[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: clamav (again)



On 02/19/2011 03:53 PM, Kevin Fenzi wrote:
On Fri, 18 Feb 2011 10:36:13 -0500
Fred Wittekind <rom twister dyndns org> wrote:

I know this is not from your spec file, but, it shows what I was
writing about

# rpm -q -l -p clamav-data-0.96.5-1301el5.x86_64.rpm
/var/lib/clamav/daily.cvd
/var/lib/clamav/main.cvd

# ls -l /var/lib/clamav/
total 67440
-rw-r--r-- 1 clamupdate clamupdate   459264 Feb 15 11:24 bytecode.cld
-rw-r--r-- 1 clamupdate clamupdate  3071488 Feb 18 10:36 daily.cld
-rw-r--r-- 1 clamupdate clamupdate 65422336 Nov 14 11:24 main.cld
-rw------- 1 clamupdate clamupdate      884 Feb 18 10:36 mirrors.dat

The file extensions are different, why this is, I do not know.  
Well, thats normal I think... some of the files are diffs of others, so
it only has to update a base file with daily updates. 

So there's a base file that has the signatures from the time the
version was released, and then diff/update files that apply to that to
create the current up to date signatures. 

IMHO
it's nice to have the option of not having RPM mess with the database,
the "-empty" package is a way to do that.  If you are updating clamav,
then chances are the db on disk is newer than the one in the updated
RPM that is being installed. The database included with the RPM is
also most likely out-of-date by the time the RPM is released, so,
personally, I see more value in a database installed via freshclam,
than one installed via the package.
Sure, but what does it hurt? It's not that big, IMHO, so you can just
install the db as shipped and then update it. You will then get to use
the base db files and just need to download the diffs. 
I did this experiment on my Fedora 14 workstation, but, it should demonstrate the issue.

# yum --disablerepo=updates install clamav clamav-data clamav-update

clamav-data-empty installs by default, so had to specify to load the one with the database files, I specified to disable the updates repo to intentionally install a older version.

# ls /var/lib/clamav/
daily.cvd  main.cvd

# vi /etc/freshclam.conf (comment out the Example line)
# freshclam

# ls /var/lib/clamav/
bytecode.cvd  daily.cvd  main.cld  mirrors.dat

# yum update clamav

# ls /var/lib/clamav/
bytecode.cvd  daily.cvd  daily.cvd.rpmsave  main.cld  main.cvd  mirrors.dat

# clamscan
LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days!  ***
LibClamAV Warning: ***   Please update it as soon as possible.    ***
LibClamAV Warning: **************************************************
LibClamAV Warning: Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them

The update installed a older database than what was already on disk, and also left clamav in a condition that has to be manually corrected.  The -empty package doesn't have this issue.
kevin
_______________________________________________ epel-devel-list mailing list epel-devel-list redhat com https://www.redhat.com/mailman/listinfo/epel-devel-list


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]