On 2011-07-11 at 13:40-04 Christopher X Candreva <[email protected]> wrote:
> I have one machine run freshclam, and use rsync to update all my > other servers with the databases. The clamav user has to have ssl > keys set up so it can ssh to the other servers without a password. > Then, freshclam.conf has this: ... Yeah, we've considered setting up something similar. It wouldn't be that difficult. But the thing is, freshclam already has 99% of the code to do this. All it needs is a "keep the CDIFF files around" option (to enable on the master) and a "try to grab the CLD file if the CVD file isn't available" option (to enable on the clients). That's it. It just seems silly to (essentially) write another version of freshclam when the current version just needs two new options to do what is necessary. On 2011-07-11 14:57:31 -0400 Nathan Gibbs <[email protected]> wrote: > We use the mirrored system, and it works fairly well. One freshclam > pulling cvd's from outside, several freshclams pulling from the > local mirror. The only issue we have is the mirror getting behind > every once in a while, not much of a big deal. Alas, our mirror gets behind much more frequently. I don't know if we keep landing on overloaded mirrors or what, but it's an issue for us. On 2011-07-13 00:01:26 +0200 Luca Gibelli <[email protected]> wrote: > > We are in a situation where we have multiple hosts that need to > > run ClamAV, but those hosts are highly restricted in what outbound > > Internet access they have. Thus, we need to run a local ClamAV > > mirror. > > You can install a http proxy server and restrict access to cvd+cdiff > files on db.*.clamav.net. I appreciate the suggestion, but to clarify: we are prohibited by policy from allowing any outbound web access for these hosts, proxied or not. (The policy is dictated from on high, and will not change.) We *MUST* use a local private mirror, period. It would seem that we aren't the only ones who are contemplating hacking together our own "distribution from a local mirror" mechanism, because freshclam's solution just isn't adequate/efficient. If I were to provide a patch that adds the two options I discussed above to freshclam, would you at least consider accepting it into trunk? We need this functionality. But if you won't accept a patch to add it, then we will have to throw away freshclam and design our own solution, because I don't want to be put in the situation where I have to maintain my own local patches and update them after every release. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
