On 2008-11-26 21:22, tung dang wrote: > Hi friends, > Hi,
> Currently, i am investigating about update mechanism of ClamAV. I don't find > any document, that describes clearly this mechanism, so i would like to be > confirmed and be explained more detail. > Firstly,i would like to present this mechanism. I'm not sure about all > informations in this email, so please correct me if you see it wrong > > 1. For updating virus database,clamav uses rsync for synchronizing virus > database. Of course, rsync run via ssh, so the information while > transmitting is secured. > In the case of server fails to rsync database,it will download main.cvd and > daily.cvd. *What kind of protocol does clamav use for downloading files in > this case (rsync, wget, etc ...)?* *if it use other protocol (not rsync), is > it secured? > Wrong, ClamAV doesn't use rsync at all! ClamAV downloads the database via HTTP (optionally through a proxy). The database files themselves are digitally signed, so even though the download protocol itself is not encrypted, we check the digital signature on the downloaded file, and reject it if it was tampered with. The same applies to incremental updates (.cdiff) files, which are digitally signed as well! > *2. *Because of using rsync for synchonizing database, does clamav support > windows-mirror?* (Because i found some software can run ssh and rsync on > Windows, i wonder whether clamav-team support windows-mirror or not) > Again, not rsync. > 3. When updating,some time I see clamav download and patch to daily.cvd or > main.cvd. But some time,the database are two directory daily.inc, main.inc > and it contains other database format (main.info, main.hd, main.hdb ...). > *What > are the differences between 2 type of database*? *When does clamav use > database files (main.cvd, daily.cvd), when does it use database directories* > *(daily.inc,main.inc)*? > It no longer uses .inc directories (an older version did), now it uses a .cld file. The .inc directory was simply the unpacked .cvd file. The .cld file is created from a .cvd file + .cdiff incremental update, or a previous .cld file + .cdiff incremental update. .cvd and .cld are simply (signed) archives of the database. Database files themselves can be .hdb, .mdb, .ndb, .... see signatures.pdf on what they contain. > 4. As i have read, clamav-team does not support private mirror. But i want > to have 1 mirror for my local network.* I wonder how can I create my own > mirror with different way? Does anybody have any suggestions ?* > Sure you can, just set freshclam to download to your webserver's DocumentRoot, and set DatabaseMirror of the other freshclams to your server. Also turn ScriptedUpdates Off This is all explained in the FAQ: http://clamav.net/support/faq Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
