[clamav-users] updates

Paul Kosinski clamav-users at iment.com
Thu Sep 13 06:16:19 UTC 2018 

"What is the interval that you run this?"

Every 15 minutes by cron, specifically:

         OCBG='/opt/clamav/bin/getfreshclam'

    3  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
   18  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
   33  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
   48  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d


(Original post mentioned the interval in passing in the text.)

> > Attached is the code we use to update ClamAV: 'getfreshclam' is run
> > by cron under userid clamav (same as clamd) every so often
> > (currently every 15 mins) to determine if there are any relevant

----------

On Wed, 12 Sep 2018 20:59:45 +0000
"Joel Esler (jesler)" <jesler at cisco.com> wrote:

> What is the interval that you run this?
> 
> > On Sep 12, 2018, at 4:53 PM, Paul Kosinski <clamav-users at iment.com>
> > wrote:
> > 
> > Joel (and any other interested parties),
> > 
> > Attached is the code we use to update ClamAV: 'getfreshclam' is run
> > by cron under userid clamav (same as clamd) every so often
> > (currently every 15 mins) to determine if there are any relevant
> > cvd files to update (currently daily.cvd, bytecode.cvd and
> > main.cvd).
> > 
> > Only if something is *really* there -- as determined by *both* the
> > DNS TXT record and quick 'curl' of the head of the cvd file -- is
> > 'freshclam' invoked to do the actual work. This ensures that running
> > the test pretty often doesn't put a big load on the servers.
> > 
> > Notes to help understanding the code:
> > 
> > 'testclam-external' does the DNS TXT and curl test.
> > 
> > 'report-delays' logs the delays (or non- delays) found.
> > 
> > We keep various recent versions of ClamAV in /opt/clamav.d, both for
> > testing, and in case we have to backtrack. Thus, /opt/clamav is a
> > symlink to the current version, as in:
> > 
> >  /opt/clamav -> /opt/clamav.d/clamav.0.100.1
> > 
> > 
> > Enjoy!
> > Paul Kosinski

More information about the clamav-users mailing list