[clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Paul Kosinski clamav-users at iment.com
Tue Jul 10 21:37:03 EDT 2018

I have a question. I presume that there are more physical Cloudflare 
server instances than implied by database.clamav.net's 5 IP addresses,
and that they are geographically distributed, rather than all being
in/near San Francisco. This suggests that they are Anycast addresses.
But I don't know how to determine where the server instances are
located, or which one(s) we reach when trying to download cvds.

The fact that we have observed a 1 hour delay further suggests that
there a large number of instances, otherwise they would be brought into
sync with the DNS TXT record more quickly. Is there any way that you
people at ClamAV can determine when the various server instances in fact
get the new cvd files? I would think that a CDN would provide statistics
on that, especially if expected delays are spelled out in an SLA.

On Tue, 10 Jul 2018 22:11:46 +0000
"Joel Esler (jesler)" <jesler at cisco.com> wrote:

> Thanks for this feedback everyone.  This is extremely useful.
> > On Jul 10, 2018, at 11:26 AM, Paul Kosinski
> > <clamav-users at iment.com> wrote:
> > 
> > Last night our new method of getting cvd updates showed that it was
> > *one hour* from the time the DNS TXT record claimed a new cvd was
> > available to the time when our quick curl said it was really
> > available!
> > 
> > In particular at 1:03 AM (EDT), DNS said version 24739 was
> > available, but a curl of the first few bytes of the cvd file said
> > it was still at version 24738. It wasn't until 2:03 AM that curl
> > reported that version 24739 was really available for download.


More information about the clamav-users mailing list