[clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

Paul Kosinski clamav-users at iment.com
Wed Dec 12 10:43:49 EST 2018

The daily.cvd is still less than half as big as main.cvd:

  -rw-r--r-- 1 clamav clamav 117892267 Jun  7  2017 main.cvd
  -rw-r--r-- 1 clamav clamav  53147013 Dec 11 14:03 daily.cvd

but indeed using the cdiffs could save bandwidth.

I never tried using cdiffs since the FAQ said "Let freshclam download
the *.cvd files", and I wasn't sure if "scripted update" would actually
create a proper cvd for both local mirroring *and* HAVP. Also, I
figured that we were already saving lots of bandwidth by doing local
mirroring instead of N separate freshclam external downloads.

P.S. After retirement there is less pressure, but the technology I deal
with daily (for my own purposes, rather than for pay) doesn't seem to
get any simpler.

On Tue, 11 Dec 2018 14:34:17 -0800
Dennis Peterson <dennispe at inetnw.com> wrote:

> You know the daily.cvd file is now larger than the main.cvd file, so
> you are burning up a lot of bandwidth if your world-facing ClamAV
> mirror is ignoring cdiff files. If it is using freshclam then it is
> using cdiffs and merging them as part of the process of mirroring. In
> that case your clients won't see the cdiff files which is perfectly
> acceptable. I used to use a proxy when many systems were co-located
> and it was very effective and was also being used for other purposes.
> Life is much simpler now that I'm retired.
> dp
> On 12/11/18 11:45 AM, Paul Kosinski wrote:
> > Ever since we set up a local mirror on our LAN, we have not been
> > using cdiffs. The reason for this is that I followed the procedure
> > outlined on the ClamAV website (about 2/3 down the page) at:
> >
> >    http://www.clamav.net/documents/clamav-virus-database-faq
> >
> > where it says:
> >
> > [Q] I’m running ClamAV on a lot of clients on my local network.
> > Can I serve the cvd files from a local server so that each client
> > doesn’t have to download them from your servers? 
> > [A] Sure, you can find more details on our Mirror page.
> >    
> >     If you want to take advantage of incremental updates, install a
> > proxy server and then configure your freshclam clients to use it
> > (watch for the HTTPProxyServer parameter in man freshclam.conf). 
> >     The second possible solution is to:
> >    
> >        Configure a local webserver on one of your machines (say
> > machine1.mylan) 
> >        Let freshclam download the *.cvd files from
> > http://database.clamav.net to the webserver’s DocumentRoot. 
> >        Finally, change freshclam.conf on your clients so that it
> > includes: 
> >        DatabaseMirror machine1.mylan
> >    
> >        ScriptedUpdates off
> >    
> >        First the database will be downloaded to the local webserver
> > and then the other clients on the network will update their copy of
> > the database from it. 
> >        Important: For this to work, you have to add ScriptedUpdates
> > off on all of your machines!
> >
> > Since I didn't want to set up a proxy server for this purpose, I
> > used the 2nd solution (and a very trivial web server). Thus, cvd
> > files only.
> >
> > P.S. I am now thinking about trying the BOS vs IAD test for cdiff
> > files. But, even if cdiff files always work without any delays,
> > doesn't "scripted update" on occasion have to back off to
> > downloading full cvds?
> >
> > P.P.S. Thanks for the curl help!

More information about the clamav-users mailing list