[clamav-users] Manually copy and use local filesystem as DownloadMirror/PrivateMirror
Andrew C Aitchison
clamav at aitchison.me.uk
Mon May 17 14:43:38 UTC 2021
Anish,
What sort of scanning are you doing on these client machines ?
Which databases are you using with ClamAV ?
What data is stored on these clients ?
What operating system(s) are they running ?
I ask since the way some of us run ClamAV there is
little benefit on running it on each client machine.
On Mon, 17 May 2021, ANISH SHETTY via clamav-users wrote:
> Hi All,
>
> I needed some clarifications in configuring clamav on our client machines.
>
> We have several client machines and the client machines we have cannot contact the official clamav server to fetch the cvd and cdiff files. And hosting a private server and setting is up as a DownloadMirror is also not possible in our case since we have many clients, and we'll have to setup and maintain a server in network of each of these clients.
I believe that the download mirror can be on a different network as
long as the client can see and read it, so you may not need as many
servers as you think.
> However, we provide these client machines with an update periodically (once in a quarter as of now) Thereby, I was considering the possibility of pushing the virus definition files as part of a client machine update. I can have a machine in my local network where I can download the cvd and cdiff files as part of cvdupdate and then push these to the client machines as part of the update. I had a few questions related to these, would really appreciate some help
>
> 1) If I place the cvd files and cdiff file in a temporary location within the machine, is it possible to use that location in local filesystem as DownloadMirrror/PrivateMirror so that freshclam can merge the cvd and cdiff files (or any other way to do this, to avoid having several cdiff files). I couldn't find any info on this in the documentation.
>
> 2) If I place the cvd files and consequent cdiff files in /var/lib/clamav, will clamd consider only the cvd files, or would it consider the cdiffs as well? (If I can't use freshclam on local filesystem)
>
> 3) Is there any better way to approach this? I know that having a quarterly update of virus definitions leave the machines at risk. The clients can keep the cvds updated if they want to. But I expect a lot of the customers to not keep the cvds updated and was thinking of a best possible way to address them. I am also aware of the 90 days limit on the cdiffs available. So, if this approach doesn't make sense for quarterly cycle, I can think of pushing them each month.
Clam people:
if the machines are rebooted (not just hibernated) daily,
could the .cld (probably not .cvd) files be mounted from a network share
(kept updated by running freshclam on the server),
rather than each client running freshclam ?
--
Andrew C. Aitchison Kendal, UK
andrew at aitchison.me.uk
More information about the clamav-users
mailing list