Török Edwin wrote: > On 2009-03-19 23:36, Bill Landry wrote: >> Török Edwin wrote: >> >>> On 2009-03-19 22:46, Bill Landry wrote: >>> >>>> Just a curiosity question. The last database reload in my clamd.log >>>> file shows: >>>> >>>> Database correctly reloaded (1159852 signatures) >>>> >>>> But when I use clamscan to scam a file, it reports: >>>> >>>> ----------- SCAN SUMMARY ----------- >>>> Known viruses: 1159340 >>>> Engine version: 0.95rc2 >>>> >>>> Why the difference in the number of "signatures" versus "Known viruses" >>>> reported? What makes up the 512 difference between the two reports? >>>> >>>> >>> They are the PUA signatures that are not loaded by default (you need >>> DetectPUA yes in clamd.conf to load them): >>> $ sigtool -l|grep PUA|wc -l >>> 512 >>> >> I have in my clamd.conf: >> >> DetectPUA yes >> >> And in any case, if PUA were disabled, then clamd should not be >> reporting to clamd.log that it has loaded these signatures, correct? > > Sorry, I wasn't clear. > clamd loads those signatures (because you have DetectPUA yes in your > clamd.conf) > > But clamscan doesn't read clamd.conf, so it won't load the PUA > signatures by default. > For clamscan you need to use --detect-pua.
Ah, ok, that makes sense. Thanks! Bill _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
