Hello again, On Tue, 1 Dec 2009 James Babcock wrote:
> As I showed in the thread to you on Nov 29, the TWO clam's DO > produce the same output after a scan of my entire user area. Inconclusive, I'm afraid. I have here two four-legged animals. Both have tails. One is a cat. Is the other a cat? > Also in clamd.conf, after a clamav update, clamd is notified and > immediately updayes its internal DB . So, I infer that the DB used > by clamXav is always the same as Clamd's. Therefore if ANY message > is unreadable by one, it will be the same in the other. I know nothing about clamXav but I'm assuming that the operation is similar to clamav. I believe your issues are because you haven't understood the documentation. They are nothing to do with permissions to read the databases. The things which are to be scanned do not reside in the databases. The databases contain only the signatures, against which the scanning engine compares the data which it scans. The data can be files, messages, whatever. The engine doesn't read the data directly. Some process hands the data to it. That process has to be able to read the data, to hand it to the scanning engine. > Also my Shell script used by either clamav OR clamd to do the scan on > a particular message is the same? so the results *should* be the same. Your deduction is incorrect. The scanning engine can be configured in many ways. For example it can be told to ignore certain kinds of information such as files compressed with very large compression factors. Amongst other things this is to avoid 'logic bombs' (try Google for more information), but you might also want a different configuration when scanning your home directory from when you're scanning incoming mail. When you use clamdscan you are using clamd; the scanning engine process is already running - it's in the clamd process. The scanning engine is already configured in whatever way you have said it is to be configured in clamd's configuration file; the configuration is fixed. When you use clamscan, it has to load the scanning engine into its own process, but in this case the engine can be configured by options on the clamscan command line. The difference is in the _configuration_. I've already asked you to read the DESCRIPTION in the clamdscan man page, but since apparently you haven't done that here it is: "clamdscan is a clamd client which may be used as a clamscan replacement. IT ACCEPTS ALL THE OPTIONS IMPLEMENTED IN CLAMSCAN BUT MOST OF THEM WILL BE IGNORED because its scanning abilities only depend on clamd." As you can see, I've put the relevant part in upper case. Options used by clamscan (given to it on the command line) and clamd (given in its configuration file) can be different. The clamdscan utility uses clamd, and therefore the options in the clamd configuration file. Many options that you give to it on the command line will be IGNORED. This can result in the different behaviours of the scanning engine which you are seeing. > Until I am SURE that the program code in clamdscan is not buggy How do you propose to be sure? (I'll never be sure. :) Are you sure that the clamscan code is not buggy? Most of it is the same code that is used by clamdscan, it's just in a different process and configured in a different way. > (entirely possible that it is..), I'd say it's more than possible. :) But I'd say that you'll have to work quite hard to find the bugs, and you haven't so far convinced me that you have found any. > I will continue to use clamscan,,, even if it is slower than > clamdscan. That's up to you, but be aware that very large numbers of messages are scanned every minute by clamd running on many mail servers around the world, and a great deal of other data is scanned too. It's well tested. If you suspect a bug, the best thing to do is to produce a test case which demonstrates it. As yet you have produced no evidence that the tools are doing anything other than what they are supposed to be doing. If for example you can show that a zip archive is not scanned when it should be scanned, that's a different matter and the developers will be very glad to see what you've found. But before you claim to have found any bugs, first carefully read the documentation, so that you understand what's supposed to be happening. -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
