[clamav-users] No good deed goes unpunished, or, why CVD files don't work
Joel Esler (jesler)
jesler at cisco.com
Mon Dec 17 19:57:35 UTC 2018
> On Dec 15, 2018, at 6:23 PM, Paul Kosinski <clamav-users at iment.com> wrote:
> I don't know if flushing the daily.cvd cache would be adequate, since
> there are probably some downstream caches that wouldn't follow suit.
Actually I had someone correct me after I wrote this email, we already have been doing that the whole time.
> Pointing *everyone* directly at Cloudflare might be expensive, if that
> meant millions (or even thousands) of new clients.
At least it would let us know how many users we have. Best I can tell on a given day, we have 2.5M users daily that hit us. Obviously the unique user count is much higher (as there are several users behind one NAT IP, and local mirrors and the like.). Our monthly numbers are north of 11M users, (as some people only run freshclam once a week or something like that.). I guess what I am trying to say is, it may not be that much more traffic.
> How does Cloudflare charge Talos for ClamAV? Is the cost only per byte,
> or is there also a significant per-connection charge. (And if so, is
> it per HTTP or per TCP connection)? Unless the per-byte cost is near
> zero (which is unlikely), multiple cdiffs are almost certainly cheaper
> than one cvd.
I can't disclose those details, I'm sorry.
> For my experiment, I used tinyproxy on our web server machine to access
> Cloudflare's IAD servers instead of the BOS servers that Comcast routed
> to, but tinyproxy doesn't do caching. That being the case, I don't much
> like the idea of having to run squid just to cache what amounts to one
> cdiff file for each ClamAV update.
Paul, how about you just point everything you have at us and see if it makes a difference?
-------------- next part --------------
We removed the attachments on this email due to security concerns.
Contact your IT staff for more information.
ATT00001.txt Unknown type
More information about the clamav-users