-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Apr 11, 2007 at 02:24:52PM -0400, Jim Maul wrote:
>However, it is illogical that clamd would die completely due to issues
>with a recently downloaded definition file. Why can it not just roll
>back to the old, previously working, definitions? Can someone please
>explain this? Im having trouble trying to comprehend the current behavior.
Neutral question:
What's worse?
a) AV that dies because of problems with virus definitions
b) AV that reverts back to previously working definitions but then
leaves you with a system that lets the latest things through
and the whole time you think you're protected
a is not great, but then neither is b. In the case of a, cron scripts
watching the daemon process fixes things if it can and notifies you via
pager (and 10 pages coming in simultaneously definitely indicates
that something is wrong). In the case of b, you see no interruption so
you assume all is well (and in this case, all IS well, but suppose some
corporation changes their firewall blocking traffic outbound from your
clamav box and you never know that it's not getting the latest updates).
Notification is a part of the solution IMHO. If clamd recognizes that
it's not able to load the new ones because the update process is still
occurring, then it should continue running *AND* notify the sysadmin
that it's running in what should be considered a degraded mode. The
ease with which this is attained will vary by system.
- --
Regards... Todd
There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order. --Ed Howdershelt
Linux kernel 2.6.17-6mdv 4 users, load average: 0.24, 0.05, 0.02
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGHS5iY2VBGxIDMLwRAnjPAJ9towGydLsfkSuqnfQdzNKKqCroogCffUx3
HiUQ+beTO8mdlrNI1iSljf0=
=I8dY
-----END PGP SIGNATURE-----
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
