[clamav-users] DB update and clamav-milter delay

Dennis Peterson dennispe at inetnw.com
Tue Sep 29 12:34:24 EDT 2015


On 9/29/15 3:41 AM, Joel Esler (jesler) wrote:
> Al,  Thanks for brining that up.
>
> Once a minute?  That’s fairly excessive.
>
> Once an hour is appropriate…  Overdoing it, but more appropriate.  Keep in mind that the mirrors are donated to ClamAV and the bandwidth you are consuming is probably fairly heavy.  If everyone did that….
>
>
> --
> Joel Esler
> Manager, Talos Group
>
>
Not likely - it is a DNS query each minute, not a file transfer. There are other 
reasons why it is a bad idea not the least of which is it is a form of 
self-denial of service. And ignorance. It simply isn't necessary to poll each 
minute.

The OP can avoid loss of service during a signature refresh by using two 
instances of clamd on two different ports and dynamically manage port forwarding 
in IPTables/IPChains. This allows updating each instance independently and a 
near atomic change of clamd instances. It is a poor-man's Big-IP but one that is 
not without some challenges of its own. There's no magic solution.

dp



More information about the clamav-users mailing list