On Tue, 21 Jun 2011 04:48:44 +0200 Fritz Elfert <fritz@fritz-elfert.de>
wrote:
> Hi,
>
> In a completely isolated network environment, I want to setup my own
> CVD-Database server and create my own special signatures. If looking at
> the source of sigtool, it connects to some "signing"-server using
> manually supplied credentials, then sends several sign requests and
> retrieves the results.
>
> What I can't figure out: Where is the source of that "signing"-server
> resp. which algorithm does it use for signing?
>
> Hopefully somebody can shed some light on that...
Hi Fritz,
you can't create digitally signed CVD files, this can only be done by
the ClamAV team.
However, with the development version of ClamAV you can create unsigned
containers (*.cud files).
A quick example on how to create such a file (please keep in mind this
will only work with clamav-devel, also only the development version of
clamscan/clamd will be able to load such a container):
/tmp$ mkdir db
/tmp$ cd db
/tmp/db$ sigtool --unpack-current daily
/tmp/db$ ls
COPYING daily.db daily.ftm daily.hdu daily.ign daily.info
daily.mdb daily.ndb daily.pdb daily.zmd
daily.cfg daily.fp daily.hdb daily.idb daily.ign2 daily.ldb
daily.mdu daily.ndu daily.wdb
/tmp/db$ sigtool-devel --build daily.cud --unsigned
WARNING: build: Signatures in daily db files: 126823, loaded by
libclamav: 127496
Total sigs: 127496
Builder name: test
Created daily.cud
/tmp/db$ clamscan -d daily.cud /etc/passwd
/etc/passwd: OK
----------- SCAN SUMMARY -----------
Known viruses: 126257
Engine version: devel-clamav-0.97-150-g83c82f1
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.356 sec (0 m 0 s)
Then you can distrubute daily.cud via a local web server and point
clients to it by adding the following line to freshclam.conf:
DatabaseCustomURL
http://my.local.server.com/daily.cud Alternatively, you can distrubute it via NFS or so:
DatabaseCustomURL file:///mnt/nfs/daily.cud
Of course, you can use any name for the db, but all internal files
(listed with 'ls' in the example) need to have the same base name as well.
Hope this helps,
--
oo ..... Tomasz Kojm <tkojm@clamav.net>
(\/)\.........
http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Tue Jun 21 11:15:19 CEST 2011
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla:
http://bugs.clamav.net