[clamav-users] ClamAV: Local Private Mirror

Joel Esler (jesler) jesler at cisco.com
Fri Aug 2 10:22:25 EDT 2019

Inline below:

> On Aug 1, 2019, at 11:33 PM, J.R. via clamav-users <clamav-users at lists.clamav.net> wrote:
>> I think that's the intended purpose of the local private mirror in this case.
> I realize that, but I believe in that person's case back the he was
> doing a basic web server to re-distributed the full .cvd files (which
> is what were getting stale). Whereas doing a proxy server (like squid)
> would be more transparent and fetch the .cdiff files, which are always
> unique each time there is an update.
>> The only problem with the local mirrors, from our point of view are a couple things:
>> 1. I don't know how many users we have
>> 2. Out of those users, what versions they are running.
> I vaguely remember a discussion a while back about ClamAV's anonymous
> statistics got removed some time ago?

Technically, the server is still up, and there are lots of people reporting stats to it, but they are very legacy customers that have probably forgotten to upgrade their ClamAV installations (since getting a new user account has been disabled for about 4 years).

> Was there any plan to
> re-implement?

Yes.  Micah and I have discussed this recently in fact.  Ideally this would be coupled with a user portal on ClamAV.net to be able to display statistics and other information.  Happy to collect ideas here on what you all would see as useful.  We don't have a timeline on implementation of any of this, since it involves some work on my team's side (API, Website, etc) and then some work on the ClamAV team's (of which Micah is a member) side to implement that API and what statistics to report to that API.  But to be honest, the ClamAV team has some higher priorities right now.

> I think 3 different choices for the end-user would be
> all you would need:
> 1. Don't Participate
> 2. Send anonymous version info.
> 3. Send #2 + daily viruses caught.

We are thinking something similar, but more in depth.  But definitely different levels of participation.

> If you started getting feedback on which viruses were the most
> frequent, then you could start publishing live statistics!

Like I said, we have that information now, but from legacy customers, and I am not sure how useful that is since they aren't using the latest signatures.

> I would think you could do some basic calculations based on the
> cloudflare data on how many clients are grabbing the updates, and also
> use those IPs to determine country usage.

Yes.  Can do that now.  Things we can see now, and in the interest of transparency, here's some numbers:

Countries of usage Nearly every country on earth uses ClamAV.  Highest countries of usage are United States, Germany, and Taiwan.  In that order.
Speed of update (from the time we publish an update, to how long it takes people to download said update). A lot people download it immediately, judging by the fact that immediately after we publish a daily we push about 5TB of traffic within an hour.
How many unique IPs download the updates (around 14M)
How much data is downloaded per day -- about 44 TB
Version of ClamAV user x amount of times they check for updates:  I just selected the top 10 here.  BTW -- that "0.92.1-exp" is one person.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190802/549f249e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-1.png
Type: image/png
Size: 10242 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190802/549f249e/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3010 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190802/549f249e/attachment.bin>

More information about the clamav-users mailing list