There is a configuration option to have ClamAV only load the official signatures but this setting is disabled by default (it's the OfficialDatabaseOnly setting for clamd, and '--official-db-only' for clamscan). One exception to this is for bytecode signatures - only official bytecode signatures are loaded by default. This can be changed by using '--bytecode-unsigned=yes' for clamscan, and for clamd it looks like the BytecodeSecurity setting can be used (depending on how ClamAV is built).
Although there is some code in ClamAV that ensures daily.cvd/daily.cld get loaded before some other rule files if they are present, in general ClamAV only cares about the file extension and uses that to determine whether it should try to load a given set of rules. This makes it easy to use third-party or custom rules - with clamd you can just copy the rule files into the DatabaseDirectory directory and with clamscan you can either copy the rules into the default rule directory or specify the path to the custom rules with the '-d' flag. Hope that helps! -Andrew On Sat, Aug 24, 2019 at 11:54 AM G.W. Haywood via clamav-users < clamav-users@lists.clamav.net> wrote: > Hi there, > > On Sat, 24 Aug 2019, Joel Esler (jesler) wrote: > > > I mean, it's possible not to download the official definitions and > > just point at a custom file right? > > No idea. Haven't tried it. If you can, it seems like it would be a > security hole. The code seems to be saying that it wants to load the > daily.c[lv]d file before anything else; the name is hard-coded into > the file I mentioned; and those files are signed. Given that there's > already been some discussion along these lines (e.g. see the link in > my last post) I'd be surprised if nobody else has tried it, but I've > been surprised before. :) > > -- > > 73, > Ged. > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
