Squid Antivirus Status listing main.cvd version 2021??
-
Hello fellow netgate community, is the main.cvd suppose to be listing a date of 2021.09.16 that seems a like it is an outdated version. Is that normal for the main.cvd?
-
Did you ever find anything out about this?
-
@jc1976 It is a known date stamp that the main database is released every once and a great while per ClamAV and the updates and daily are what add to the main. They update that every couple years or so, but it is like a foundation signature set and the others add or delete from it.
-
ok..
i edited one of the files and the bytecode.cvd updated to bytecode.cLd (by raynman), and is dated roughly a month behind the daily.cld.
do you know if these are just alerts or are they capturing/blocking the files?
in the clamav docs (and from what i've found online) it seems that there are only a few edits needed to make this work however i've found (at least in pfsense) several files need to be edited.
Also, whenever i downloaded the eicar test file it doesn't get blocked.. that might be just because it's always done over https and there seems to be no way around it.
You seem to keep your finger on the squid pulse, what is your opinion on it's future? I know if we go to the documents they talk about it being deprecated in the next release and someone has managed to update the pfsense package manager so we can still install it, but how long can that go on for?
-
@jc1976 the only way I could get the Clam AV to work right was with SSL intercept enabled with use of certificates. I personally think that pfSense Squid will eventually get updated to keep pace with OpenSense firewalls as they fully support it, plus lots of students the only way to learn this stuff is with use of it.
Who knows. One thing is for sure cyber security will get more complex as time goes on. I would keep it going but it’s not up to me.
-
@JonathanLee
yeah, i agree... Thank God for LG1980 and his updates to squid/clamav, but i wish i had the ability to develop like others to make a proper interface for clamav like they have on opnsense.. that's what we need and i'm sure it would get the attention it needs. the problem i see is that it isn't easy to configure like other solutions and people just 'give up' and say it sucks.. it's actually a really good AV solution but again, it's tough to configure so no one wants to deal with it. -
it would be REALLY SLICK if someone were to develop a web gui for it, kinda like ntopng where you install clamav and then navigate to a web address:port-number and have a dedicated page for all things clamav..
I doubt there's even a way to request that, along with the considerable resources it would take to develop it.
