Hi there, On Mon, 26 Aug 2019, Kris Deugau wrote:
The only constant is that there must be at least one signature database, even if it's a trivial hash database with one signature that matches on an empty file.
AFAICT the signature database file doesn't even need to have any signatures in it; it can just be an empty file. See my earlier post, extract below: 8<---------------------------------------------------------------------- 6. The same, using a database directory containing just an empty file: mail6:~/src/net/mail/clamav-0.101.4/test$ >>> ls -l /etc/mail/clamav/empty/ total 0 -rw-r--r-- 1 root root 0 Aug 25 10:25 empty.ign2 mail6:~/src/net/mail/clamav-0.101.4/test$ >>> /usr/local/bin/clamscan -d /etc/mail/clamav/empty clam.exe clam.exe: OK ----------- SCAN SUMMARY ----------- Known viruses: 0 Engine version: 0.101.4 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 0.017 sec (0 m 0 s) 8<---------------------------------------------------------------------- This aspect is a little concerning. There's the potential for e.g. a typo on a command line (or a misconfiguration) to permit a malicious file, which might otherwise be detected, quietly to escape detection. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
