[clamav-users] performance degradation of clamscan
Joel Esler (jesler)
jesler at cisco.com
Wed Jul 10 03:03:54 UTC 2019
You are right. They can change. But it’s dependent on your location. So as long as you don’t move your position on earth ;), you should be fine. Unless cloudflare drastically changes things.
Sent from my iPhone
> On Jul 9, 2019, at 18:58, Paul Kosinski <clamav-users at iment.com> wrote:
>
> I hadn't looked recently. After I gave up on running a local mirror
> and switched to CDIFFs, I also observed that signatures were usually
> updated only couple of times per day. So I reduced polling the DNS TXT
> record to only twice per hour and only running freshclam if the DNS TXT
> record suggested it.
>
> Having just rechecked our freshclam logs, I can state that I have not
> seen any failures this year! I don't know if this is due to the BOS
> server being improved, or if it's simply due to the CDIFF files being
> much smaller, and thus being propagated in a more timely fashion. In
> any case, I'm quite pleased.
>
>
> Now I have another, related, question. Since I now have each of our
> machines on our LAN downloading the signature updates separately (local
> mirrors apparently being dead), I have a firewalling problem. Our mail
> server (for example) is blocked from having general Internet access
> outbound. So when I want to do a software update, I manually unblock the
> appropriate port, run the update and then manually block the port again.
>
> This obviously is impractical for freshclam, as it might be run at
> arbitrary times during the day. So my solution has been to have
> permanently allowed outbound connections to port 80 from the mail
> server to *exactly* those Anycast IP addresses that ClamAV uses at
> Cloudflare. This, obviously, would cause trouble in the future if the IP
> addresses were to change. Should I presume that the lifetime of these
> IP addresses is long enough that a rare manual update might be needed,
> or could they change "relatively" often (like DHCP leases) so that some
> kind of automation would be warranted? (The only IP addresses I
> currently allow through are 104.16.218.84 and 104.16.219.84, and they
> seem to be enough.)
>
> Any thoughts?
>
>
>
> On Tue, 9 Jul 2019 20:40:15 +0000
> "Joel Esler (jesler)" <jesler at cisco.com> wrote:
>
>> This has been fixed for some time has it not?
>>
>>> On Jul 9, 2019, at 3:38 PM, Paul Kosinski via clamav-users
>>> <clamav-users at lists.clamav.net> wrote:
>>>
>>> The CVD version delivered by Cloudflare's "BOS"
>>> Anycast server was often behind the version advertised by the DNS
>>> TXT.
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3010 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190710/16ef92eb/attachment.bin>
More information about the clamav-users
mailing list