[clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Dennis Peterson dennispe at inetnw.com
Tue Jul 3 03:11:06 EDT 2018


Well damn - they say memory is the first thing to go...

curl -s -r 35-39 http://db.us.clamav.net/daily.cvd |strings

The -s (silent) inhibits stats.

dp

On 7/3/18 12:02 AM, Dennis Peterson wrote:
> I had completely forgotten about freshclam grabbing the entire file to 
> determine currency. I recall knocking off a quick script to avoid that which 
> included:
>
> curl -q -r 35-39 http://db.us.clamav.net/daily.cvd |strings
>
> It returns the ID of what ever version is on the mirror. I've added strings to 
> the end as a safety valve in case someone wants to try it with different 
> arguments to the -r.
>
> Being retired I no longer sweat the small schtuff, but when I was responsible 
> for hundreds of servers I used every trick in the book to avoid wasting time 
> (CFengine was involved and freshclam was not). Because the filename daily.xxx 
> is overloaded (version agnostic) this kind of trick was needed.
>
> dp
>
> On 7/2/18 6:37 PM, Paul Kosinski wrote:
>> Any system whereby new versions of files are announced before they are
>> actually available to automated downloads is awkward (to say the least).
>>
>> If, in addition, a server which doesn't have the announced version is
>> blacklisted by the automated downloader, the whole mechanism can grind
>> to a halt (as it has for us).
>>
>> Even if a server which is out of sync (i.e., behind) is not
>> blacklisted, but merely temporarily skipped, it uses extra bandwidth in
>> the current scheme. In the case of daily.cvd, the only way freshclam
>> detects that the server is out of sync is by downloading the whole file
>> (currently about 47 MB) -- the waste of bandwidth is enormous. For
>> example, our logs this afternoon show 15 complete downloads of
>> daily.cvd over about 1 hour. Of these, all but the last failed due to
>> out of sync. This is why we have recently taken to deleting mirrors.dat
>> before each freshclam run -- to compensate for the blacklisting -- and
>> running freshclam 3 times an hour hoping for sync.
>>
>> This behavior is both unreasonable and inefficient.
>>
>> P.S. Just before I sent this mail, I sent some proposals for how ClamAV
>> might possibly avoid this behavior.
>>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml




More information about the clamav-users mailing list