[clamav-users] We STILL cannot reliably get virus updates (since new mirrors)
dennispe at inetnw.com
Tue Jul 3 03:11:06 EDT 2018
Well damn - they say memory is the first thing to go...
curl -s -r 35-39 http://db.us.clamav.net/daily.cvd |strings
The -s (silent) inhibits stats.
On 7/3/18 12:02 AM, Dennis Peterson wrote:
> I had completely forgotten about freshclam grabbing the entire file to
> determine currency. I recall knocking off a quick script to avoid that which
> curl -q -r 35-39 http://db.us.clamav.net/daily.cvd |strings
> It returns the ID of what ever version is on the mirror. I've added strings to
> the end as a safety valve in case someone wants to try it with different
> arguments to the -r.
> Being retired I no longer sweat the small schtuff, but when I was responsible
> for hundreds of servers I used every trick in the book to avoid wasting time
> (CFengine was involved and freshclam was not). Because the filename daily.xxx
> is overloaded (version agnostic) this kind of trick was needed.
> On 7/2/18 6:37 PM, Paul Kosinski wrote:
>> Any system whereby new versions of files are announced before they are
>> actually available to automated downloads is awkward (to say the least).
>> If, in addition, a server which doesn't have the announced version is
>> blacklisted by the automated downloader, the whole mechanism can grind
>> to a halt (as it has for us).
>> Even if a server which is out of sync (i.e., behind) is not
>> blacklisted, but merely temporarily skipped, it uses extra bandwidth in
>> the current scheme. In the case of daily.cvd, the only way freshclam
>> detects that the server is out of sync is by downloading the whole file
>> (currently about 47 MB) -- the waste of bandwidth is enormous. For
>> example, our logs this afternoon show 15 complete downloads of
>> daily.cvd over about 1 hour. Of these, all but the last failed due to
>> out of sync. This is why we have recently taken to deleting mirrors.dat
>> before each freshclam run -- to compensate for the blacklisting -- and
>> running freshclam 3 times an hour hoping for sync.
>> This behavior is both unreasonable and inefficient.
>> P.S. Just before I sent this mail, I sent some proposals for how ClamAV
>> might possibly avoid this behavior.
> clamav-users mailing list
> clamav-users at lists.clamav.net
> Help us build a comprehensive ClamAV guide:
More information about the clamav-users