Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

n00b question: signatures enabled?

 

 

ClamAV users RSS feed   Index | Next | Previous | View Threaded


vbfox at ucdavis

Jul 26, 2013, 12:44 PM

Post #1 of 4 (79 views)
Permalink
n00b question: signatures enabled?

Hi,

I've been puzzling over a ClamAV installation I was handed.

Is there an easy way to verify which signatures are being loaded/used?

It's not clear to me, where you go to enable/disable signatures.
I see quite a lot of signatures being downloaded by freshclam and/or
the unofficial-sigs.sh jobs. However I don't see evidence in my maillogs
of hits on more than 6 of them. We have fairly busy mail routers so
I'd expect to hit on some of the others at least once a day.

I hunted around on Wiki/FAQ and web searches couldn't find an
answer to this.


Thanks!

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


vbfox at ucdavis

Jul 26, 2013, 2:07 PM

Post #2 of 4 (79 views)
Permalink
Re: n00b question: signatures enabled? [In reply to]

Found the answer to part of my question with:

clamconf -n

I still have a problem that previous admin was downloading
lots of unofficial signatures, to a place that clamd isn't paying
any attention to. Working on that part.

Thanks!

On 07/26/2013 12:44 PM, Vincent Fox wrote:
> Hi,
>
> I've been puzzling over a ClamAV installation I was handed.
>
> Is there an easy way to verify which signatures are being loaded/used?
>
> It's not clear to me, where you go to enable/disable signatures.
> I see quite a lot of signatures being downloaded by freshclam and/or
> the unofficial-sigs.sh jobs. However I don't see evidence in my maillogs
> of hits on more than 6 of them. We have fairly busy mail routers so
> I'd expect to hit on some of the others at least once a day.
>
> I hunted around on Wiki/FAQ and web searches couldn't find an
> answer to this.
>
>
> Thanks!
>

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


me at junc

Jul 28, 2013, 5:00 AM

Post #3 of 4 (64 views)
Permalink
Re: n00b question: signatures enabled? [In reply to]

Vincent Fox skrev den 2013-07-26 21:44:

> I've been puzzling over a ClamAV installation I was handed.

?

> Is there an easy way to verify which signatures are being
> loaded/used?

?

if it exists in databasedir then its used, unless its disabled in
clamd.conf

when clamd starts see its logs

> It's not clear to me, where you go to enable/disable signatures.

disable signatures is possible with ignore file defination, see and
example in "sigtool --unpack-current=daily" in the ign2 extenion
filename

> I see quite a lot of signatures being downloaded by freshclam and/or
> the unofficial-sigs.sh jobs.

+1 :)

i hope you disable some in there setups if only 6 hits ?

> However I don't see evidence in my maillogs
> of hits on more than 6 of them. We have fairly busy mail routers so
> I'd expect to hit on some of the others at least once a day.

what are your problem really ?, out of mem ?

so far i have not seen virus from main.cvd yet :(

clamav team can begin make databases so its possible to drop very old
signatures that does not hit anywhere, but still create a new
store-<yaer>.cvd with all the old signature just in case anyone like to
use it where mem is not a concern, where <year> is here 2013 or 2012 so
freshclam dont waste trafic on sync again

> I hunted around on Wiki/FAQ and web searches couldn't find an
> answer to this.

you are the first that asked imho, i think freshclam should have git
update sync aswell, more or less i see safebrowsing now dont work with
scripted updates, i dont know what the heck google does there, not even
mirror there own database files, hmp !
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


me at junc

Jul 28, 2013, 5:10 AM

Post #4 of 4 (64 views)
Permalink
Re: n00b question: signatures enabled? [In reply to]

Vincent Fox skrev den 2013-07-26 23:07:
> Found the answer to part of my question with:
>
> clamconf -n
>
> I still have a problem that previous admin was downloading
> lots of unofficial signatures, to a place that clamd isn't paying
> any attention to. Working on that part.

join http://sanesecurity.com/ maillists, it helpfull mailadmins there,
possible aswell here, as its stated in clamav DONT PANIC :)
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.