On Fri, 19 Sep 2014 12:00:00 -0400 Al Varnell <alvarn...@mac.com> wrote: > OK, so I?m a bit confused by this. > > I realize that many of us have different approaches to updating the > database, due to different circumstances in network access, etc., > but why are you downloading daily.cvd five times a day instead of > using freshclam to incrementally update as recommended to all users, > if bandwidth is such an important resource to you? It certainly has > a negative impact to the mirror network if many users are doing this > routinely. > [SNIP]
We *are* using freshclam to acquire daily.cvd. I used the term 'download' to denote the concept of acquiring data from a remote computer, it doesn't mean that we go to the mysterious URL which is being discontinued to retrieve daily.cvd. In particular, every hour at 7 minutes past the hour (see crontab entry below) a wrapper script is executed via cron which in turn invokes freshclam. The wrapper script logs various information every time it runs, whether or not anything is actually pulled from the ClamAV mirror. (See below for log excerpts.) The statement in my earlier posting about 'downloading' 5 times in one day was merely a reference to the fact that on that particular day freshclam decided to retrieve a new daily.cvd 5 times, out of 24 hourly checks. And, in spite of the use of freshclam, the daily.cvd that got retrieved was quite large (28 MB, according to Wireshark's "Follow TCP Stream" function). Using cron ensures that our master freshclam runs on a schedule so that the other NTP-synced machines on our LAN can run their cron-driven freshclams a few minutes later to pull the "latest" daily.cvd from our local mirror. Hope this clarifies what we are doing. Paul Kosinski P.S. I could provide our getfreshclam script if anyone is interested. Besides logging etc., it keeps backups of daily.cvd (and main.cvd) "just in case". ++++++ CRONTAB entry OCBG='/opt/clamav/bin/getfreshclam' 7 * * * * root test -x $OCBG && /usr/bin/sudo -u clamav $OCBG && /usr/bin/killall -HUP havp80 havp86 && /usr/bin/killall -USR2 clamd ++++++ Log excerpts (3 successive hours, only 1 'download') ------------------------------ Wednesday 17 September 2014 at 22:07:01 ------------------------------ Current working dir is /opt/clamav.d/clamav.0.98.4a/share/clamav Max retries == 2 ClamAV update process started at Wed Sep 17 22:07:01 2014 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 1383 Software version from DNS: 0.98.4 main.cvd version from DNS: 55 main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) daily.cvd version from DNS: 19386 daily.cvd is up to date (version: 19386, sigs: 1141411, f-level: 63, builder: neo) bytecode.cvd version from DNS: 242 bytecode.cvd is up to date (version: 242, sigs: 46, f-level: 63, builder: dgoddard) ------------------------------ Wednesday 17 September 2014 at 22:07:04 ------------------------------ ------------------------------ Wednesday 17 September 2014 at 23:07:01 ------------------------------ Current working dir is /opt/clamav.d/clamav.0.98.4a/share/clamav Max retries == 2 ClamAV update process started at Wed Sep 17 23:07:01 2014 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 229 Software version from DNS: 0.98.4 main.cvd version from DNS: 55 main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) daily.cvd version from DNS: 19387 Retrieving http://db.us.clamav.net/daily.cvd Ignoring mirror 104.131.196.175 (due to previous errors) Ignoring mirror 128.199.133.36 (due to previous errors) Ignoring mirror 66.18.18.59 (due to previous errors) Ignoring mirror 209.198.147.20 (due to previous errors) nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.us.clamav.net (IP: 65.19.179.67) nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.us.clamav.net (IP: 78.46.84.244) Trying host db.us.clamav.net (155.98.64.87)... Trying to download http://db.us.clamav.net/daily.cvd (IP: 155.98.64.87) Downloading daily.cvd [100%] Loading signatures from daily.cvd Properly loaded 1141431 signatures from new daily.cvd daily.cvd updated (version: 19387, sigs: 1141408, f-level: 63, builder: neo) Querying daily.19387.77.1.0.9B624057.ping.clamav.net bytecode.cvd version from DNS: 242 bytecode.cvd is up to date (version: 242, sigs: 46, f-level: 63, builder: dgoddard) Database updated (3565679 signatures) from db.us.clamav.net (IP: 155.98.64.87) OnUpdateExecute: EXIT_1 ------------------------------ Wednesday 17 September 2014 at 23:10:38 ------------------------------ ------------------------------ Thursday 18 September 2014 at 00:07:01 ------------------------------ Current working dir is /opt/clamav.d/clamav.0.98.4a/share/clamav Max retries == 2 ClamAV update process started at Thu Sep 18 00:07:01 2014 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 1429 Software version from DNS: 0.98.4 main.cvd version from DNS: 55 main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) daily.cvd version from DNS: 19387 daily.cvd is up to date (version: 19387, sigs: 1141408, f-level: 63, builder: neo) bytecode.cvd version from DNS: 242 bytecode.cvd is up to date (version: 242, sigs: 46, f-level: 63, builder: dgoddard) ------------------------------ Thursday 18 September 2014 at 00:07:04 ------------------------------ _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml