Hi there, On Thu, 10 Dec 2020, Joel Esler (jesler) via clamav-users wrote:
I think the way to fix this is, freshclam, if it receives an "I'm behind" error from the PoP, to do a sleep for awhile and then try again. ...
Maybe the workaround is simpler than that. The document at https://www.clamav.net/documents/private-local-mirrors tells the reader to set the 'ScriptedUpdates' option to 'no' for _both_ the local mirror _and_ that mirror's clients. I can understand the logic of setting the option to 'no' for clients of the local mirror, because a local mirror won't serve '.cdiff' files and if they ask the local mirror for such a file they'll get a 404. But the local mirror could grab the .cdiff files from the Cloudflare mirrors using freshclam, just as does any client which does _not_ use a local mirror, no? What reason is there for not using 'ScriptedUpdates yes' on the mirror? As I said earlier to the OP, I've never seen the problem that he's complaining of and I'm beginning to suspect that he's right - that it's the use of the ScriptedUpdates no option which is at the root of the problem. (Well, that and the fact that Cloudflare apparently isn't providing the service that Cisco has presumably contracted it to provide - if all that's necessary in order for the Cloudflare PoP to update its copy of the .cvd file is for some random client to request a download of it, then you'd expect that the OP's request would trigger that, and apparently it doesn't). Most freshclam daemons will be configured to make just a few attempts per day to update, and a failure will mean using outdated databases (on a server which by definition is providing service to many clients) until at least the time of the next scheduled update. That and the "try again in an hour or two" suggestion seem to fly in the face of the freshclam man page: --on-error-execute=COMMAND Execute COMMAND if error occurred. Remember, that virus database freshness is the most important thing in anti-virus system. ... I wonder if another workaround might be to use the 'DatabaseMirror' or 'PrivateMirror' options in freshclam.conf to avoid Cloudflare issues. But the real fix must be in the hands of Cloudflare, or perhaps those of Cloudflare's customers (making more fuss about something which, at first sight, could very easily be remedied). -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml