On Thu, 2009-01-22 at 12:16 +0000, Anne Wilson wrote: > On Thursday 22 January 2009 09:35:11 Ralph Angenendt wrote: > > What do you do with clamav on a linux server? Especially: How is it run > > by you? What do you think it protects you against on a linux server? > > 1 - it protects you against passing on any windows viruses to windows users > 2 - it satisfied those auditors who can't think beyond what they have been > told, especially if you have log proof. Logwatch's daily report: > > --------------------- clam-update Begin ------------------------ > > Last ClamAV update process started at Wed Jan 21 04:02:23 2009 > > Last Status: > main.cvd is up to date (version: 49, sigs: 437972, f-level: 35, builder: > sven) > daily.cld is up to date (version: 8881, sigs: 56877, f-level: 38, builder: > ccordes) > > ---------------------- clam-update End ------------------------- > > > --------------------- Clamav Begin ------------------------ > > > **Unmatched Entries** > Database correctly reloaded (936952 signatures) > > ---------------------- Clamav End ------------------------- > > That should satisfy and auditor. ---- the above suggests that clamav signature files were updated and the database reloaded but nowhere does it suggest that any scanning of the file system occurred nor the output of such scanning which probably never occurred. What you have demonstrated is a gymnastic exercise which accomplishes little. clamd might be able to do something useful but it is not indicated above. Craig