The DNS announcement is made as the last step in the process.  The lag that may be seen is the lag in between when the DNS update is posted, and before the file is pushed out to the Tier 1 CDN servers.  It has to be requested at the CDN server before it is cached.



On Oct 18, 2018, at 12:07 PM, Micah Snyder (micasnyd) <micasnyd@cisco.com> wrote:

Hi Paul,

I realize it may look misleading to state that you're up to date when a newer database has been announced.  However, if the newer database is still being uploaded to the CDN, it is more accurate to say that the DNS announcement is premature.

The change to freshclam is an effort to ignore potentially premature database version numbers listed via DNS.

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Oct 15, 2018, at 2:26 PM, Paul Kosinski <clamav-users@iment.com> wrote:

I don't have time at the present to try out 0.100.2. I am rebuilding
our Web server, which had a disk crash. We have backups, but we need
whole new hardware since the old server had an old 32-bit-only CPU.
Thus a *supported* Linux version will not run, and so a simple disk
replacement was not a viable option. (Unfortunately the new server,
although only a VM, still costs almost 50% more per month than the old
raw hardware, which was adequate, if clunky.)

Back to ClamAV: I don't much like the idea of saying signatures are "up
to date" if only 1 version behind the latest version. Most of the time
that won't matter, but sometimes a really urgent new  signature comes
out and this approach could mislead people into a false sense of
security.



On Thu, 4 Oct 2018 22:27:14 +0000
"Micah Snyder (micasnyd)" <micasnyd@cisco.com> wrote:

Hi Paul,

Thanks for the update.

I am interested to know how freshclam in ClamAV 0.100.2 performs for
you.  I have made some tweaks to make it ignore mirrors for less
time, but more importantly I implemented a change to have it report
"up to date" in the event that the signature version provided by the
mirror is 1 behind what was advertised.  My hope is that this
alleviates the issue.

Respectfully,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Oct 4, 2018, at 4:47 PM, Paul Kosinski
<clamav-users@iment.com<mailto:clamav-users@iment.com>> wrote:

At Joel's suggestion, i have changed our sampling rate looking for
ClamAV cvd updates from 15 minutes down to 1 minute. This gives a
more precise  measurement of how long it takes for the cvd file(s) to
actually become available from Cloudflare after its presence is
"advertised" by the CNS TXT record.

Since these measurements are mainly useful for tuning the ClamAV
servers, I won't in the future post them to clamav-users unless
others besides the ClamAV team find them useful. (Maybe they should
go to the clamav-developers list?)

In any case, here is the latest log of delays. Note that these more
precisely measured delays are not explained as mere 15-minute
quantization errors.

2018-10-02 09:18:02  No delay
2018-10-02 17:18:02  No delay
2018-10-03 01:31:02  00:13:00 delay
2018-10-03 09:42:02  00:24:00 delay
2018-10-03 17:52:02  00:33:59 delay
2018-10-04 01:18:02  No delay
2018-10-04 09:40:01  00:21:59 delay
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml