[clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Paul Kosinski clamav-users at iment.com
Tue Jul 3 12:28:13 EDT 2018

The way Linux updates are done in practice is significantly different
from ClamAV virus signature updates.  

With ClamAV, freshclam is automatically run periodically, sees (by
some low-cost means) that a new file version is *supposed* to be
available and tries to download it. If either it can't, or worse yet,
it's the wrong one, it tries the next mirror. This all takes time and

With Linux updates, I explicitly ask (via aptitude) what new updates
are available: It takes some time to retrieve the list. Then I select
the ones I want and ask to install them. I have *never*, *ever* seen
this mechanism deliver the wrong version and thus fail to install it.
This is due to the fact that the same Debian mirror machine provides
the new versions of a group of files as provides the list of new
versions. Thus there is an almost zero chance of a race condition
(unless some idiot adds a version to the list before uploading the
actual deb file). Even if set to auto update, I think the *lists*
always come from the same servers as the files.

It's not a matter of using DNS TXT records, it's a matter of sourcing
them on a *different* computer than the actual files. This separation
virtually begs for synchronization problems.

On Tue, 3 Jul 2018 09:14:31 +0200
Matus UHLAR - fantomas <uhlar at fantomas.sk> wrote:

> >> On Mon, 02 Jul 2018 04:02:58 -0700
> >> Al Varnell wrote:
> >>> Does the evidence available infivsyr that it's the mirrors that
> >>> are out-of-date or is it DNS? Everything I've seen shows that
> >>> they are not in sync, but I'm not sure which get's updated first.
> >Am 02.07.2018 um 13:22 schrieb Brian Morrison:
> >> It should not matter if the mirrors are ahead of DNS, they will
> >> simply provide the latest version for download.
> >>
> >> The problem is when a given set of mirrors are not available for a
> >> particular requester, eventually you completely run out of mirrors
> >> and no updates happen at all. There should be fall backs to
> >> prevent this...
> On 02.07.18 13:27, Reindl Harald wrote:
> >it's not rocket science to have a metafile on the mirror which
> >inicates the latest available version,
> because it's much easier, faster and effective </irony> to connect to
> mirror to check a metafile instead of checking single small DNS
> record.
> > linux distributions doing that for decades
> >and they have way larger metadata
> that's exactly because they have way larger metadata. If their
> metadata was as big as Clamav's, they'd use DNS too.

More information about the clamav-users mailing list