micahsnyder
commented
3 years ago Hi @lirigithub I will try to answer your questions inline:
1. We thought to bring only the daily.cvd every day (after the main.cvd is there, of course). Is this ok?
It would be best to check if there are updates to each of main, daily, and bytecode before copying them. 99% of the time, only daily will need to be updated, When main is updated, it means that good signatures have been migrated from daily to main, so there will be a loss in efficacy unless you update both. The bytecode database is also infrequently updated because those signatures are handcrafted from C-like code. Other than a loss in efficacy if main and bytecode are updated, there would be no adverse effects from just updating daily as far as I'm aware.
2. In order to know what the current version of the signatures on the server side, we wanted to use ‘sigtool --info daily.cvd’ and take the version attribute from there. a. Is this is the correct way to achieve it?
For your offline server, sigtool --info daily.cvd will work great.
b. Is there another type of signatures version beside the version of the main.cvd and the daily.cvd?
The Version: field is what you want. Some signatures have a set minimum or maximum functionality level that will enable or disable those signatures for certain versions of ClamAV. Don't worry about that though. For your needs, just make sure your local database version matches the latest version available from our servers.
3. For regular environment on which we use mirror (using cvd update), we would like to have a way to check if the if our signatures on the mirror are most updated. For that, we would like to have a way to get the signatures version on the remote location (the one the mirror downloads from). Is there a way to achieve it?
Both cvd update and freshclam use DNS queries to check what version is available for download. Please do not try to disable the DNS query for this check. So long as DNS is used for the version check, the check will only use a small amount of data for you and won't cost us anything. To make sure it's up to date, just run cvd update. The output should look something like this:
2021-04-28 09:22:54 cvdupdate-1.0.2 INFO main.cvd is up-to-date. Version: 59
2021-04-28 09:22:54 cvdupdate-1.0.2 INFO daily.cvd is up-to-date. Version: 26154
2021-04-28 09:22:54 cvdupdate-1.0.2 INFO bytecode.cvd is up-to-date. Version: 333In addition to sigtool --info <database> you can also run cvd config show. The JSON output from that command will include the local version for each CVD database.
Does this help?
lirigithub
Hi,
We want to support the an environment in which clients download signatures from one server. This server will be in offline mode – meaning that the signatures will be put there by an administrator manually. I have some questions regarding it:
Thanks a lot for your help.