[clamav-users] No good deed goes unpunished, or, why CVD files don't work

Paul Kosinski clamav-users at iment.com
Sat Dec 15 14:34:14 EST 2018

Indeed, Scripted Update via cdiffs is far more efficient until one has
*lots* of machines running ClamAV on one's LAN.  This tradeoff should
be (and have been) documented.

Better yet, the current Local Mirror mechanism should be either fixed
to support cld files (if it doesn't already) or removed (since cvds
behave badly when there are caches). Also, it occurs to me that even
the clds could have official ClamAV cryptographic signatures without
too much work: just put the proper signature for the resulting new cld
into the corresponding cdiff, and then have freshclam copy it into the
newly generated cld. This would allow clds to be locally mirrored while
preserving authentication security.

That being said, "tapping" ClamAV servers even 48 times per day via
freshclam *doesn't* use 48 times the bandwidth compared to once per day
unless the central database really is updated that often. Most of the
hits pull only a few bytes saying that there is nothing new to download.


On Sat, 15 Dec 2018 13:32:17 -0500
Gene Heskett <gheskett at shentel.net> wrote:

> On Saturday 15 December 2018 10:58:12 Micah Snyder (micasnyd) wrote:
> > I was actually wondering about this part too.  You would need quite
> > a few machines downstream of your local mirror to make up the
> > difference switching from cdiffs for each machine to CVD's, at
> > least given the current size of daily.cvd.  It probably is about
> > time for us to fold daily into main, and start fresh with a smaller
> > daily.
> >
> > I do want to say, since I'm not sure I've said it before, thank-you
> > to everyone who is making an effort to reduce bandwidth usage.
> > Despite being a part of a huge corporation - we are an open source
> > project that doesn't have a subscription service or anything to
> > make money for the company.  As a result, we have very limited
> > funds year to year and your efforts do make a difference.  Thanks!
> >
> > -Micah
> NP Micah. I am a firm believer in TANSTAAFL, and have wondered why
> you haven't gone to small annual fee to help pay for the bandwidth,
> but since A, its working flawlessly here, and B, its free, I only
> have my freshclam looking for updates 4x a day. So I am a very light
> load compared to some I've read saying they are updating at 30 minute 
> intervals. Since it appears my ISP is also blocking stuff, I could go 
> down to a daily check. Clamscan of incoming mail, my main usage here, 
> has only resulted in a .25 megabyte viri/quarantine file in around 90 
> days. Thats more than good enough for the girls I go with.
> Anyone, corporate or private, that is tapping your servers 48x a day,
> is flat out abusing the system IMNSHO. Thank you Micah and Cisco, for
> this service, I appreciate it.
> >
> > On Dec 15, 2018, at 10:14 AM, J.R.
> > <themadbeaker at gmail.com<mailto:themadbeaker at gmail.com>> wrote:
> >
> > Third... Have you done a cost-benefit analysis? I know you said you
> > wanted to help reduce bandwidth, but when you are downloading the
> > entire daily.cvd file each time there is an update, that's
> > currently a little over 50MB each update. I downloaded the last 10
> > cdiff files and they look to average about 15k... So by that math
> > (I'm still drinking my coffee this morning, so I could be wildly
> > wrong)... You would need to have over 3,333 machines to be saving
> > any bandwidth...

More information about the clamav-users mailing list