On Fri, Sep 19, 2014 at 11:30 AM, Paul Kosinski wrote: > > On Fri, 19 Sep 2014 12:00:00 -0400 > Al Varnell <[email protected]> wrote: >> OK, so I?m a bit confused by this. >> >> I realize that many of us have different approaches to updating the >> database, due to different circumstances in network access, etc., >> but why are you downloading daily.cvd five times a day instead of >> using freshclam to incrementally update as recommended to all users, >> if bandwidth is such an important resource to you? It certainly has >> a negative impact to the mirror network if many users are doing this >> routinely. >> [SNIP] > > We *are* using freshclam to acquire daily.cvd. I used the term > 'download' to denote the concept of acquiring data from a remote > computer, it doesn't mean that we go to the mysterious URL which is > being discontinued to retrieve daily.cvd. > > In particular, every hour at 7 minutes past the hour (see crontab > entry below) a wrapper script is executed via cron which in turn > invokes freshclam. The wrapper script logs various information every > time it runs, whether or not anything is actually pulled from the > ClamAV mirror. (See below for log excerpts.)
That sounds like a reasonable approach to keeping thing “fresh” and could be increased to up to four times an hour without having to change your Country Code, but based on what I have seen so far today (twelve incremental updates so far) that would just cause even more download issues. > The statement in my earlier posting about 'downloading' 5 times in one > day was merely a reference to the fact that on that particular day > freshclam decided to retrieve a new daily.cvd 5 times, out of 24 > hourly checks. And, in spite of the use of freshclam, the daily.cvd > that got retrieved was quite large (28 MB, according to Wireshark's > "Follow TCP Stream" function). I don’t know overall statistics, but for freshclam to download the complete daily.cvd five times in a twenty-four hour period would be very unusual for most users. I just checked two of my installations and have only had to do that twice since June. Have you disabled “scripted updates” for some reason? > Using cron ensures that our master freshclam runs on a schedule so > that the other NTP-synced machines on our LAN can run their cron-driven > freshclams a few minutes later to pull the "latest" daily.cvd from our > local mirror. > > Hope this clarifies what we are doing. For the most part. Is there some reason those other NTP-synced machines on your LAN can’t use a daily.cld instead? -Al- -- Al Varnell Mountain View, CA _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
