[clamav-users] We STILL cannot reliably get virus updates (since new mirrors)
Reindl Harald
h.reindl at thelounge.net
Tue Jul 3 21:13:05 UTC 2018
Am 03.07.2018 um 22:51 schrieb Joel Esler (jesler):
>> On Jul 3, 2018, at 4:46 PM, Reindl Harald <h.reindl at thelounge.net
>> <mailto:h.reindl at thelounge.net>> wrote:
>>
>> Am 03.07.2018 um 22:42 schrieb Joel Esler (jesler):
>>>> On Jul 3, 2018, at 3:59 PM, Reindl Harald <h.reindl at thelounge.net
>>>> <mailto:h.reindl at thelounge.net>
>>>> <mailto:h.reindl at thelounge.net>> wrote:
>>>>
>>>> voila - all new connections which are more than 5 per hour from the same
>>>> IP are dropped, i have similar rules for specific ports and max
>>>> connections per client for many years now - no rocket science
>>>
>>> Yes. But measuring those numbers is the difficult part. A fresh
>>> install of ClamAV is going to download the main, the daily, then all the
>>> diffs since the last daily, which could be a ton. It's the people that
>>> are downloading the *same* diff 1000x an hour that are the problem.
>>
>> but these idiots are not fixed by the DNS record at all otherwise that
>> won't exist - so it shows once more how useless and in total complex the
>> DNS/mirror split is instead have just a "version.txt" directly on the
>> mirror
>>
>> that would likely even solve the problem at all when they have whatever
>> crap which ignores the DNS (maybe because they have a broken network
>> with no DNS requests to the world but obviosuly http access to the
>> mirrors and so download it everytime)
>
> I appreciate your point, and I'd love to streamline it. But I'd like to
> figure out how to balance the overhead of a TCP connection vs the
> overhead of a super fast UDP connection. Maybe there is a different way
> we can do the DNS query to make it smarter.
that is a fragment of the past i think - keep in mind the clients are
suuposed to download the fat files from the mirrors and you think about
some bytes and it's overhead
[harry at srv-rhsoft:~]$ echo "this-is-my-clamav-version" >
/www/www.rhsoft.net/daily.version,bin
[harry at srv-rhsoft:~]$ chmod 644 /www/www.rhsoft.net/daily.version.bin
Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz (year: 2012)
Apache: mpm_prefork because of mod_php, nginx, trafficserver/cdn are way
faster and likely can handle many thousands of requests at the same time
.bin to avoid defalte-compression for the .txt extension
Concurrency Level: 450
Time taken for tests: 16.395 seconds
Complete requests: 100000
Failed requests: 0
Non-2xx responses: 100000
Total transferred: 383604005 bytes
HTML transferred: 353300000 bytes
Requests per second: 6099.48 [#/sec] (mean)
Time per request: 73.777 [ms] (mean)
Time per request: 0.164 [ms] (mean, across all concurrent requests)
Transfer rate: 22849.48 [Kbytes/sec] received
More information about the clamav-users
mailing list