At 11:31 AM 12/31/2006, Chuck Swiger wrote:
Agreed-- it would be nice if clamd was more robust, either by
continuing to run with the other DBs (as available) and either drop
the bad line or the entire bad DB file, until a new update comes
along which is OK.
An option to drop the bad database and use rest would be good, with a
big warning logged.
Dropping the offending line might not work as expected. If the file
is scrambled there may be bad signatures with correct syntax in the
corrupt file.
Doesn't the main ClamAV database get tested before going out? Is
there some kind of run against a big collection of "known-good"
files which should scan cleanly to detect a DB which contains a false positive?
The official clam databases do get tested, and furthermore, freshclam
protects against corrupt main/daily databases if there is a problem
with distribution.
This rant is mostly concerned with database updates outside of
freshclam, with the example of the various add-on databases
available. It has always been possible (and advisable) to test these
add-on databases locally with "clamscan -d /path/to/database" before
installing them in the "live" directory, and there have been scripts
posted here in the past detailing how.
--
Noel Jones
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
