[clamav-users] Use ClamAV on ARM Platform (Nvidia
G.W. Haywood
clamav at jubileegroup.co.uk
Mon Mar 1 17:54:09 UTC 2021
Hi there,
On Mon, 1 Mar 2021, Michael Kang via clamav-users wrote:
> We are working on Nvidia's Jetson Xavier NX product, of which the CPU is "6-core NVIDIA Carmel 64-bit ARMv8.2 @ 1400MHz* (6MB L2 + 4MB L3)".
> The operating system is Linux Ubuntu 18.04 for ARM. Below is a link to the platform:
> https://developer.nvidia.com/blog/jetson-xavier-nx-the-worlds-smallest-ai-supercomputer/
>
> I understand ClamAV could be cross-compiled to run on ARM platform.
If it's a "supercomputer", can you not run a compiler on the machine?
There should be no need to cross-compile.
> My questions is more related to the virus database/signature files.
>
> I am assuming ...
Assume makes and Ass out of u and me. :)
> ... can I assume different database/signature files would be needed
> for ARM platforms?
The signature database is made up of several different signature types,
see the documentation for _example_ at
https://www.clamav.net/documents/clam-antivirus-user-manual
https://www.clamav.net/documents/extended-signature-format
https://www.clamav.net/documents/file-type-magic
https://www.clamav.net/documents/clamav-file-types
https://www.clamav.net/documents/using-yara-rules-in-clamav
It does not matter on what architecture the ClamAV scanners run. On
every architecture on which they run they apply the signature database
to the data in exactly the same way, and produce the same results. It
may of course be quicker to run on some architectures than on others.
Some signatures look for binary data of the kind which makes sense on
one architecture and not if you're using another. Many signatures are
however written to match things like English words and phrases or bits
of interpreted code (e.g. Javascript, Word macros) so the architecture
is irrelevant to the scan - but of course it might not be irrelevant
from other points of view.
I don't know if there are any signatures specific to your architecture
in the ClamAV database, but if there are I'd be surprised if the count
was a significant fraction of the total.
We only use Linux. We only scan mail. We're using the standard
ClamAV database and a bunch of third-party databases too, so we're
scanning for many things which are only threats to machines which are
running Windows. But it's just as well to scan outgoing mail too and
recipients of our mail might run Windows. It doesn't use excessive
CPU to do a scan, so I don't worry about it.
If, when you have some experience of scanning performance, you think
it isn't acceptable to scan for things which aren't direct threats to
your equipment, and it would be better to skip scanning for things
which aren't a direct threat to your installation, then you could look
at creating your own databases. It's a huge task, and I should think
it unlikely that you would find it rewarding.
The less popular architectures are affected by fewer threats, for
obvious reasons.
--
73,
Ged.
More information about the clamav-users
mailing list