Luigi Iotti wrote: >> >> Notification is a part of the solution IMHO. If clamd recognizes that >> it's not able to load the new ones because the update process is still >> occurring, then it should continue running *AND* notify the sysadmin >> that it's running in what should be considered a degraded mode. The >> ease with which this is attained will vary by system. > > I agree. Only it's worth noticing that if I have a script that can inform me > via a pager that clamd is not running, than it's likely to be able to inform > me that an update did not go well, or that sigtool reports my virus > signatures to be 4 or 24 or NN hours old. I would be equally informed, but I > would have no denial of service. > > Just my opinion.
The environment I support is a forest of gateway servers. If any/all lose the ability to scan viruses, the inside server forest, running a completely different tool suite, can pick up the load. My job is to bring full service back to my systems as quickly as possible. That happened - logs show no viruses were ingested, and this is a million message/week system. Fault tolerance, notification, redundancy. Oh - and expensive. Very expensive, in fact. Anyone know if this event caused Barracuda systems to fold up the tent? dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
