This document attempts to describe at a high-level the implementation of both
the sigupdate and sigservers applications.
The step-by-step process by which signatures are updated from public ClamAV mirrors is documented below.
- The
sigtoolutility is located in the working directory or in the system PATH. If it is not found, the application exits. - The TXT record (typically current.cvd.clamav.net) for ClamAV signature versions is retrieved from DNS.
- Each version value is parsed from the TXT record and stored in a data structure.
- For each signature (main, daily, bytecode), we check to see if a .cvd file has already been downloaded for it. If it hasn't been downloaded, we download it.
- If the signature has already been downloaded, we use
sigtoolto parse the version and build time of the file and store the values. Ifsigtoolfails to parse the file or the file fails verification, we download the file again. - A .cdiff file per each version number of the delta is downloaded.
If any of the .cdiff files can't be downloaded (e.g. 403 Not Found), then
the .cvd file is downloaded again. If the new signature version the old
signature version are not within the range of an acceptable delta
(set by
diff-count-threshold), then we download the .cvd file. - When downloading files, we download all files to a temporary file and move the file to the final location only if all operations succeed.
- When downloading .cvd files, we specify the "If-Modified-Since" HTTP header
with the value based on the build time as returned from the output of
sigtool. - When a .cvd file download has completed, we parse the file with
sigtooland set the file system's last modified time to the value returned from thesigtool. Additionally, if the file fails verification, then it is considered a failed download. - When a non-cvd file is downloaded, the file system's last modified time is set to the value as returned by the HTTP header "Last-Modified".
- Once all signature file updates have been completed, the
sigupdateprocess has finished.