Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-13 Thread Micah Snyder (micasnyd)
If you're looking at the CLD it will be bigger, because the CLD is not compressed and the CVD is compressed. When you use diffs, it will store the database in CLD format. Micah Snyder ClamAV Development Talos Cisco Systems, Inc. On Dec 12, 2018, at 11:23 PM, Dennis Peterson

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-12 Thread Dennis Peterson
I wonder if the file size changed when Joel regenerated the daily.cvd file  (or I had in unexplainable file size error). I still use all the technology but no longer for big dot coms. The patched files are larger because they have a lot of unneeded bits in them. dp On 12/12/18 7:43 AM, Paul

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-12 Thread Paul Kosinski
The daily.cvd is still less than half as big as main.cvd: -rw-r--r-- 1 clamav clamav 117892267 Jun 7 2017 main.cvd -rw-r--r-- 1 clamav clamav 53147013 Dec 11 14:03 daily.cvd but indeed using the cdiffs could save bandwidth. I never tried using cdiffs since the FAQ said "Let freshclam

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-11 Thread Al Varnell
I have to support you in that this guidance has been there for many years now, but I've never really understood why that was necessary. Obviously this method is part of the problem that Joel has been describing about the number of users always downloading the .cvd and it also greatly increases

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-11 Thread Joel Esler (jesler)
Cloudflare's cache timeout is set to 5 seconds. So, I would doubt that Cloudflare's cache is the issue, it may be an ISP thing in the middle doing the caching, which is what Paul is guessing at this point, if I am following the thread correctly. Out of an abundance of caution I did a

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-11 Thread Dennis Peterson
You know the daily.cvd file is now larger than the main.cvd file, so you are burning up a lot of bandwidth if your world-facing ClamAV mirror is ignoring cdiff files. If it is using freshclam then it is using cdiffs and merging them as part of the process of mirroring. In that case your clients

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-11 Thread Paul Kosinski
Ever since we set up a local mirror on our LAN, we have not been using cdiffs. The reason for this is that I followed the procedure outlined on the ClamAV website (about 2/3 down the page) at: http://www.clamav.net/documents/clamav-virus-database-faq where it says: [Q] I’m running ClamAV on a

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-10 Thread Dennis Peterson
You were using curl (I did remember that after I posted as I'd helped you sort out curl options to do what you wanted) to explore what was available on the servers compared to what was on the DNS TXT record, and that was outside process. It also ignored cdiff files that may have been available

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-10 Thread Eric Tykwinski
Paul, Sorry some of this confusion is probably my fault trying to help without going back to the whole thread. > On Dec 10, 2018, at 9:34 PM, Paul Kosinski wrote: > > We ARE using freshclam to perform the actual update. And always have > been! > > We've only been using curl (not wget, if

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-10 Thread Paul Kosinski
We ARE using freshclam to perform the actual update. And always have been! We've only been using curl (not wget, if that matters) to pull the first few bytes of the cvd to see if its version number matches what the DNS TXT query said. We do this because, after the conversion to Cloudflare, we

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-10 Thread Eric Tykwinski
Dennis, > On Dec 10, 2018, at 8:26 PM, Dennis Peterson wrote: > > Helps too to read the entire thread and the thread that preceded this one. > The OP has used combinations of dig and wget in diagnosing his problems. > > dp Seriously, then he should be just trying to pull the new cdiffs to

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-10 Thread Dennis Peterson
Helps too to read the entire thread and the thread that preceded this one. The OP has used combinations of dig and wget in diagnosing his problems. dp On 12/10/18 5:22 PM, Gary R. Schmidt wrote: On 11/12/2018 11:46, Dennis Peterson wrote: Exactly right. We can't be blaming the ClamAV process

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-10 Thread Gary R. Schmidt
On 11/12/2018 11:46, Dennis Peterson wrote: Exactly right. We can't be blaming the ClamAV process when we don't use the ClamAV process. People that don't use freshclam should have no expectation of high reliability. In fact any expectations are baseless when the wrong tools are employed.

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-10 Thread Dennis Peterson
Exactly right. We can't be blaming the ClamAV process when we don't use the ClamAV process. People that don't use freshclam should have no expectation of high reliability. In fact any expectations are baseless when the wrong tools are employed. dp On 12/9/18 5:44 AM, Joel Esler (jesler)

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-09 Thread Joel Esler (jesler)
As it should be. No one should be downloading the daily and main, (although thousands are), cdiffs were created for a reason. Sent from my  iPhone > On Dec 9, 2018, at 06:58, Eric Tykwinski wrote: > > From back in archives, I think he’s using wget to just pull the files, but > freshclam

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-09 Thread Eric Tykwinski
Joel, > On Dec 8, 2018, at 11:21 PM, Joel Esler (jesler) wrote: > > Not sure what you’re saying here. Are you saying that the daily on the cache > is out of date? > I haven’t really noticed it, but that was Paul Kosinski’s observation from what I’m reading in the first email. So it looks

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-08 Thread Joel Esler (jesler)
Not sure what you’re saying here. Are you saying that the daily on the cache is out of date? Sent from my  iPhone > On Dec 8, 2018, at 20:30, Eric Tykwinski wrote: > > J.R. > > You are falling into the same trap I followed. The txt record is: > current.cvd.clamav.net.1749INTXT

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-08 Thread Eric Tykwinski
J.R. You are falling into the same trap I followed. The txt record is: current.cvd.clamav.net.1749IN TXT "0.101.0:58:25189:1544315340:1:63:48210:327" But host headers is what he’s looking at: telnet database.clamav.net 80 Trying 104.16.185.138... Connected to

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-08 Thread J.R.
I've kind of been reading this thread about the delay at one location vs the other. Maybe I missed it, but I don't seem to recall which DNS servers you were querying. I remember you saying the one location you were having the issues was Comcast as the ISP, but were you always using the Comcast

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-08 Thread Eric Tykwinski
Paul, Sorry I got it backwards, I thought you were saying the TXT record was different which would be effected by DNS caching. The CloudFlare cache would definitely effect daily.cvd, but updates are new. Only way I could see you get around it yourself is to create your own cdiff program from

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-08 Thread Paul Kosinski
Not sure what DNS caching would have to do with this. As I understand "anycast", it happens at the IP address level. An anycast IP address gets routed differently depending are where you are -- different (regional) routers have different "next hops" for the IP address, and it eventually ends up at

Re: [clamav-users] A workaround for the major ClamAV DB update delays we have been experiencing

2018-12-07 Thread Eric Tykwinski
This is getting rather technical, and probably some of CloudFlare’s secret sauce. It sounds like the anycast DNS that cloudflare hosts isn’t really working, or at least I would assume that they are using anycast. So you query current.cvd.clamav.net but are