Re: [Clamav-users] New db container
Tomasz Kojm said the following on 10/06/2003 09:32 AM: What about climb down from trees and take some more modern protocol like rsync? ;-) Rsync is not as popular as http ;) I don't see problem here because usually the updates are very small (the main database is updated ocasionally. Best regards, Tomasz Kojm The popularity doesn't really matter on the client side, rsync is readily available for all Unices and quite easy to get for Cygwin. The problem is that on the servers' side (main site and mirrors) you'll have to set up rsync servers instead of http servers. As a mirror admin this won't be good news for me... RSA signature support is a great thing. Now to somehow protect our clamav installations from unwanted changes we use a script which is diffing the sorted db files (it allows a configurable max number of added and removed sigs for each update and manually apply changes after review when the update doesn't fit these rules). This is far from perfect and RSA sigs will bring more confidence in the update process. Could you describe the cwd file more in depth Tomasz ? I'd like to be able to fetch the raw sigs in a set of files in order to : - tell us at which point in time our clamav install got a given sig, - be mailed for each update with the list of changes the update process we set up did. Best regards, -- Lionel Bouton - inet6 - o Siege social: 51, rue de Verdun - 92158 Suresnes / _ __ _ Acces Bureaux: 33 rue Benoit Malon - 92150 Suresnes / /\ /_ / /_ France \/ \/_ / /_/ Tel. +33 (0) 1 41 44 85 36 Inetsys S.A.Fax +33 (0) 1 46 97 20 10 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] New db container
Could you describe the cwd file more in depth Tomasz ? I'd like to be Documentation and support in clamav (CVS) will be available tomorrow. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] (\/)\. http://www.konarski.edu.pl/~zolw \..._ I nie zapomnij kliknac w brzuszek... //\ /\\ - C. Amboinensiswww.pajacyk.pl --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] New db container
Lionel Bouton wrote: The popularity doesn't really matter on the client side, rsync is readily available for all Unices and quite easy to get for Cygwin. The problem is that on the servers' side (main site and mirrors) you'll have to set up rsync servers instead of http servers. As a mirror admin this won't be good news for me... rsync server setup isnt hard. Simple example looks like: # rsync server config # use chroot = no max connections = 50 syslog facility = daemon log file = /var/log/rsyncd/rsyncd.log read only = yes uid = nobody gid = nobody [clamav] path = /var/rsync/clamav comment = Clam AV for Linux # --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] New db container
On Mon, 2003-10-06 at 07:42, Kritof Petr wrote: Lionel Bouton wrote: The problem is that on the servers' side (main site and mirrors) you'll have to set up rsync servers instead of http servers. As a mirror admin this won't be good news for me... rsync server setup isnt hard. Simple example looks like: # rsync server config # use chroot = no [...] But this is only the beginning. You also have to set up new firewall rules - probably on the box itself and on the front-end firewall protecting the box. And you might have to add load-balancer rules. And if you have virtual domains set up, it can become even more complex. Then, the clients have to open their firewalls for yet another port -- Daniel J McDonald, CCIE 2495, CNX Austin Energy --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] New db container
Daniel J McDonald wrote: On Mon, 2003-10-06 at 07:42, Kritof Petr wrote: Lionel Bouton wrote: The problem is that on the servers' side (main site and mirrors) you'll have to set up rsync servers instead of http servers. As a mirror admin this won't be good news for me... rsync server setup isnt hard. Simple example looks like: # rsync server config # use chroot = no [...] But this is only the beginning. You also have to set up new firewall rules - probably on the box itself and on the front-end firewall protecting the box. And you might have to add load-balancer rules. And if you have virtual domains set up, it can become even more complex. Then, the clients have to open their firewalls for yet another port rsync server can run on port 80. Clients can use standard http proxy, so you need no additional setting. Petr --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] New db container
On Mon, 2003-10-06 at 09:00, Kritof Petr wrote: Daniel J McDonald wrote: But this is only the beginning. You also have to set up new firewall rules - probably on the box itself and on the front-end firewall protecting the box. And you might have to add load-balancer rules. And if you have virtual domains set up, it can become even more complex. Then, the clients have to open their firewalls for yet another port rsync server can run on port 80. Clients can use standard http proxy, so you need no additional setting. Ok, so you already have apache bound to port 80. How do you bind the rsync server to port 80 as well? -- Daniel J McDonald, CCIE 2495, CNX Austin Energy --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] New db container
On Mon, 2003-10-06 at 15:00, Kritof Petr wrote: Daniel J McDonald wrote: On Mon, 2003-10-06 at 07:42, Kritof Petr wrote: Lionel Bouton wrote: The problem is that on the servers' side (main site and mirrors) you'll have to set up rsync servers instead of http servers. As a mirror admin this won't be good news for me... rsync server setup isnt hard. Simple example looks like: # rsync server config # use chroot = no [...] But this is only the beginning. You also have to set up new firewall rules - probably on the box itself and on the front-end firewall protecting the box. And you might have to add load-balancer rules. And if you have virtual domains set up, it can become even more complex. Then, the clients have to open their firewalls for yet another port rsync server can run on port 80. Clients can use standard http proxy, so you need no additional setting. Petr Does rsync support http redirect codes ? If there are several servers and I want to redirect requests to the nearest or least used server. Yes rsync is great for many things, but it's not a miracle cure for every IT problem. In theory, one could extend freshclam to support rsync as a transfer method for updates, but a separate mirror system would have to be set up. Some mirrors could provide both update methods, some just one... but is the extra trouble worth it ? I've worked for companies where setting up a new http virtual servers is easy, but getting management to approve installing a new service like rsync takes more time. Regards, Miguel Dias signature.asc Description: This is a digitally signed message part
RE: [Clamav-users] New db container
Ok, so you already have apache bound to port 80. How do you bind the rsync server to port 80 as well? As a client, you're not running an rsync server, you're running an rsync client. Muskoka.com 115 Manitoba Street Bracebridge, Ontario P1L 2B6 (705)645-6097 Muskoka.com is pleased to announce New High Speed Services please visit http://www.muskoka.com/services.htm for more information --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users