[clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Paul Kosinski clamav-users at iment.com
Tue Jul 3 12:28:13 EDT 2018


The way Linux updates are done in practice is significantly different
from ClamAV virus signature updates.  

With ClamAV, freshclam is automatically run periodically, sees (by
some low-cost means) that a new file version is *supposed* to be
available and tries to download it. If either it can't, or worse yet,
it's the wrong one, it tries the next mirror. This all takes time and
bandwidth.

With Linux updates, I explicitly ask (via aptitude) what new updates
are available: It takes some time to retrieve the list. Then I select
the ones I want and ask to install them. I have *never*, *ever* seen
this mechanism deliver the wrong version and thus fail to install it.
This is due to the fact that the same Debian mirror machine provides
the new versions of a group of files as provides the list of new
versions. Thus there is an almost zero chance of a race condition
(unless some idiot adds a version to the list before uploading the
actual deb file). Even if set to auto update, I think the *lists*
always come from the same servers as the files.

It's not a matter of using DNS TXT records, it's a matter of sourcing
them on a *different* computer than the actual files. This separation
virtually begs for synchronization problems.




On Tue, 3 Jul 2018 09:14:31 +0200
Matus UHLAR - fantomas <uhlar at fantomas.sk> wrote:

> >> On Mon, 02 Jul 2018 04:02:58 -0700
> >> Al Varnell wrote:
> >>> Does the evidence available infivsyr that it's the mirrors that
> >>> are out-of-date or is it DNS? Everything I've seen shows that
> >>> they are not in sync, but I'm not sure which get's updated first.
> 
> >Am 02.07.2018 um 13:22 schrieb Brian Morrison:
> >> It should not matter if the mirrors are ahead of DNS, they will
> >> simply provide the latest version for download.
> >>
> >> The problem is when a given set of mirrors are not available for a
> >> particular requester, eventually you completely run out of mirrors
> >> and no updates happen at all. There should be fall backs to
> >> prevent this...
> 
> On 02.07.18 13:27, Reindl Harald wrote:
> >it's not rocket science to have a metafile on the mirror which
> >inicates the latest available version,
> 
> because it's much easier, faster and effective </irony> to connect to
> mirror to check a metafile instead of checking single small DNS
> record.
> 
> > linux distributions doing that for decades
> >and they have way larger metadata
> 
> that's exactly because they have way larger metadata. If their
> metadata was as big as Clamav's, they'd use DNS too.
> 
> 


More information about the clamav-users mailing list