[clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Christopher X. Candreva chris at westnet.com
Tue Jul 3 13:36:22 EDT 2018

For everyone (or maybe the one) asking why the DNS system exists, as the 
person who came up with the idea in the first place (or the idea of stealing 
it from the DNSbls ) I thought I would provide a link to the original 
discussion in which is was hashed out ( beaten to death) back in 2004:


I thought the math was in this thread, but at some point the actual savings 
of being able to check for a new version with a UDP packet over a TCP/http 
HEAD command was calculated, and it was a significant amount of transfer, 
expensive at the time.

I have to admit I've wondered if Cloudflare and the other CDN's meant it 
outlived it's usefullness, but it's a contribution I'm fairly proud of.


On Tue, 3 Jul 2018, Joel Esler (jesler) wrote:

>       On Jul 2, 2018, at 1:17 PM, Reindl Harald
>       <h.reindl at thelounge.net> wrote:
> on a typical setup freshclam is running once or twice *daily* while a
> webserver these days can spit out the same small static txt file many
> thousands of times per seond with zero load
> That is not the results we are seeing.  There are a LARGE amount of people
> that check for updates once or twice a day, yes.  However, we have hundreds
> of thousands of people that check for updates hundreds of times a day.  We
> haven't started concentrating on these people yet (our biggest offender is
> one IP that checks 100,000+ times a day), but clearly that's excessive.  We
> publish approx 5-6 times a day.  So, let's say you check 50 times a day....
>  Clearly, that's enough.
> --
> Joel Esler
> Sr. Manager
> Open Source, Design, Web, and Education
> Talos Group
> http://www.talosintelligence.com

Chris Candreva  --  chris at westnet.com  --  http://www.westnet.com/~chris

More information about the clamav-users mailing list