[clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Reindl Harald h.reindl at thelounge.net
Tue Jul 3 17:13:05 EDT 2018



Am 03.07.2018 um 22:51 schrieb Joel Esler (jesler):
>> On Jul 3, 2018, at 4:46 PM, Reindl Harald <h.reindl at thelounge.net
>> <mailto:h.reindl at thelounge.net>> wrote:
>>
>> Am 03.07.2018 um 22:42 schrieb Joel Esler (jesler):
>>>> On Jul 3, 2018, at 3:59 PM, Reindl Harald <h.reindl at thelounge.net
>>>> <mailto:h.reindl at thelounge.net>
>>>> <mailto:h.reindl at thelounge.net>> wrote:
>>>>
>>>> voila - all new connections which are more than 5 per hour from the same
>>>> IP are dropped, i have similar rules for specific ports and max
>>>> connections per client for many years now - no rocket science
>>>
>>> Yes.  But measuring those numbers is the difficult part.  A fresh
>>> install of ClamAV is going to download the main, the daily, then all the
>>> diffs since the last daily, which could be a ton.  It's the people that
>>> are downloading the *same* diff 1000x an hour that are the problem.
>>
>> but these idiots are not fixed by the DNS record at all otherwise that
>> won't exist - so it shows once more how useless and in total complex the
>> DNS/mirror split is instead have just a "version.txt" directly on the
>> mirror
>>
>> that would likely even solve the problem at all when they have whatever
>> crap which ignores the DNS (maybe because they have a broken network
>> with no DNS requests to the world but obviosuly http access to the
>> mirrors and so download it everytime)
> 
> I appreciate your point, and I'd love to streamline it.  But I'd like to
> figure out how to balance the overhead of a TCP connection vs the
> overhead of a super fast UDP connection.  Maybe there is a different way
> we can do the DNS query to make it smarter.

that is a fragment of the past i think - keep in mind the clients are
suuposed to download the fat files from the mirrors and you think about
some bytes and it's overhead

[harry at srv-rhsoft:~]$ echo "this-is-my-clamav-version" >
/www/www.rhsoft.net/daily.version,bin
[harry at srv-rhsoft:~]$ chmod 644 /www/www.rhsoft.net/daily.version.bin

Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz (year: 2012)
Apache: mpm_prefork because of mod_php, nginx, trafficserver/cdn are way
faster and likely can handle many thousands of requests at the same time

.bin to avoid defalte-compression for the .txt extension

Concurrency Level:      450
Time taken for tests:   16.395 seconds
Complete requests:      100000
Failed requests:        0
Non-2xx responses:      100000
Total transferred:      383604005 bytes
HTML transferred:       353300000 bytes
Requests per second:    6099.48 [#/sec] (mean)
Time per request:       73.777 [ms] (mean)
Time per request:       0.164 [ms] (mean, across all concurrent requests)
Transfer rate:          22849.48 [Kbytes/sec] received



More information about the clamav-users mailing list