On Fri, 19 Sep 2014 12:00:00 -0400
Al Varnell <alvarn...@mac.com> wrote:
> OK, so I?m a bit confused by this.
>
> I realize that many of us have different approaches to updating the
> database, due to different circumstances in network access, etc.,
> but why are you downloading daily.cvd five times a day instead of
> using freshclam to incrementally update as recommended to all users,
> if bandwidth is such an important resource to you? It certainly has
> a negative impact to the mirror network if many users are doing this
> routinely.
> [SNIP]
We *are* using freshclam to acquire daily.cvd. I used the term
'download' to denote the concept of acquiring data from a remote
computer, it doesn't mean that we go to the mysterious URL which is
being discontinued to retrieve daily.cvd.
In particular, every hour at 7 minutes past the hour (see crontab
entry below) a wrapper script is executed via cron which in turn
invokes freshclam. The wrapper script logs various information every
time it runs, whether or not anything is actually pulled from the
ClamAV mirror. (See below for log excerpts.)
The statement in my earlier posting about 'downloading' 5 times in one
day was merely a reference to the fact that on that particular day
freshclam decided to retrieve a new daily.cvd 5 times, out of 24
hourly checks. And, in spite of the use of freshclam, the daily.cvd
that got retrieved was quite large (28 MB, according to Wireshark's
"Follow TCP Stream" function).
Using cron ensures that our master freshclam runs on a schedule so
that the other NTP-synced machines on our LAN can run their cron-driven
freshclams a few minutes later to pull the "latest" daily.cvd from our
local mirror.
Hope this clarifies what we are doing.
Paul Kosinski
P.S. I could provide our getfreshclam script if anyone is interested.
Besides logging etc., it keeps backups of daily.cvd (and main.cvd)
"just in case".
++++++ CRONTAB entry
OCBG='/opt/clamav/bin/getfreshclam'
7 * * * * root test -x $OCBG && /usr/bin/sudo -u clamav $OCBG &&
/usr/bin/killall -HUP havp80 havp86 && /usr/bin/killall -USR2 clamd
++++++ Log excerpts (3 successive hours, only 1 'download')
------------------------------ Wednesday 17 September 2014 at 22:07:01
------------------------------
Current working dir is /opt/clamav.d/clamav.0.98.4a/share/clamav
Max retries == 2
ClamAV update process started at Wed Sep 17 22:07:01 2014
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1383
Software version from DNS: 0.98.4
main.cvd version from DNS: 55
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cvd version from DNS: 19386
daily.cvd is up to date (version: 19386, sigs: 1141411, f-level: 63, builder:
neo)
bytecode.cvd version from DNS: 242
bytecode.cvd is up to date (version: 242, sigs: 46, f-level: 63, builder:
dgoddard)
------------------------------ Wednesday 17 September 2014 at 22:07:04
------------------------------
------------------------------ Wednesday 17 September 2014 at 23:07:01
------------------------------
Current working dir is /opt/clamav.d/clamav.0.98.4a/share/clamav
Max retries == 2
ClamAV update process started at Wed Sep 17 23:07:01 2014
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 229
Software version from DNS: 0.98.4
main.cvd version from DNS: 55
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cvd version from DNS: 19387
Retrieving http://db.us.clamav.net/daily.cvd
Ignoring mirror 104.131.196.175 (due to previous errors)
Ignoring mirror 128.199.133.36 (due to previous errors)
Ignoring mirror 66.18.18.59 (due to previous errors)
Ignoring mirror 209.198.147.20 (due to previous errors)
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host db.us.clamav.net (IP: 65.19.179.67)
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host db.us.clamav.net (IP: 78.46.84.244)
Trying host db.us.clamav.net (155.98.64.87)...
Trying to download http://db.us.clamav.net/daily.cvd (IP: 155.98.64.87)
Downloading daily.cvd [100%]
Loading signatures from daily.cvd
Properly loaded 1141431 signatures from new daily.cvd
daily.cvd updated (version: 19387, sigs: 1141408, f-level: 63, builder: neo)
Querying daily.19387.77.1.0.9B624057.ping.clamav.net
bytecode.cvd version from DNS: 242
bytecode.cvd is up to date (version: 242, sigs: 46, f-level: 63, builder:
dgoddard)
Database updated (3565679 signatures) from db.us.clamav.net (IP: 155.98.64.87)
OnUpdateExecute: EXIT_1
------------------------------ Wednesday 17 September 2014 at 23:10:38
------------------------------
------------------------------ Thursday 18 September 2014 at 00:07:01
------------------------------
Current working dir is /opt/clamav.d/clamav.0.98.4a/share/clamav
Max retries == 2
ClamAV update process started at Thu Sep 18 00:07:01 2014
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1429
Software version from DNS: 0.98.4
main.cvd version from DNS: 55
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cvd version from DNS: 19387
daily.cvd is up to date (version: 19387, sigs: 1141408, f-level: 63, builder:
neo)
bytecode.cvd version from DNS: 242
bytecode.cvd is up to date (version: 242, sigs: 46, f-level: 63, builder:
dgoddard)
------------------------------ Thursday 18 September 2014 at 00:07:04
------------------------------
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
