[clamav-users] No good deed goes unpunished, or, why CVD files don't work

Paul Kosinski clamav-users at iment.com
Sat Dec 15 18:23:56 EST 2018

I don't know if flushing the daily.cvd cache would be adequate, since
there are probably some downstream caches that wouldn't follow suit.

Pointing *everyone* directly at Cloudflare might be expensive, if that
meant millions (or even thousands) of new clients.

How does Cloudflare charge Talos for ClamAV? Is the cost only per byte,
or is there also a significant per-connection charge. (And if so, is
it per HTTP or per TCP connection)? Unless the per-byte cost is near
zero (which is unlikely), multiple cdiffs are almost certainly cheaper
than one cvd.

For my experiment, I used tinyproxy on our web server machine to access
Cloudflare's IAD servers instead of the BOS servers that Comcast routed
to, but tinyproxy doesn't do caching. That being the case, I don't much
like the idea of having to run squid just to cache what amounts to one
cdiff file for each ClamAV update.


On Sat, 15 Dec 2018 19:55:55 +0000
"Joel Esler (jesler)" <jesler at cisco.com> wrote:

> When Sourcefire acquired ClamAV "back in the day", we stopped
> accepting donations, as accounting for them on a corporate revenue
> side is more of a hassle than it is worth, so we just support it out
> of pocket.
> That being said, this thread is long and I wanted to reply to is.
> What if I flushed the daily.cvd cache every time we publish?  Hm...
> Pointing everyone at cloudflare is an interesting idea, may be
> expensive for me though (since I pay for cloudflare from my budget). 
> Interesting discussions points here...
> > On Dec 15, 2018, at 2:46 PM, Dennis Peterson <dennispe at inetnw.com>
> > wrote:
> > 
> > Things have changed a lot since Thomasz and Lucia were bearing the
> > brunt of support, but other things change slowly.
> > 
> > https://lists.gt.net/clamav/users/115
> > 
> > dp
> > 
> > On 12/15/18 10:32 AM, Gene Heskett wrote:
> >> On Saturday 15 December 2018 10:58:12 Micah Snyder (micasnyd)
> >> wrote:
> >> 
> >>> I was actually wondering about this part too.  You would need
> >>> quite a few machines downstream of your local mirror to make up
> >>> the difference switching from cdiffs for each machine to CVD's,
> >>> at least given the current size of daily.cvd.  It probably is
> >>> about time for us to fold daily into main, and start fresh with a
> >>> smaller daily.
> >>> 
> >>> I do want to say, since I'm not sure I've said it before,
> >>> thank-you to everyone who is making an effort to reduce bandwidth
> >>> usage.  Despite being a part of a huge corporation - we are an
> >>> open source project that doesn't have a subscription service or
> >>> anything to make money for the company.  As a result, we have
> >>> very limited funds year to year and your efforts do make a
> >>> difference.  Thanks!
> >>> 
> >>> -Micah
> >> NP Micah. I am a firm believer in TANSTAAFL, and have wondered why
> >> you haven't gone to small annual fee to help pay for the
> >> bandwidth, but since A, its working flawlessly here, and B, its
> >> free, I only have my freshclam looking for updates 4x a day. So I
> >> am a very light load compared to some I've read saying they are
> >> updating at 30 minute intervals. Since it appears my ISP is also
> >> blocking stuff, I could go down to a daily check. Clamscan of
> >> incoming mail, my main usage here, has only resulted in a .25
> >> megabyte viri/quarantine file in around 90 days. Thats more than
> >> good enough for the girls I go with.
> >> 
> >> Anyone, corporate or private, that is tapping your servers 48x a
> >> day, is flat out abusing the system IMNSHO. Thank you Micah and
> >> Cisco, for this service, I appreciate it.
> >>> On Dec 15, 2018, at 10:14 AM, J.R.
> >>> <themadbeaker at gmail.com<mailto:themadbeaker at gmail.com>> wrote:
> >>> 
> >>> Third... Have you done a cost-benefit analysis? I know you said
> >>> you wanted to help reduce bandwidth, but when you are downloading
> >>> the entire daily.cvd file each time there is an update, that's
> >>> currently a little over 50MB each update. I downloaded the last
> >>> 10 cdiff files and they look to average about 15k... So by that
> >>> math (I'm still drinking my coffee this morning, so I could be
> >>> wildly wrong)... You would need to have over 3,333 machines to be
> >>> saving any bandwidth...


More information about the clamav-users mailing list