[clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing
clamav-users at iment.com
Wed Dec 12 10:43:49 EST 2018
The daily.cvd is still less than half as big as main.cvd:
-rw-r--r-- 1 clamav clamav 117892267 Jun 7 2017 main.cvd
-rw-r--r-- 1 clamav clamav 53147013 Dec 11 14:03 daily.cvd
but indeed using the cdiffs could save bandwidth.
I never tried using cdiffs since the FAQ said "Let freshclam download
the *.cvd files", and I wasn't sure if "scripted update" would actually
create a proper cvd for both local mirroring *and* HAVP. Also, I
figured that we were already saving lots of bandwidth by doing local
mirroring instead of N separate freshclam external downloads.
P.S. After retirement there is less pressure, but the technology I deal
with daily (for my own purposes, rather than for pay) doesn't seem to
get any simpler.
On Tue, 11 Dec 2018 14:34:17 -0800
Dennis Peterson <dennispe at inetnw.com> wrote:
> You know the daily.cvd file is now larger than the main.cvd file, so
> you are burning up a lot of bandwidth if your world-facing ClamAV
> mirror is ignoring cdiff files. If it is using freshclam then it is
> using cdiffs and merging them as part of the process of mirroring. In
> that case your clients won't see the cdiff files which is perfectly
> acceptable. I used to use a proxy when many systems were co-located
> and it was very effective and was also being used for other purposes.
> Life is much simpler now that I'm retired.
> On 12/11/18 11:45 AM, Paul Kosinski wrote:
> > Ever since we set up a local mirror on our LAN, we have not been
> > using cdiffs. The reason for this is that I followed the procedure
> > outlined on the ClamAV website (about 2/3 down the page) at:
> > http://www.clamav.net/documents/clamav-virus-database-faq
> > where it says:
> > [Q] I’m running ClamAV on a lot of clients on my local network.
> > Can I serve the cvd files from a local server so that each client
> > doesn’t have to download them from your servers?
> > [A] Sure, you can find more details on our Mirror page.
> > If you want to take advantage of incremental updates, install a
> > proxy server and then configure your freshclam clients to use it
> > (watch for the HTTPProxyServer parameter in man freshclam.conf).
> > The second possible solution is to:
> > Configure a local webserver on one of your machines (say
> > machine1.mylan)
> > Let freshclam download the *.cvd files from
> > http://database.clamav.net to the webserver’s DocumentRoot.
> > Finally, change freshclam.conf on your clients so that it
> > includes:
> > DatabaseMirror machine1.mylan
> > ScriptedUpdates off
> > First the database will be downloaded to the local webserver
> > and then the other clients on the network will update their copy of
> > the database from it.
> > Important: For this to work, you have to add ScriptedUpdates
> > off on all of your machines!
> > Since I didn't want to set up a proxy server for this purpose, I
> > used the 2nd solution (and a very trivial web server). Thus, cvd
> > files only.
> > P.S. I am now thinking about trying the BOS vs IAD test for cdiff
> > files. But, even if cdiff files always work without any delays,
> > doesn't "scripted update" on occasion have to back off to
> > downloading full cvds?
> > P.P.S. Thanks for the curl help!
More information about the clamav-users