Re: [clamav-users] Freshclam Question
On Wednesday 01 July 2015 05:27:33 Gene Heskett wrote: On Wednesday 01 July 2015 04:22:29 Al Varnell wrote: The default in the source code is 12 times a day. # Number of database checks per day. # Default: 12 (every two hours) #Checks 24 The Troubleshooting FAQ https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-troublesho ot.md still says: • How many times per hour shall I run freshclam? If you are running ClamAV 0.8x or later, you can check for database update as often as 4 times per hour provided that you have the following options in freshclam.conf: DNSDatabaseInfo current.cvd.clamav.net DatabaseMirror db.XY.clamav.net The above is from a several year old install as db.local.clamav.net changed to db.us.clamav.net now. DatabaseMirror database.clamav.net Replace XY with your country code:iana. If you don't have that option, then you must stick with 1 check per hour. -Al- Awake again. Seems a correction was in order, according to htop, the config file I was editing should have been /etc/clamav/freshclam.conf, not /etc/freshclam.conf which also existed. So I changed it, nuked the other, and sent it a SIGHUP. Worked this time. And I'm still a quart low on coffee. Take it another 5 minutes to brew. ;-) Thanks Al. Cheers, Gene Heskett -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Genes Web page http://geneslinuxbox.net:6309/gene ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam Question
On Wednesday 01 July 2015 04:22:29 Al Varnell wrote: The default in the source code is 12 times a day. # Number of database checks per day. # Default: 12 (every two hours) #Checks 24 The Troubleshooting FAQ https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-troubleshoot.md still says: • How many times per hour shall I run freshclam? If you are running ClamAV 0.8x or later, you can check for database update as often as 4 times per hour provided that you have the following options in freshclam.conf: DNSDatabaseInfo current.cvd.clamav.net DatabaseMirror db.XY.clamav.net The above is from a several year old install as db.local.clamav.net changed to db.us.clamav.net now. DatabaseMirror database.clamav.net Replace XY with your country code:iana. If you don't have that option, then you must stick with 1 check per hour. -Al- And since htop runs as root here, I just sent freshclam a SIGHUP, which should make it reread the /etc/freshclam.conf file. A tail on the log does not show them however, so it must be sleeping pretty soundly. I'll see what hapopens when it next wakes up a few seconds after 6am local. On Wed, Jul 01, 2015 at 01:09 AM, Matus UHLAR - fantomas wrote: On 30.06.15 09:26, Gene Heskett wrote: While personally investigating it here, I came to /etc/freshclam.conf, and discovered it was checking hourly. IMO that is really severe abuse of a free service, so I reset it to 12x daily and may even set it down to 2x a day. the default seems to be 48 daily checks, so I wouldn't consider 24 checks a day to be abuse... imho it's better to have fresh database. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml Thanks Al. Cheers, Gene Heskett -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Genes Web page http://geneslinuxbox.net:6309/gene ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
RE: [Clamav-users] freshclam question
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Allan Joergensen Sent: Thursday, February 17, 2005 9:16 AM To: clamav-users@lists.clamav.net Subject: [Clamav-users] freshclam question Hi, in order to insure that the database is always up to date I'm trying to use OnErrorExecute/OnUpdateExecute to generate alerts in our monitoring system, so far with little luck. I've tried both OnUpdateExecute logger -t . and OOnUpdateExecute /path/to/script none of them seems to work. I see no obviuos reasons why this isn't working. You have to know that even if you run freshclam with root, it setuid's to the clamav user. That said, you have to be sure that that user can log (have homedir and stuff) and run the script. In my case I had to add some env vars to run the script. It wasn't easy to debug. It's a really weird problem. This is our line on the freshclam file: OnUpdateExecute BASH_ENV=~clamav/.bashrc HOME=~clamav /some/script.sh | mail [EMAIL PROTECTED] -s ClamAV updated $HOSTNAME The OnError line was much easier: OnErrorExecute tail /var/log/clamav/freshclam.log | mail [EMAIL PROTECTED] -s ClamAV Error $HOSTNAME Regards, Samuel ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] freshclam question
Samuel Benzaquen wrote, On 17-02-2005 14:40: That said, you have to be sure that that user can log (have homedir and stuff) and run the script. Indeed, that did the trick. Thanks. -- Allan Joergensen - http://nowhere.dk/ I will not cut corners./'' '' '' ''/'' '' '' '' - Bart's Board ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Freshclam Question
On Tue, 30 Nov 2004 at 8:25:43 -0800, Jeff Grossman wrote: I am running clamd and freshclam as a daemon. When freshclam updates the virus database, does it restart clamd so it see the new database, No and yes. or do I have to manually do that? No. man freshclam ; man freshclam.conf -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Freshclam Question
On Tue, 30 Nov 2004 08:25:43 -0800 in [EMAIL PROTECTED] Jeff Grossman [EMAIL PROTECTED] wrote: I am running clamd and freshclam as a daemon. When freshclam updates the virus database, does it restart clamd so it see the new database, or do I have to manually do that? Clamd is notified by freshclam of the update to the database, it reloads it when it is next asked to scan something. I have a fairly lightly loaded mail server here, it is not unusual to see several minutes or even longer elapse between the freshclam database updated message and the clamd database reloaded message. It was either Trog or Tomasz who pointed this out when I asked a few months ago, I had wondered what was happening too until it was explained to me. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users