[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

opposition against clamav-data in debian volatile

On Tue, Sep 22, 2009 at 14:21, Florian Weimer <fw@deneb.enyo.de> wrote:
> * Javier Fernandez-Sanguino:
>> This really sounds like there is a "use case" for data-only
>> "packages" that:
> Is clamav-data really data-only?  Other AV software ships some sort of
> code even in signature updates (as opposed to engine updates).

Yes, the signatures contain only signatures, which are hexadecimal
patterns with wildcards, hashes, and so on. See

For ClamAV 0.96 we have planned support for bytecode signatures, see
This is not directly executable code, but bytecode that is executed by
an interpreter/JIT, and doesn't have access to the system in any way,
it only has access to a restricted set of ClamAV APIs.

Regarding freshclam, there are 2 ways to setup a local mirror,
described here, see the question "I’m running ClamAV on a lot of
clients on my local network. Can I serve the cvd files from a local
server so that each client doesn’t have to download them from your

Best regards,

Reply to: