Could you run two copies of clamd, one using stock db and the other using your custom sigs? Then you would only need to signal the one running the custom sigs when they change. Yes you would need to trigger two scans of the target data, but the overhead shouldn't be too bad. The only thing I can't remember is how to tell each clamdscan which clamd to use, but I'm pretty sure it's possible.
We have the problem that we change our custom clamav rules quite often.
A job syncs changed rules files to clamav server and then sends a
SIGUSR2 signal to reload the signatures. In that time of reloading
clamav does not really work and the application using clamd has to wait
for up to 30s.
So we wonder if it's somehow possible to "tell" the clamd that only
changed databases have to be re-read. As our own sigs are very small
compared to the stock sigs, the reload for our sigs is quite fast. What
takes long is the reload of stock sigs.
Basically we're looking for a way to tell clamd to only reload defined
databases or changed databases.
If that is not possible in current clamav, would it be worth considered
a feature request for future releases?
Thanks for any idea
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml