Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?

G.W. Haywood via clamav-users Thu, 05 Sep 2019 02:36:19 -0700

Hi there,

On Thu, 5 Sep 2019, Thomas Barth via clamav-users wrote:

freshclam just downloads the standard databases to keep them fresh.

In /etc/clamav/freshclam.conf you can set the check interval. That s ok.
# Check for new database 24 times a day
Checks 24


Good so far.

But it s /usr/sbin/clamd who loads the databases into memory.


Yes.

In /etc/clamav/clamd.conf there should be a value of 12 for an every
two hour load, right?

No.

It seems that the two hour loading is hardcoded in the daemon.


No.  There are two ways to trigger reloading the databases.

One is to set the 'SelfCheck' interval.  The other is to send a
'RELOAD' command on the port or socket on which the daemon is
listening.  For example if the daemon is listening on TCP port
127.0.0.1:3311 manually I might do this at a shell prompt:

$ /bin/echo 'RELOAD' | /bin/nc localhost 3311 | /usr/bin/logger -p mail.debug 
2>&1

The 'SelfCheck' interval tells the daemon to reload the databases only
if something has changed:

mail6:~$ >>> grep 'SelfCheck' /var/log/mail.debug ...
Sep  4 02:15:12 mail6 clamd[5479]: SelfCheck: Database status OK.
Sep  4 03:37:14 mail6 clamd[7689]: SelfCheck: Database status OK.
Sep  4 05:02:02 mail6 clamd[5479]: SelfCheck: Database status OK.
Sep  4 06:24:14 mail6 clamd[7689]: SelfCheck: Database status OK.
Sep  4 07:49:13 mail6 clamd[5479]: SelfCheck: Database status OK.
Sep  4 09:11:11 mail6 clamd[7689]: SelfCheck: Database modification detected. 
Forcing reload.
Sep  4 10:36:12 mail6 clamd[5479]: SelfCheck: Database modification detected. 
Forcing reload.
Sep  4 12:03:14 mail6 clamd[7689]: SelfCheck: Database modification detected. 
Forcing reload.
Sep  4 13:27:12 mail6 clamd[5479]: SelfCheck: Database status OK.
Sep  4 14:54:15 mail6 clamd[7689]: SelfCheck: Database status OK.
Sep  4 16:14:12 mail6 clamd[5479]: SelfCheck: Database status OK.
Sep  4 17:41:14 mail6 clamd[7689]: SelfCheck: Database status OK.
Sep  4 19:01:12 mail6 clamd[5479]: SelfCheck: Database status OK.
Sep  4 20:28:14 mail6 clamd[7689]: SelfCheck: Database status OK.
Sep  4 21:48:12 mail6 clamd[5479]: SelfCheck: Database status OK.
Sep  4 23:15:14 mail6 clamd[7689]: SelfCheck: Database modification detected. 
Forcing reload.
Sep  5 00:35:12 mail6 clamd[5479]: SelfCheck: Database modification detected. 
Forcing reload.
Sep  5 02:07:14 mail6 clamd[7689]: SelfCheck: Database modification detected. 
Forcing reload.
Sep  5 03:26:12 mail6 clamd[5479]: SelfCheck: Database modification detected. 
Forcing reload.
Sep  5 04:59:14 mail6 clamd[7689]: SelfCheck: Database status OK.
Sep  5 06:17:12 mail6 clamd[5479]: SelfCheck: Database status OK.
Sep  5 07:46:14 mail6 clamd[7689]: SelfCheck: Database status OK.
Sep  5 09:04:12 mail6 clamd[5479]: SelfCheck: Database modification detected. 
Forcing reload.

I PING the daemons every minute.  I've patched the, er, patched daemon
also to reply in lower case to PING commands, so that I can see which
one replies when.

Here's my *unpatched* daemon reloading this morning:

Sep  5 09:02:12 mail6 root: PONG
Sep  5 09:02:14 mail6 root: pong
Sep  5 09:03:12 mail6 root: PONG
Sep  5 09:03:14 mail6 root: pong
Sep  5 09:04:12 mail6 clamd[5479]: SelfCheck: Database modification detected. 
Forcing reload.
Sep  5 09:04:14 mail6 clamd[5479]: Reading databases from /etc/mail/clamav
Sep  5 09:04:14 mail6 root: pong
Sep  5 09:05:14 mail6 root: pong
Sep  5 09:06:14 mail6 root: pong
Sep  5 09:07:14 mail6 root: pong
Sep  5 09:07:59 mail6 clamd[5479]: Database correctly reloaded (8869225 
signatures)
Sep  5 09:05:12 mail6 root: PONG
Sep  5 09:06:12 mail6 root: PONG
Sep  5 09:04:12 mail6 root: PONG
Sep  5 09:07:12 mail6 root: PONG
Sep  5 09:08:12 mail6 root: PONG
Sep  5 09:08:14 mail6 root: pong
Sep  5 09:09:12 mail6 root: PONG
Sep  5 09:09:14 mail6 root: pong
Sep  5 09:10:12 mail6 root: PONG

Here's the *patched daemon reloading:

Sep  5 02:06:12 mail6 root: PONG
Sep  5 02:06:14 mail6 root: pong
Sep  5 02:07:12 mail6 root: PONG
Sep  5 02:07:14 mail6 clamd[7689]: SelfCheck: Database modification detected. 
Forcing reload.
Sep  5 02:07:14 mail6 clamd[7689]: Reading databases from /etc/mail/clamav
Sep  5 02:07:14 mail6 root: pong
Sep  5 02:08:12 mail6 root: PONG
Sep  5 02:08:14 mail6 root: pong
Sep  5 02:09:12 mail6 root: PONG
Sep  5 02:09:14 mail6 root: pong
Sep  5 02:10:12 mail6 root: PONG
Sep  5 02:10:14 mail6 root: pong
Sep  5 02:11:12 mail6 root: PONG
Sep  5 02:11:14 mail6 root: pong
Sep  5 02:11:35 mail6 clamd[7689]: Database correctly reloaded (8871522 
signatures)
Sep  5 02:12:12 mail6 root: PONG
Sep  5 02:12:14 mail6 root: pong
Sep  5 02:13:12 mail6 root: PONG
Sep  5 02:13:14 mail6 root: pong
Sep  5 02:14:12 mail6 root: PONG
Sep  5 02:14:14 mail6 root: pong

See the difference?

The patched daemon does what you want.  The unpatched one doesn't.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?

Reply via email to