On 04/24/2012 06:11 PM, Steve Basford wrote:
For those having issues: a) what databases are loaded b) what OS are you running
Until yesterday we were using: ss_dbs=" junk.ndb jurlbl.ndb phish.ndb rogue.hdb sanesecurity.ftm scam.ndb spamimg.hdb winnow_malware.hdb winnow_malware_links.ndb sigwhitelist.ign2 jurlbla.ndb lott.ndb spam.ldb spamattach.hdb spear.ndb spearl.ndb winnow_spam_complete.ndb winnow_phish_complete.ndb winnow.complex.patterns.ldb winnow_extended_malware.hdb winnow_extended_malware_links.ndb winnow.attachments.hdb scamnailer.ndb doppelstern.ndb doppelstern.hdb doppelstern-phishtank.ndb crdfam.clamav.hdb bofhland_cracked_URL.ndb bofhland_malware_URL.ndb bofhland_phishing_URL.ndb si_dbs=" honeynet.hdb securiteinfobat.hdb securiteinfodos.hdb securiteinfoelf.hdb securiteinfo.hdb securiteinfohtml.hdb securiteinfooffice.hdb securiteinfopdf.hdb securiteinfosh.hdb mbl_dbs=" mbl.ndb We run Solaris 10 on x86.I noticed we had added bofhland sigs at the same time as upgrading ClamAV so I tried reloading the virus signatures a few times:
0.97.4 + bofhland DBs: 2m41 (2,920,378 sigs) 0.97.4 - bofhland DBs: 53s (2,873,710 sigs) 0.97.2 + bofhland DBs: 1m30 (2,891,587 sigs) 0.97.2 - bofhland DBs: 49s (2,860,988 sigs) We have removed the bofhland signatures for now.Searching around we found an asynchronous database reload patch that was proposed a year ago:
http://lurker.clamav.net/message/20110328.142644.dce2f446.en.html It looks like it may have been incorporated into a recent Fedora build: http://pkgs.org/fedora-16/atomic-x86_64/clamav-db-0.97.4-4.fc16.art.x86_64.rpm.html So a fix may already be around the corner. Regards, Dave. David Mayo Networks/Systems Administrator University of Bath Computing Services, UK