autoupdate confusion?

[Jim Flowers]

On Fri, 31 Oct 2003 17:58:02 +0000, Kevin Spicer <kevins at BMRB.CO.UK> wrote:

>You run update_virus_scanners as an hourly cron job (twice daily is way
>too infrequent), this calls the appropriate autoupdate script.  In most
>cases the autoupdate script is a wrapper to the virus scanners own
>update mechanism (certainly true in the case of clam) which also creates
>a lock which prevents MailScanner trying to scan mail whilst the update
>is in progress.
>

I studied update_virus_scanners as a possible undocumented? solution but it
has a number of problems:

1. It expects virus_scanners.conf to have three fields; the one in my
distribution has only two.  Without the PACKAGEDIR field, it will do
nothing as written.

2. If the PACKAGEDIR field is present, the x$1 test in the clamav-wrapper
program will fail as $1 is passed as PACKAGEDIR, not -IsItInstalled.

These are easy enough to fix for a shell hacker and even easier to just run
the freshclam wrapper directly, however, my question was really about
documentation of the intended operation.

As to the update frequency, I am really appreciative of the service that
the ClamAV folks provide as the only truly effective no-cost virus scanner
(at least that I have been able to find and qualify) so I don't like to
overdo it.  My logs show that they infrequently update more than once a day
so I think that checking twice a day is sufficient.  ClamAV currently traps
4.3% of all incoming mail as containing a known virus and as most of them
are directed against my personal account I am very happy to have it. There
have been no false positives nor false negatives in several months of use.
YMMV.