@ -26,6 +26,7 @@ This will run \gls{freshclam}, and display an error if it failed to connect thro
See \prettyref{sec:runfreshclam} for details.
\section{Choosing a mirror}
\label{sec:mirror}
\Gls{freshclam} by default uses the \gls{database.clamav.net}\gls{mirror}. Although this works well most of the time, you can get better download speeds by using a mirror from your country:
\begin{itemize}
\item Open SigUI
@ -40,6 +41,7 @@ You can also enter the \gls{hostname} of the mirror you wish to use, instead of
This mirror can be a server on your own network too. See \prettyref{sec:localmirror}.
\section{Deploying custom signature updates}
\label{sec:customsigs}
In addition to the official virus signatures, you can use your own signatures, or signatures provided by third-parties.
To deploy them you have these choices:
\begin{itemize}
@ -51,17 +53,17 @@ To deploy them you have these choices:
The signatures are not loaded in the running ClamAV immediately. See \prettyref{sec:updatenow}.
%This is more complicated to setup than the webserver, since the network share needs to be %accessible to the \verb+SYSTEM+ account. Usually no network share is accessible for it.
%. See \prettyref{sec:manualcopy}
\subsection{Deploying your own signatures from a webserver}
\label{sec:customweb}
If you have written your own signatures and want to deploy them to multiple
\CW installations on your network, then the easiest is to put the signatures on your webserver (in your LAN).
The custom signature can be in any format that \gls{ClamAV} understands.
See \url{http://www.clamav.net/doc/latest/signatures.pdf} for details about the format.
See \url{http://www.clamav.net/doc/latest/signatures.pdf} section 3 "Signature formats" for details about the format.
All the signature files, except CVD, are ASCII files. Both Unix (LF) and Windows-style (CR+LF) line-endings are accepted.
CVD files are binary files though, so you should not modify them.
The format of signatures is determined based on the database extension (in a case insensitive manner), so you must make sure to preserve the file's contents and
extension when copying it. (You can safely rename the file, as long as you preserve the extension).
Since these files are not digitally signed \footnote{Official \gls{CVD} files are digitally signed}, it is your responsibility to ensure that the signature files are not altered (by malware, etc.).
@ -93,6 +95,7 @@ If you want to deploy third-party signatures that are not in \gls{CVD} format \f
\item Download the third-party signatures to your server
\item Check their integrity by comparing against the third-party supplied checksum and digital signatures. There usually are scripts to accomplish this
\item Copy the signatures to your webserver, at a location of your choice
\item Make sure you preserve the extension of the files, as the signature format is determined based on the extension
\item Add the full URL path to these signatures to \gls{freshclam.conf} using \gls{SigUI}.
Pressing this button will launch \gls{freshclam}, and opens a window to show its output.
\begin{figure}[htp]
\caption{SigUI: Updater configuration tab}
\centering
\includegraphics{sigui_run.jpg}
\label{fig:tab1}
\end{figure}
\section{Updater configuration}
When you open SigUI the \emph{Updater configuration} tab is open, see \prettyref{fig:tab1}.
\begin{figure}[htb]
\caption{SigUI: Updater configuration tab}
\centering
\includegraphics{sigui_tab1.jpg}
\caption{Updater configuration}
\label{fig:tab1}
\end{figure}
It has 2 sections:
\subsection{Proxy settings}
If \emph{Proxy required for Internet access} is not ticked, then \gls{freshclam} will connect directly to the internet.
If it is ticked, then the \emph{server} and \emph{port} fields, and \emph{Authentication required} checkbox will be enabled.
If the \emph{Authentication required} checkbox is ticked the \emph{username} and \emph{password} fields will be enabled too.
The \emph{Retrieve system proxy settings} will attempt to retrieve the proxy settings from Internet Explorer, and fill the above fields.
See \prettyref{sec:proxysettings} for an example.
\subsection{Signature sources}
Here you can configure what databases will \gls{freshclam} automatically download.
\emph{Download Official Signatures from mirror} allows you to choose the \gls{mirror} that \gls{freshclam} will use to download the virus databases. You can either enter a custom hostname, or select one from the list (preferably the one that matches your countrycode).
See \prettyref{sec:mirror} for an example.
\emph{Official bytecode signatures} is by default enabled. If you want to disable it, untick it. But you must be aware that you will miss some detections, or even bugfixes.
\emph{Custom signature URLs} is a list of custom URLs that \gls{freshclam} will download and install as new virus signature databases.
You can use the \emph{Add} and \emph{Remove} buttons to manage the list. The list accepts \verb+http://+ URLs, or \glspl{UNC path}.
See \prettyref{sec:customsigs} for detailed examples.
\subsection{Saving configuration and testing}
Pressing the \emph{Save settings} will validate all the fields on this tab, and save the settings to \gls{freshclam.conf}. If there is anything wrong an error message will be shown.
Pressing the \emph{Run freshclam to test configuration} will test whether the new \gls{freshclam.conf} works as expected. If this results in error you should fix it, otherwise your custom databases won't be used.\footnote{The official ones should still be downloaded correctly even in case of errors, unless freshclam.conf is very broken}
\section{Local signature management}
This tab allows you to manage the signatures installed in the database directory, see \prettyref{fig:tab2}.
\begin{figure}[htb]
\caption{SigUI: Local signature management}
\centering
\includegraphics{sigui_tab2.jpg}
\label{fig:tab1}
\caption{Local signature management}
\label{fig:tab2}
\end{figure}
There upper section, \emph{New signatures} shows the signatures you are about to install,
and the bottom section, \emph{Installed signatures} shows the already installed signatures.
You can manage the top list using the \emph{Add} and \emph{Remove} button (Add launches a standard \emph{Open file} dialog).
The bottom list is managed by SigUI and \gls{freshclam}. You can press \emph{Verify and Install signatures} to validate and copy the signatures from the list above to the one below.
Signatures are only copied after they have been verified as valid, an error is shown for malformed signatures. See \prettyref{sec:custommanual} for an example.
The \emph{Delete} button will delete the actual signatures files from disk, it should be used only if you know what you are doing (a confirmation message is shown prior to delete of course).
\section{Run freshclam to test configuration}
\label{sec:runfreshclam}
Pressing this button will launch \gls{freshclam}, and opens a window to show its output, see \prettyref{fig:freshclamout}.
\begin{wrapfigure}{r}{0.5\textwidth}
\centering
\includegraphics{sigui_run.jpg}
\caption{SigUI: Freshclam output window}
\label{fig:freshclamout}
\end{wrapfigure}
The output shows the progress of the update, and any error messages from \gls{freshclam}.
It is recommended that once you change \gls{freshclam.conf}, by clicking \emph{Save settings}, to test it by clicking on \emph{Run freshclam to test configuration}.
Török Edvin
15 years ago
