[clamav-users] DB update and clamav-milter delay
Dennis Peterson
dennispe at inetnw.com
Tue Sep 29 16:34:24 UTC 2015
On 9/29/15 3:41 AM, Joel Esler (jesler) wrote:
> Al, Thanks for brining that up.
>
> Once a minute? That’s fairly excessive.
>
> Once an hour is appropriate… Overdoing it, but more appropriate. Keep in mind that the mirrors are donated to ClamAV and the bandwidth you are consuming is probably fairly heavy. If everyone did that….
>
>
> --
> Joel Esler
> Manager, Talos Group
>
>
Not likely - it is a DNS query each minute, not a file transfer. There are other
reasons why it is a bad idea not the least of which is it is a form of
self-denial of service. And ignorance. It simply isn't necessary to poll each
minute.
The OP can avoid loss of service during a signature refresh by using two
instances of clamd on two different ports and dynamically manage port forwarding
in IPTables/IPChains. This allows updating each instance independently and a
near atomic change of clamd instances. It is a poor-man's Big-IP but one that is
not without some challenges of its own. There's no magic solution.
dp
More information about the clamav-users
mailing list