* Dennis Peterson wrote: > On 3/2/10 7:58 AM, Nathan Gibbs wrote: > >> >> Question. >> Why does freshclam suggest checking >> >> http://www.clamav.net/support/mirror-problem >> >> for possible problems with a a LOCAL MIRROR when it KNOWS that its >> checking a local mirror. > > There is nothing on that page that is inappropriate for debugging the > problem so there is no harm in presenting that message.
OK, I thought that link went to this page http://www.clamav.net/mirrors.html So its not as useless. > You've got a solution (you rightly ignore the message and do work > appropriate to your environment). What is your problem statement > regards Clamav? I'll cover that further down. In short, its not functional issues, just a couple rough edges that could use sanding. > You do realize that after the first time you see any such message you > already know what to do, and the message itself, a kind of hand holding, If your smart enough to figure out how to set up a local mirror, you most likely won't need the hand holding. So I'd like to be able to shut the message off or change it to something more appropriate. > becomes just another line in the log we all ignore? Now class, should we ignore error messages in our logs? 99% of the time this isn't a serious error. The little boy cried "WOLF!" And there was none. > The software is resilient as designed and will retry. If your environment is > as > resilient you will get your download. > 1% of the time something goes wrong. The little boy cried "WOLF!" And there was one. The little boy becomes "DINNER!" To answer your question "What is your problem statement regards Clamav?" Summary In any config update issue makes way more noise in the logs than necessary. Its loud & obnoxious. In a local mirror configuration freshclam lies more than a politician. Its loud obnoxious, & lies. I'm trusting this loud obnoxious lier to protect my systems from viruses?! H'mmmm.... Detail In any config If its hit an error, but hasn't given up yet. aka Trying again in 5 secs... Shut up already! When it finally gets to Giving up on clamav.local.example.com... Then it should say something. A one liner like these would work fine. Feb 25 15:16:19 host freshclam[2608]: Update failed: Mirror XXX.XXX.XXX.XXX is not synchronized. or Feb 25 15:16:19 host freshclam[2608]: Update failed: Can't download daily.cvd from clamav.local.example.com. Sorry if this analogy is too disgusting, but Feb 25 15:16:09 host freshclam[2608]: Toilet paper roll is not synchronized. Feb 25 15:16:09 host freshclam[2608]: Trying to flush again in 5 secs... Feb 25 15:16:14 host freshclam[2608]: Can't download toilet paper from roll Feb 25 15:16:14 host freshclam[2608]: Trying to flush again in 5 secs... Feb 25 15:16:19 host freshclam[2608]: Toilet paper roll is not synchronized. Feb 25 15:16:19 host freshclam[2608]: Giving up on Toilet paper roll Too much information, I don't want to know!!! If you need me to toss a roll in to you ( fix a local network issue ) OK, but I DO NOT want to hear every step of your crap. In a local mirror config If the slave is out of sync and ( has been for X tries or Y hours ) I want to know about it }else{ Shut up } Implementing the check for X tries or Y hours and quieting the thing down would be something for the ClamAV Team to do. In conclusion ClamAV ( a good thing ) could be a bit better with a few changes. Now I don't know jack about C programming, so I'm putting the suggestions where someone who does can find them. Not functional issues, just a couple rough edges that could use sanding. -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
