[clamav-users] daily.cvd vs main.cvd

Al Varnell alvarnell at mac.com
Fri Sep 19 21:18:26 UTC 2014 

On Fri, Sep 19, 2014 at 11:30 AM, Paul Kosinski wrote:
> 
> On Fri, 19 Sep 2014 12:00:00 -0400
> Al Varnell <alvarnell at mac.com> wrote:
>> OK, so I?m a bit confused by this.
>> 
>> I realize that many of us have different approaches to updating the
>> database, due to different circumstances in network access, etc.,
>> but why are you downloading daily.cvd five times a day instead of
>> using freshclam to incrementally update as recommended to all users,
>> if bandwidth is such an important resource to you?  It certainly has
>> a negative impact to the mirror network if many users are doing this
>> routinely.
>> [SNIP]
> 
> We *are* using freshclam to acquire daily.cvd. I used the term
> 'download' to denote the concept of acquiring data from a remote
> computer, it doesn't mean that we go to the mysterious URL which is
> being discontinued to retrieve daily.cvd.
> 
> In particular, every hour at 7 minutes past the hour (see crontab
> entry below) a wrapper script is executed via cron which in turn
> invokes freshclam. The wrapper script logs various information every
> time it runs, whether or not anything is actually pulled from the
> ClamAV mirror. (See below for log excerpts.)

That sounds like a reasonable approach to keeping thing “fresh” and could be increased to up to four times an hour without having to change your Country Code, but based on what I have seen so far today (twelve incremental updates so far) that would just cause even more download issues.

> The statement in my earlier posting about 'downloading' 5 times in one
> day was merely a reference to the fact that on that particular day
> freshclam decided to retrieve a new daily.cvd 5 times, out of 24
> hourly checks. And, in spite of the use of freshclam, the daily.cvd
> that got retrieved was quite large (28 MB, according to Wireshark's
> "Follow TCP Stream" function).

I don’t know overall statistics, but for freshclam to download the complete daily.cvd five times in a twenty-four hour period would be very unusual for most users.  I just checked two of my installations and have only had to do that twice since June.  Have you disabled “scripted updates” for some reason?

> Using cron ensures that our master freshclam runs on a schedule so
> that the other NTP-synced machines on our LAN can run their cron-driven
> freshclams a few minutes later to pull the "latest" daily.cvd from our
> local mirror.
> 
> Hope this clarifies what we are doing. 

For the most part.  Is there some reason those other NTP-synced machines on your LAN can’t use a daily.cld instead?


-Al-
-- 
Al Varnell
Mountain View, CA

More information about the clamav-users mailing list