[clamav-users] ClamAV Private Mirror Question

newcomer01 at posteo.de newcomer01 at posteo.de
Mon Jan 30 20:15:25 UTC 2023 

thanks for the hint Micah.

unfortunately Ubuntu doesn't have a field in "stat" to store the version number (or am i blind?), then you could really compare the already existing versions with the currently delivered version and only update when versions differ.

Currently you have only a chance to do something like this, when you read the creation date from the txt and set that as the modification date of the file (touch -m -t yyyymmdd.ss), then you can compare these times (file time from the existing ones and the "new" file time).

Or change clamscan or clamdscan this dates while running?

Regards,
Marc

Von / From: Micah Snyder (Micasnyd) <mailto:micasnyd at cisco.com>
An / To: Newcomer01 <mailto:newcomer01 at posteo.de>
Gesendet / Sent: Montag, Januar 30, 2023 um 20:16 (at 08:16 PM) +0100
Betreff / Subject: Re: [clamav-users] ClamAV Private Mirror Question
> Very close.  The 49192 number is for the version of (now defunct) safebrowsing.cvd.
>
> But yes, if they're able to access DNS and compare the version of daily/main/bytecode with what is in the DNS record then that will also be useful.
>
> Regards,
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> *From:* clamav-users <clamav-users-bounces at lists.clamav.net> on behalf of newcomer01 via clamav-users <clamav-users at lists.clamav.net>
> *Sent:* Monday, January 30, 2023 10:43 AM
> *To:* ClamAV User Mailinglist <clamav-users at lists.clamav.net>
> *Cc:* newcomer01 <newcomer01 at posteo.de>
> *Subject:* Re: [clamav-users] ClamAV Private Mirror Question
> additional you can do this little more complcated like me:
>
> $(host -W "60" -t TXT "current.cvd.clamav.net")
>
> and cut all needed informations from descriptive text
>
> for example:
>
> # current.cvd.clamav.net descriptive text "0.103.7:62:26777:1673344800:1:90:49192:333"
>
> 0.103.7 is the suggested software version
> 62 is version of main.cld or main.cvd
> 26777 is version of daily.cld or cvd
> 1673344800 unixdate when the files created from clamav
> 90 is the f-level for daily.cld or daily.cvd
> 49192 is probably the version of freshclam.dat (i'm not sure, but it can't really be anything else)
> 333 is the version of bytecode.cvd
>
> Am I right Micah?
>
> i had once found an explanation of the descriptive txt but i can't find it anymore
>
>
> Von / From: Clamav User Mailinglist <mailto:clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>>
> An / To: Newcomer01 <mailto:newcomer01 at posteo.de <mailto:newcomer01 at posteo.de>>
> CC / CC: Micah Snyder \(Micasnyd\) <mailto:micasnyd at cisco.com <mailto:micasnyd at cisco.com>>, Bryan Whipkey <mailto:cloud81186 at live.com <mailto:cloud81186 at live.com>>
> Gesendet / Sent: Montag, Januar 30, 2023 um 18:33 (at 06:33 PM) +0100
> Betreff / Subject: Re: [clamav-users] ClamAV Private Mirror Question
> > Hello,
> >
> > You can use this command to print the build information which will include the date it was published:
> >
> > |sigtool --info /path/to/database|​
> >
> > For example:
> >
> > ❯ sigtool --info /var/lib/clamav/daily.cld
> > File: /var/lib/clamav/daily.cld
> > Build time: 30 Jan 2023 03:24 -0500
> > Version: 26797
> > Signatures: 2018753
> > Functionality level: 90
> > Builder: raynman
> > Verification OK.
> >
> > Is that what you're looking for?
> >
> > Regards,
> > Micah
> >
> > Micah Snyder
> > ClamAV Development
> > Talos
> > Cisco Systems, Inc.
> >
> > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> > *From:* clamav-users <clamav-users-bounces at lists.clamav.net> on behalf of Bryan Whipkey via clamav-users <clamav-users at lists.clamav.net>
> > *Sent:* Sunday, January 29, 2023 2:01 AM
> > *To:* clamav-users at lists.clamav.net <clamav-users at lists.clamav.net>
> > *Cc:* Bryan Whipkey <cloud81186 at live.com>
> > *Subject:* [clamav-users] ClamAV Private Mirror Question
> > Hello,
> >
> > I have setup a private mirror for ClamAV. I have pointed it to the private mirror on freshclam.conf. My question is how do i test this to make sure I am pulling the most up to date definitions from the private mirror to the server being scanned? Thanks in advance.
> >
> > Sent from my iPhone. Please excuse any typos.
> > _______________________________________________
> >
> > Manage your clamav-users mailing list subscription / unsubscribe:
> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/Cisco-Talos/clamav-documentation
> >
> > https://docs.clamav.net/#mailing-lists-and-chat
> >
> > _______________________________________________
> >
> > Manage your clamav-users mailing list subscription / unsubscribe:
> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/Cisco-Talos/clamav-documentation
> >
> > https://docs.clamav.net/#mailing-lists-and-chat
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat

More information about the clamav-users mailing list