"The whole CVD filename is not versioned (always "daily.cvd") which is why the CloudFlare caching issue may result in serving the previous version."
HTML filenames for Web pages are not versioned either. Does this mean that CDNs like Cloudflare often serve up obsolete Web pages? If so, does nobody notice (and complain)? A delay of an hour could have an adverse effect on online commerce, especially during the busy holiday season. On Thu, 10 Dec 2020 18:34:36 +0000 "Micah Snyder \(micasnyd\) via clamav-users" <clamav-users@lists.clamav.net> wrote: > Ged, Joel, Andrew, Paul: > > Ged wrote: > > As I said earlier to the OP, I've never seen the problem that he's > > complaining of and I'm beginning to suspect that he's right - that it's the > > use of the `ScriptedUpdates no` option which is at the root of the problem. > > > > This is correct -- there is no issue getting the latest patch when using > scripted updates. The issue is when trying to download the whole CVD. The > whole CVD filename is not versioned (always "daily.cvd") which is why the > CloudFlare caching issue may result in serving the previous version. > > Andrew wrote: > > Would it be sensible for freshclam to update the file when a newer version > > is available, even if it is not the newest ? > > ... > > To be clearer, say I have version 26011, the DNS says 26013 is current but > > the newest that freshclam can find on any configured mirror is 26012, it > > might be better to update to 26012 than wait for 26013. > > It should already do this. If you have version 26011 and it says 26013, but > only 26012 is available, it should get 26012. If that's not working -- let > me know, we'd have a bug to fix. > > Joel wrote: > > I think the way to fix this is, freshclam, if it receives an "I'm behind" > > error from the PoP, to do a sleep for awhile and then try again. If the > > second attempt still fails then give the error to the user. > > I want to be clear -- the message that was originally reported is not an > error message. It's a verbose (a.k.a debug-level) message. If you're running > freshclam relatively frequently, then this "wait a while and try again" thing > is transparent to you. Disable the `Verbose` option in freshclam.conf and > don't worry about it. > > -Micah > > > -----Original Message----- > > From: clamav-users <clamav-users-boun...@lists.clamav.net> On Behalf Of > > G.W. Haywood via clamav-users > > Sent: Thursday, December 10, 2020 9:21 AM > > To: Joel Esler (jesler) via clamav-users <clamav-users@lists.clamav.net> > > Cc: G.W. Haywood <cla...@jubileegroup.co.uk> > > Subject: Re: [clamav-users] local server takes time to update clamav db > > > > Hi there, > > > > On Thu, 10 Dec 2020, Joel Esler (jesler) via clamav-users wrote: > > > > >>> I think the way to fix this is, freshclam, if it receives an "I'm > > >>> behind" error from the PoP, to do a sleep for awhile and then try > > >>> again. ... > > > > Maybe the workaround is simpler than that. > > > > The document at > > > > https://www.clamav.net/documents/private-local-mirrors > > > > tells the reader to set the 'ScriptedUpdates' option to 'no' for _both_ the > > local > > mirror _and_ that mirror's clients. > > > > I can understand the logic of setting the option to 'no' for clients of the > > local > > mirror, because a local mirror won't serve '.cdiff' files and if they ask > > the local > > mirror for such a file they'll get a 404. > > > > But the local mirror could grab the .cdiff files from the Cloudflare mirrors > > using freshclam, just as does any client which does _not_ use a local > > mirror, > > no? > > > > What reason is there for not using 'ScriptedUpdates yes' on the mirror? > > > > As I said earlier to the OP, I've never seen the problem that he's > > complaining > > of and I'm beginning to suspect that he's right - that it's the use of the > > > > ScriptedUpdates no > > > > option which is at the root of the problem. (Well, that and the fact that > > Cloudflare apparently isn't providing the service that Cisco has presumably > > contracted it to provide - if all that's necessary in order for the > > Cloudflare PoP > > to update its copy of the .cvd file is for some random client to request a > > download of it, then you'd expect that the OP's request would trigger that, > > and apparently it doesn't). > > > > Most freshclam daemons will be configured to make just a few attempts per > > day to update, and a failure will mean using outdated databases (on a server > > which by definition is providing service to many clients) until at least > > the time > > of the next scheduled update. That and the "try again in an hour or two" > > suggestion seem to fly in the face of the freshclam man page: > > > > --on-error-execute=COMMAND Execute COMMAND if error occurred. > > Remember, that virus database freshness is the most important thing in > > anti-virus system. ... > > > > I wonder if another workaround might be to use the 'DatabaseMirror' or > > 'PrivateMirror' options in freshclam.conf to avoid Cloudflare issues. > > > > But the real fix must be in the hands of Cloudflare, or perhaps those of > > Cloudflare's customers (making more fuss about something which, at first > > sight, could very easily be remedied). > > > > -- > > > > 73, > > Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
