m 2 s)
>>
>> This does not allow me to detect a problem with a specific database
>> file. Any suggestions?
>
> You miss the point... If the database is a bad format "clamscan -d
> foo.ndb" will FAIL. So you can use it as a basic test for a sane
> database. At this point you don't care about actually scanning the
> files in the directory, that's just a side effect. What you care
> about is if the command succeeds (exit status 0) or fails (exit status
> non-0).
>
> You use it in some tmp directory something like this:
>
> clamscan --quiet -d foo.ndb && \
> cp -p foo.ndb /var/db/clamav
>
> If the clamscan command fails, the copy is not performed.
Noel, that doesn't really work for me, as I download all MSRBL &
SaneSecurity databases at the same time (that's for sig databases), and
if a single sig database file fails, that doesn't mean all failed. I
still want to copy the good database sig files into the clamav directory
so they can be used.
The clamscan man page states:
-d FILE/DIR, --database=FILE/DIR
Load virus database from FILE or load all virus database
files from DIR.
...
Examples
(3) Load database from selected file and limit disk usage to 50 Mb:
clamscan -d /tmp/newclamdb --max-space=50m -r /tmp
Seems to indicate that a single file can be scanned.
Bill
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
