[clamav-users] updates

Joel Esler (jesler) jesler at cisco.com
Thu Sep 13 14:00:36 UTC 2018 

Ah, so when you have things like the 14/15 minute delay, the delay may not be that long?

> On Sep 13, 2018, at 2:16 AM, Paul Kosinski <clamav-users at iment.com> wrote:
> 
> "What is the interval that you run this?"
> 
> Every 15 minutes by cron, specifically:
> 
>         OCBG='/opt/clamav/bin/getfreshclam'
> 
>    3  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
>   18  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
>   33  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
>   48  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
> 
> 
> (Original post mentioned the interval in passing in the text.)
> 
>>> Attached is the code we use to update ClamAV: 'getfreshclam' is run
>>> by cron under userid clamav (same as clamd) every so often
>>> (currently every 15 mins) to determine if there are any relevant
> 
> ----------
> 
> On Wed, 12 Sep 2018 20:59:45 +0000
> "Joel Esler (jesler)" <jesler at cisco.com> wrote:
> 
>> What is the interval that you run this?
>> 
>>> On Sep 12, 2018, at 4:53 PM, Paul Kosinski <clamav-users at iment.com>
>>> wrote:
>>> 
>>> Joel (and any other interested parties),
>>> 
>>> Attached is the code we use to update ClamAV: 'getfreshclam' is run
>>> by cron under userid clamav (same as clamd) every so often
>>> (currently every 15 mins) to determine if there are any relevant
>>> cvd files to update (currently daily.cvd, bytecode.cvd and
>>> main.cvd).
>>> 
>>> Only if something is *really* there -- as determined by *both* the
>>> DNS TXT record and quick 'curl' of the head of the cvd file -- is
>>> 'freshclam' invoked to do the actual work. This ensures that running
>>> the test pretty often doesn't put a big load on the servers.
>>> 
>>> Notes to help understanding the code:
>>> 
>>> 'testclam-external' does the DNS TXT and curl test.
>>> 
>>> 'report-delays' logs the delays (or non- delays) found.
>>> 
>>> We keep various recent versions of ClamAV in /opt/clamav.d, both for
>>> testing, and in case we have to backtrack. Thus, /opt/clamav is a
>>> symlink to the current version, as in:
>>> 
>>> /opt/clamav -> /opt/clamav.d/clamav.0.100.1
>>> 
>>> 
>>> Enjoy!
>>> Paul Kosinski
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list