[clamav-users] updates

Joel Esler (jesler) jesler at cisco.com
Wed Sep 12 20:59:45 UTC 2018 

What is the interval that you run this?

> On Sep 12, 2018, at 4:53 PM, Paul Kosinski <clamav-users at iment.com> wrote:
> 
> Joel (and any other interested parties),
> 
> Attached is the code we use to update ClamAV: 'getfreshclam' is run by
> cron under userid clamav (same as clamd) every so often (currently
> every 15 mins) to determine if there are any relevant cvd files to
> update (currently daily.cvd, bytecode.cvd and main.cvd).
> 
> Only if something is *really* there -- as determined by *both* the DNS
> TXT record and quick 'curl' of the head of the cvd file -- is
> 'freshclam' invoked to do the actual work. This ensures that running
> the test pretty often doesn't put a big load on the servers.
> 
> Notes to help understanding the code:
> 
> 'testclam-external' does the DNS TXT and curl test.
> 
> 'report-delays' logs the delays (or non- delays) found.
> 
> We keep various recent versions of ClamAV in /opt/clamav.d, both for
> testing, and in case we have to backtrack. Thus, /opt/clamav is a
> symlink to the current version, as in:
> 
>  /opt/clamav -> /opt/clamav.d/clamav.0.100.1
> 
> 
> Enjoy!
> Paul Kosinski
> 
> 
> On Wed, 12 Sep 2018 15:41:23 +0000
> "Joel Esler (jesler)" <jesler at cisco.com> wrote:
> 
>> Paul,
>> 
>> Can you give me some more information on how you do this?  How often
>> is the check ran, etc.
>> 
>> I am working with cloudflare on the issue now.
>> 
>> On Sep 7, 2018, at 2:25 PM, Paul Kosinski
>> <clamav-users at iment.com<mailto:clamav-users at iment.com>> wrote:
>> 
>> Here is our recent CVD delay report showing how long the actual
>> daily.cvd (and sometimes bytcode.cvd) file(s) lag behind the DNS TXT
>> record.
>> 
>> We are located near Boston, and the data comes via Comcast cable, but
>> our DNS queries use our old, slow static-IP DSL. I keep it this way
>> because there were stories about some major ISPs munging DSL replies
>> (like replacing NXDOMAIN with an IP addresse of a Web site belonging
>> to the ISP). Our DSL, on the other hand, doesn't ever do this, and
>> even passes port 25, so we can send mail directly (rather than
>> relaying through a possibly snoopy ISP.)
>> 
>> 2018-08-18 05:03:02  No delay
>> 2018-08-18 13:18:02  00:15:01 delay
>> 2018-08-18 21:33:02  00:15:01 delay
>> 2018-08-19 05:03:01  No delay
>> 2018-08-19 14:03:01  00:44:59 delay
>> 2018-08-19 21:18:02  00:15:00 delay
>> 2018-08-20 05:33:02  00:30:01 delay
>> 2018-08-20 13:33:02  00:30:00 delay
>> 2018-08-20 21:03:02  No delay
>> 2018-08-21 05:18:01  No delay
>> 2018-08-21 13:03:01  No delay
>> 2018-08-22 18:18:02  00:15:00 delay
>> 2018-08-23 02:33:01  00:29:59 delay
>> 2018-08-23 09:48:02  00:45:00 delay
>> 2018-08-23 17:03:02  No delay
>> 2018-08-24 02:18:02  01:15:00 delay
>> 2018-08-24 09:33:02  00:30:00 delay
>> 2018-08-24 18:48:02  00:30:01 delay
>> 2018-08-25 01:18:02  No delay
>> 2018-08-25 09:18:02  00:15:00 delay
>> 2018-08-25 17:33:02  00:30:00 delay
>> 2018-08-26 02:33:01  01:29:59 delay
>> 2018-08-26 09:48:02  00:45:01 delay
>> 2018-08-26 18:03:02  01:00:00 delay
>> 2018-08-27 01:03:01  No delay
>> 2018-08-27 09:18:02  00:15:00 delay
>> 2018-08-27 17:33:01  00:29:59 delay
>> 2018-08-28 01:48:02  00:45:00 delay
>> 2018-08-28 09:18:02  No delay
>> 2018-08-28 17:33:01  No delay
>> 2018-08-29 01:18:01  00:14:59 delay
>> 2018-08-29 09:33:02  00:30:01 delay
>> 2018-08-29 17:48:01  00:45:00 delay
>> 2018-08-30 01:03:01  No delay
>> 2018-08-30 09:18:02  00:15:00 delay
>> 2018-08-30 17:18:01  00:14:59 delay
>> 2018-08-31 01:18:01  00:14:59 delay
>> 2018-08-31 09:48:02  00:45:01 delay
>> 2018-08-31 22:18:01  00:45:00 delay
>> 2018-09-01 05:18:01  00:14:59 delay
>> 2018-09-01 13:33:02  00:30:00 delay
>> 2018-09-01 21:48:01  00:44:59 delay
>> 2018-09-02 07:03:02  01:00:00 delay
>> 2018-09-02 13:48:01  00:44:59 delay
>> 2018-09-02 21:03:01  No delay
>> 2018-09-03 05:03:02  No delay
>> 2018-09-03 13:03:02  No delay
>> 2018-09-03 21:03:01  No delay
>> 2018-09-04 05:03:01  No delay
>> 2018-09-04 13:03:02  No delay
>> 2018-09-04 21:03:01  No delay
>> 2018-09-05 05:03:02  No delay
>> 2018-09-05 14:18:01  01:14:59 delay
>> 2018-09-05 21:18:02  00:15:00 delay
>> 2018-09-06 05:18:02  00:15:00 delay
>> 2018-09-06 13:33:02  00:30:01 delay
>> 2018-09-06 21:03:03  No delay
>> 2018-09-07 05:18:02  00:15:00 delay
> <reportdelays><testclam-external><getfreshclam>_______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list