On 10-09-2011 17:18, Dave Funk wrote:
That is exactly what I do. I have two clamav instances using seperate config files, library directories, listening on different sockets. The first runs just the official ClamAV supplied sigs, the second all the various 3rd party sigs (SaneSecurity, etc).
Hmm, that works, but for it to work really well, one would also need to cull duplicated signatures of lesser "scoring priority", or have one clamav instance per "scoring tier" to make sure a lower scoring signature (e.g. one from a database with a higher FP ratio) does not shadow one from a higher scoring signature.
I think I will have to do that here, as well. How annoying.Still, enhancing clamav to return multiple results or to implement database match priority did not look like anywhere close to a trivial effort last time I checked :( So, using multiple clamd instances is the best short-term bet.
-- Henrique de Moraes Holschuh <hmh@xxxxxxxxxxxxx> IM@ - Informática de Municípios Associados Engenharia de Telecomunicações TEL +55-19-3755-6555/CEL +55-19-9293-9464 Antes de imprimir, lembre-se de seu compromisso com o Meio Ambiente e do custo que você pode evitar.