Mailing List Archive

The linux.cvd is kept up to date with linux-specific signatures, but obviously doesn't have the coverage that the rest of the signature databases have.

Thanks,
Andy
________________________________
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Jimmy F via clamav-users <clamav-users@lists.clamav.net>
Sent: Sunday, December 11, 2022 11:10 PM
To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net>
Cc: Jimmy F <fallsjd@gmail.com>
Subject: [clamav-users] linux.cvd database question

Hi, question re the linux.cvd database. Our company has a number of Linux laptops running with 8 gigs of memory. We need AV for compliance reasons, and would like to use ClamAV, but the 1.2G memory footprint is a bit much, so we're looking at possibly using just the linux.cvd database which is considerably smaller.

My question is how often is that linux.cvd updated and does it have latest virus signatures? Using the sigtool it appears that it's updated from the previous day. But I'm not clear on its relationship to the daily.cvd or main databases. What percentage of daily.cvd are linux/unix based viruses?

Thanks!

Jimmy

To add to what Andy wrote... The linux.cvd was created to supplement a product that has online hash look-ups and behavioral detection features. It isn't advertised for public used because it isn't intended for public use. And I'm not certain it is actually used anywhere.

But I should caution that it doesn't have a lot of detection content. Linux.cvd has basically no hash-based signatures, and a relatively tiny number of signatures in general. And, for example, linux.cvd lacks any signatures for monitoring html links for phishing.

If this is your ticket to ticking the AV compliance checkbox then I guess go ahead. It is updated frequently. But it doesn't have all that much in it.

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Andy Ragusa (aragusa) via clamav-users <clamav-users@lists.clamav.net>
Sent: Monday, December 12, 2022 7:25 PM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: Andy Ragusa (aragusa) <aragusa@cisco.com>
Subject: Re: [clamav-users] linux.cvd database question

The linux.cvd is kept up to date with linux-specific signatures, but obviously doesn't have the coverage that the rest of the signature databases have.

Thanks,
Andy
________________________________
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Jimmy F via clamav-users <clamav-users@lists.clamav.net>
Sent: Sunday, December 11, 2022 11:10 PM
To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net>
Cc: Jimmy F <fallsjd@gmail.com>
Subject: [clamav-users] linux.cvd database question

Hi, question re the linux.cvd database. Our company has a number of Linux laptops running with 8 gigs of memory. We need AV for compliance reasons, and would like to use ClamAV, but the 1.2G memory footprint is a bit much, so we're looking at possibly using just the linux.cvd database which is considerably smaller.

My question is how often is that linux.cvd updated and does it have latest virus signatures? Using the sigtool it appears that it's updated from the previous day. But I'm not clear on its relationship to the daily.cvd or main databases. What percentage of daily.cvd are linux/unix based viruses?

Thanks!

Jimmy