I did a quick grep on the the source code (and compiled output too) of ClamAV 0.103.0, and I couldn't find any instance of 'CF-Cache-Status'. Should freshclam (or somebody) be checking this HTTP header line that Cloudflare returns? The 'STALE' and 'UPDATING' values sound like they might be particularly relevant.
On Mon, 14 Dec 2020 02:57:48 +0000 "Joel Esler \(jesler\) via clamav-users" <clamav-users@lists.clamav.net> wrote: > Both of those things are done as well. > > Sent from my iPhone > > > On Dec 13, 2020, at 19:24, Dave Warren via clamav-users > > <clamav-users@lists.clamav.net> wrote: > > > > On 2020-12-11 08:51, Paul Kosinski via clamav-users wrote: > >> "The whole CVD filename is not versioned (always "daily.cvd") which is > >> why the CloudFlare caching issue may result in serving the previous > >> version." > >> HTML filenames for Web pages are not versioned either. Does this mean > >> that CDNs like Cloudflare often serve up obsolete Web pages? If so, does > >> nobody notice (and complain)? > >> A delay of an hour could have an adverse effect on online commerce, > >> especially during the busy holiday season. > > > > By default Cloudflare does not cache HTML. Cloudflare also respects > > cache-control headers, which is the normal mechanism used for websites > > which want caching, but only to a point. > > > > Cloudflare also has an API to clear the cache (at least by URI, or > > everything, and possibly more depending on the particular options offered > > by your plan). But in practice clearing the cache is not completely > > reliable and seems to be intended for cases where it is strictly needed and > > not for every "I updated this file" situation. I have the impression that > > this applies when using Cloudflare's tiered caching, my idle speculation > > wonders if perhaps this is a timing issue, where server #1 clears the > > cache, processes a request for the file which it obtains from server #2 all > > before server #2 clears the file from cache and then processes a request by > > pulling it from server #1. > > > > From a ClamAV perspective, one solution to solve this would be to call > > daily.cvd?version=26013 -- Note that the underlying web server could ignore > > the version parameter completely, but this would ensure that each > > Cloudflare cache retrieves a fresh version of the file and negates the need > > to push a cache clear message at all. If ClamAV's server serves an outdated > > version of the file then it would still get cached, but this would defeat > > any caching within Cloudflare for new versions as they're released. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
