Hi there, On Thu, 5 Sep 2019, Thomas Barth via clamav-users wrote:
freshclam just downloads the standard databases to keep them fresh. In /etc/clamav/freshclam.conf you can set the check interval. That s ok. # Check for new database 24 times a day Checks 24
Good so far.
But it s /usr/sbin/clamd who loads the databases into memory.
Yes.
In /etc/clamav/clamd.conf there should be a value of 12 for an every two hour load, right?
No.
It seems that the two hour loading is hardcoded in the daemon.
No. There are two ways to trigger reloading the databases. One is to set the 'SelfCheck' interval. The other is to send a 'RELOAD' command on the port or socket on which the daemon is listening. For example if the daemon is listening on TCP port 127.0.0.1:3311 manually I might do this at a shell prompt: $ /bin/echo 'RELOAD' | /bin/nc localhost 3311 | /usr/bin/logger -p mail.debug 2>&1 The 'SelfCheck' interval tells the daemon to reload the databases only if something has changed: mail6:~$ >>> grep 'SelfCheck' /var/log/mail.debug ... Sep 4 02:15:12 mail6 clamd[5479]: SelfCheck: Database status OK. Sep 4 03:37:14 mail6 clamd[7689]: SelfCheck: Database status OK. Sep 4 05:02:02 mail6 clamd[5479]: SelfCheck: Database status OK. Sep 4 06:24:14 mail6 clamd[7689]: SelfCheck: Database status OK. Sep 4 07:49:13 mail6 clamd[5479]: SelfCheck: Database status OK. Sep 4 09:11:11 mail6 clamd[7689]: SelfCheck: Database modification detected. Forcing reload. Sep 4 10:36:12 mail6 clamd[5479]: SelfCheck: Database modification detected. Forcing reload. Sep 4 12:03:14 mail6 clamd[7689]: SelfCheck: Database modification detected. Forcing reload. Sep 4 13:27:12 mail6 clamd[5479]: SelfCheck: Database status OK. Sep 4 14:54:15 mail6 clamd[7689]: SelfCheck: Database status OK. Sep 4 16:14:12 mail6 clamd[5479]: SelfCheck: Database status OK. Sep 4 17:41:14 mail6 clamd[7689]: SelfCheck: Database status OK. Sep 4 19:01:12 mail6 clamd[5479]: SelfCheck: Database status OK. Sep 4 20:28:14 mail6 clamd[7689]: SelfCheck: Database status OK. Sep 4 21:48:12 mail6 clamd[5479]: SelfCheck: Database status OK. Sep 4 23:15:14 mail6 clamd[7689]: SelfCheck: Database modification detected. Forcing reload. Sep 5 00:35:12 mail6 clamd[5479]: SelfCheck: Database modification detected. Forcing reload. Sep 5 02:07:14 mail6 clamd[7689]: SelfCheck: Database modification detected. Forcing reload. Sep 5 03:26:12 mail6 clamd[5479]: SelfCheck: Database modification detected. Forcing reload. Sep 5 04:59:14 mail6 clamd[7689]: SelfCheck: Database status OK. Sep 5 06:17:12 mail6 clamd[5479]: SelfCheck: Database status OK. Sep 5 07:46:14 mail6 clamd[7689]: SelfCheck: Database status OK. Sep 5 09:04:12 mail6 clamd[5479]: SelfCheck: Database modification detected. Forcing reload. I PING the daemons every minute. I've patched the, er, patched daemon also to reply in lower case to PING commands, so that I can see which one replies when. Here's my *unpatched* daemon reloading this morning: Sep 5 09:02:12 mail6 root: PONG Sep 5 09:02:14 mail6 root: pong Sep 5 09:03:12 mail6 root: PONG Sep 5 09:03:14 mail6 root: pong Sep 5 09:04:12 mail6 clamd[5479]: SelfCheck: Database modification detected. Forcing reload. Sep 5 09:04:14 mail6 clamd[5479]: Reading databases from /etc/mail/clamav Sep 5 09:04:14 mail6 root: pong Sep 5 09:05:14 mail6 root: pong Sep 5 09:06:14 mail6 root: pong Sep 5 09:07:14 mail6 root: pong Sep 5 09:07:59 mail6 clamd[5479]: Database correctly reloaded (8869225 signatures) Sep 5 09:05:12 mail6 root: PONG Sep 5 09:06:12 mail6 root: PONG Sep 5 09:04:12 mail6 root: PONG Sep 5 09:07:12 mail6 root: PONG Sep 5 09:08:12 mail6 root: PONG Sep 5 09:08:14 mail6 root: pong Sep 5 09:09:12 mail6 root: PONG Sep 5 09:09:14 mail6 root: pong Sep 5 09:10:12 mail6 root: PONG Here's the *patched daemon reloading: Sep 5 02:06:12 mail6 root: PONG Sep 5 02:06:14 mail6 root: pong Sep 5 02:07:12 mail6 root: PONG Sep 5 02:07:14 mail6 clamd[7689]: SelfCheck: Database modification detected. Forcing reload. Sep 5 02:07:14 mail6 clamd[7689]: Reading databases from /etc/mail/clamav Sep 5 02:07:14 mail6 root: pong Sep 5 02:08:12 mail6 root: PONG Sep 5 02:08:14 mail6 root: pong Sep 5 02:09:12 mail6 root: PONG Sep 5 02:09:14 mail6 root: pong Sep 5 02:10:12 mail6 root: PONG Sep 5 02:10:14 mail6 root: pong Sep 5 02:11:12 mail6 root: PONG Sep 5 02:11:14 mail6 root: pong Sep 5 02:11:35 mail6 clamd[7689]: Database correctly reloaded (8871522 signatures) Sep 5 02:12:12 mail6 root: PONG Sep 5 02:12:14 mail6 root: pong Sep 5 02:13:12 mail6 root: PONG Sep 5 02:13:14 mail6 root: pong Sep 5 02:14:12 mail6 root: PONG Sep 5 02:14:14 mail6 root: pong See the difference? The patched daemon does what you want. The unpatched one doesn't. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml