[clamav-users] PrivateMirror set on client machine. Disable cld downloads

Ralph Seichter abbot at monksofcool.net
Tue Mar 24 08:15:19 EDT 2020


* vin:

> The wget option is definitely an interesting work around. Could build
> a script.

You could, but you don't need to. Allow me to mention "Fangfrisch" as a
possible solution. While written to handle unofficial signature files,
Fangfrisch is completely content-agnostic, meaning it will download any
binary data you point it to, as long as your choose a supported URL
scheme (usually HTTP or HTTPS).

  # Example fangfrisch.conf settings for a server on IP 10.1.2.3.
  # See https://rseichter.github.io/fangfrisch/ for full documentation.
  [internalmirror]
  enabled = yes
  integrity_check = disabled
  prefix = http://10.1.2.3/
  url_daily = ${prefix}daily.cvd
  url_main = ${prefix}main.cvd

This works as it is, but downloads the full data whenever called. If you
like to be more efficient, you can generate checksums on your mirror
after each download like so:

  #!/usr/bin/env bash
  for x in /path/to/datadir/*.cvd ; do
    sha256sum -b ${x} > ${x}.sha256
  done

Then, use "integrity_check = sha256" (this is actually the default
setting), causing Fangfrisch to download new files only if their
checksum has changed.

By the way, in the olden days we used "rsync" to distribute files across
machines. Maybe that would also be an option for you.

-Ralph


More information about the clamav-users mailing list