Skip to content

Latest commit

 

History

History
115 lines (89 loc) · 4.98 KB

README.md

File metadata and controls

115 lines (89 loc) · 4.98 KB

Build Status

ClamAV Private Mirror

This project is intended to be a collection of stand-alone tools and unified components that allow for the easy install of a private ClamAV signature mirror.

Requirements

You will need to have the ClamAV utility sigtool installed on your system in order to use any of the included components. ClamAV version 0.99.2 has been verified as working.

Design

Please refer to the design document for an overview of how the application updates signatures or mirrors them as a server.

Components

sigupdate

The sigupdate component works in a similar way to the perl script posted on the ClamAV site called clamdownloader.pl. However, it is written in golang and doesn't require any application runtimes (Perl) in order to run. Additionally, it handles some failure cases better. Typically, you would use this tool in a cron job to periodically update your signatures and then use your own webserver to serve those signatures out of your data directory.

Usage

Usage: sigupdate [-vV] [-d value] [-i value] [-m value] [-t value] [parameters ...]
 -d, --data-file-path=value
                Path to ClamAV data files
 -i, --clamav-dns-db-info-domain=value
                DNS domain to verify the virus database version via TXT
                record
 -m, --download-mirror-url=value
                URL to download signature updates from
 -t, --diff-count-threshold=value
                Number of diffs to download until we redownload the
                signature files
 -v, --verbose  Enable verbose mode with additional debugging information
 -V, --version  Display the version and exit
Data Directory (data-file-path or env DATA_FILE_PATH)

Usage of the sigupdate utility requires a directory that is writable by the executing user. Specify that directory with the -d flag.

Download Mirror URL (download-mirror-url or env DOWNLOAD_MIRROR_URL)

The default URL for downloading updates is http://database.clamav.net. However, that URL doesn't make use of the global mirrors available. Please refer to the ClamAV mirrors page for a list of region specific mirrors. For example, if you are in the USA, you may want to use the URL: http://db.us.clamav.net to download signatures from a list of mirrors in the US region.

DNS Version Database Domain (clamav-dns-db-info-domain or env DNS_DB_DOMAIN)

The default domain mapping to a TXT record for resolving that latest ClamAV signatures is: current.cvd.clamav.net. Change this value if you want to pull signature version information from your own domain.

Diff Count Threshold (diff-count-threshold or env DIFF_THRESHOLD)

Sometimes your signatures may be so out of date that there are not enough diff files available on the mirrors to provide updates. In particular, this happens if you start with definitions that come directly from a package manager. This value sets the number of versions to download diffs for until we update the base signature data file.

sigserver

The sigserver component is a stand-alone HTTP server that serves ClamAV signatures. Signatures will be updated periodically using the sigupdate component. The update interval will be configurable.

Usage

Usage: sigserver [-vV] [-d value] [-h value] [-i value] [-m value] [-p value] [-t value] [parameters ...]
 -d, --data-file-path=value
                   Path to ClamAV data files
 -h, --houry-update-interval=value
                   Number of hours to wait between signature updates
 -i, --clamav-dns-db-info-domain=value
                   DNS domain to verify the virus database version via TXT
                   record
 -m, --download-mirror-url=value
                   URL to download signature updates from
 -p, --port=value  Port to serve signatures on
 -t, --diff-count-threshold=value
                   Number of diffs to download until we redownload the
                   signature files
 -v, --verbose     Enable verbose mode with additional debugging information
 -V, --version     Display the version and exit

In addition to all of the parameters available to sigupdate, sigserver has the following configuration parameters:

Port (port or env SIGSERVER_PORT)

Port to listen for HTTP requests on - defaults to port 80.

Hourly Update Interval (houry-update-interval or UPDATE_HOURLY_INTERVAL)

This parameter configures many hours to wait before updating the signatures from the ClamAV severs.

License

This project is licensed under the MPLv2. Please see the LICENSE file for more details.

Credits

I'm grateful for all of the hard work that goes into ClamAV. Thank you!