Hi, I'm using clamav 0.90.2 on Linux. Today I found this entry on my clamd.log : Mon Jun 4 13:06:46 2007 -> Reading databases from /var/clamav Mon Jun 4 13:07:40 2007 -> Loaded 237246 signatures.
Odd. Last I check manually it was 100-thousand-something. Tracing back clamd.log, the oldest entry I found was Sat May 12 23:22:01 2007 -> Database correctly reloaded (220331 signatures) Older entries was already deleted by logrotate, so whatever did this seems to happen a long time ago. All freshclam log entries correctly show 100-thousand-something signatures. Then I did this : #cp -a /var/clamav /var/clamav.bad && cd /var/clamav && rm -rf clamav-* *.inc *.cvd && freshclam ClamAV update process started at Mon Jun 4 13:27:32 2007 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.90.2 Recommended version: 0.90.3 DON'T PANIC! Read http://www.clamav.net/support/faq Downloading main.cvd [100%] main.cvd updated (version: 43, sigs: 104500, f-level: 14, builder: sven) Downloading daily.cvd [100%] daily.cvd updated (version: 3347, sigs: 17212, f-level: 15, builder: ccordes) Database updated (121712 signatures) from db.id.clamav.net (IP: 222.124.18.201) Clamd successfully notified about the update. And it correctly shows 121712 signatures. Now the question is, where does the extra 100000 signature comes from? The old database directory has these files : # ls -sR1 /var/clamav.bad /var/clamav.bad: total 9861 4 clamav-85777188b0b2cee4 0 clamav-8cba3026bfa183c2c3cecb71caa7a115 0 clamav-fc26f6a3e34e276c9795d6e6baed8892 0 daily.inc 9145 main.cvd 0 main.inc 4 mirrors.dat 485 MSRBL-Images.hdb 224 MSRBL-SPAM.ndb /var/clamav.bad/clamav-8cba3026bfa183c2c3cecb71caa7a115: total 2702 20 COPYING 4 daily.cfg 24 daily.db 4 daily.fp 16 daily.hdb 4 daily.info 913 daily.mdb 1706 daily.ndb 4 daily.pdb 4 daily.wdb 4 daily.zmd /var/clamav.bad/clamav-fc26f6a3e34e276c9795d6e6baed8892: total 340 20 COPYING 4 daily.cfg 24 daily.db 4 daily.fp 4 daily.hdb 4 daily.info 128 daily.mdb 140 daily.ndb 4 daily.pdb 4 daily.wdb 4 daily.zmd /var/clamav.bad/daily.inc: total 1385 20 COPYING 4 daily.cfg 24 daily.db 4 daily.fp 4 daily.hdb 4 daily.info 817 daily.mdb 497 daily.ndb 4 daily.pdb 4 daily.wdb 4 daily.zmd /var/clamav.bad/main.inc: total 19358 20 COPYING 4633 main.db 4 main.fp 625 main.hdb 4 main.info 797 main.mdb 13273 main.ndb 4 main.zmd Signature updates are done by freshclam. Just wondering, is this a known problem, and will upgrade to 0.90.3 fix this. Regards, Fajar _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
