 |
 | ClamWin doesn't use sanesecurity database |  |
|
ymtan
|
|
Hi,
I have installed ClamWin 0.95.1 and I have setup my Windows server to periodically download Sanesecurity databasess to the C:\DOCUME~1\ALLUSE~1\.clamwin\db folder. According to SaneSeurity website at https://www.sanesecurity.com/usage.htm, it mentioned 3 methods to verify if Sanesecurity databases are functioning. I have tested 3 via commandline scanning and all failed. The samples are treated as passed and not detected. I couldn't find any wrong as no error message found. Can someone with experience share your solution? THANKS! -- sample screen output -- C:\PROGRA~1\ClamWin\bin>C:\Progra~1\clamwin\bin\clamscan.exe --verbose --database="C:\docume~1\allus e~1\.clamwin\db" --tempdir="c:\Temp" a.txt Scanning \\?\C:\PROGRA~1\ClamWin\bin\a.txt C:\PROGRA~1\ClamWin\bin\a.txt: OK ----------- SCAN SUMMARY ----------- Known viruses: 595153 Engine version: 0.95.1 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 4.969 sec (0 m 4 s) -- sample end -- |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
ClamWin uses only the official signatures provided by the Clam Antivirus project. It is up to users to integrate other signature databases themselves if so desired, but no support can be provided. I believe Sane Security and another database are used extensively by the Linux email servers who use Clam Av. I suggest you check with these database providers about use with ClamWin.
The Spyware Blaster antispyware program also uses an extensive database of "bad" web sites which is updated infrequently but at least monthly. It will not allow you to visit one of these sites on the web. Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
ymtan
|
|
Thanks Bob for your clarification. As you mentioned that one can "integrate other signature databases by themselves". May I know if there is any way that we can make the ClamWin to recognize other databases?
|
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
The provider of one of these databases should be able to tell you what you need to know to integrate it into Clam/ClamWin. Clam was having a problem with them during verson .95 testing and had to consider them (first time, I believe, due to the new scanning engine), but it was a real pain for them.
I used to make a "home brew" database for my copy of ClamWin back before most malware was packed/obfuscated. I put the database in a Notepad file with a .db extension. Each entry in the database was in this format: malwaretype.malwarename.otheroptionalID=signature. I used an actual signature/string found in the malware--not an MD5 hash. New additions were added to the front of the database, not the rear, so I wouldn't contaminate it with line breaks. A detection of one of these signatures will be noted by Clam/ClamWin as "UNOFFICIAL." I don't know how long Clam will support them--their database is getting pretty sophisticated now. Regards, |
|||||||||||
|
|||||||||||||
|
 | ClamWin doesn't use sanesecurity database | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.