On 2010-05-24 22:00, Nathan Gibbs wrote: > * Török Edwin wrote: >> On 05/24/2010 05:28 AM, Nathan Gibbs wrote: >>> 2. >>> Store an array of pointers to sigs needed to do a partial scan. >>> Hand the engine the list on partial scans. >>> That might be the more elegant solution. >> >> It might be possible to do this for the MD5 signatures, not the NDB >> signatures though. > > OK, I'm clueless there, so I'll take your word for it. Basically, that idea > would only work part of the time. Right? > >> An AC trie needs to be built out of the full set of signatures you >> intend to scan with. The trie is actually more like an automaton, so you >> need a new one each time you add or remove a signature. >> I'm sure there is a way to do, it is just not that simple :) >> > > OK, so an AC trie gets built and used until a DB reload. > Am I understanding correctly?
Yes. > >> Actually for full system scans there might be a way to do it that >> doesn't involve many (or in fact any) changes to the engine: >> Store the CVD used, and a DB of clean file hashes/sizes. >> When you want a rescan you give the old CVD and the new CVD to a script, >> which compares the 2 databases and builds you a partial DB in a >> temporary directory (if a partial scan is possible, see the corner cases >> above). Then you can start a scan with just that temporary DB. >> > > H'mm, That might work. > The corner cases being the NBD sigs, right? The IDB sigs, removal of FP sigs (although I doubt we ever did that), FTM sigs. > >> In 0.96 we started with something simple (cache clean, erase cache on >> reload) that works. We can always improve that later. >> Even the simple solution has some corner cases though (for example >> recursion depth needs to be taken into account), so care needs to be taken. >> > > Right, I'll defer to sharper minds than mine to figure the implementation out. > It sounds promising though. > :-) I think you can now open an enhancement request bugreport ... Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
