On 2009-03-19 23:36, Bill Landry wrote: > Török Edwin wrote: > >> On 2009-03-19 22:46, Bill Landry wrote: >> >>> Just a curiosity question. The last database reload in my clamd.log >>> file shows: >>> >>> Database correctly reloaded (1159852 signatures) >>> >>> But when I use clamscan to scam a file, it reports: >>> >>> ----------- SCAN SUMMARY ----------- >>> Known viruses: 1159340 >>> Engine version: 0.95rc2 >>> >>> Why the difference in the number of "signatures" versus "Known viruses" >>> reported? What makes up the 512 difference between the two reports? >>> >>> >> They are the PUA signatures that are not loaded by default (you need >> DetectPUA yes in clamd.conf to load them): >> $ sigtool -l|grep PUA|wc -l >> 512 >> > > I have in my clamd.conf: > > DetectPUA yes > > And in any case, if PUA were disabled, then clamd should not be > reporting to clamd.log that it has loaded these signatures, correct?
Sorry, I wasn't clear. clamd loads those signatures (because you have DetectPUA yes in your clamd.conf) But clamscan doesn't read clamd.conf, so it won't load the PUA signatures by default. For clamscan you need to use --detect-pua. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
