Dennis Peterson wrote: >> At some point you've got to trust someone/something. Who watches >> your daemon watcher? Who watches your OS? Who watches your >> power-supply? > > I run SPARC equipment - I have monitoring for all that and cpu > temperature, too. There's a difference between proper monitoring and > absurdity. Your strawman fails that.
We run Intel equipment (mostly) and monitor all that too. Still, it sounds like you've decided to trust your daemon-watcher daemon? We do not use daemon-watchers simply because it's impossible to tell when to stop. If you trust your watcher, you might as well trust the daemons it watches. > but I can guarantee freshclam can fail regularly (and has) when run as > a daemon. Now that is WORRYING. Are the clamav developers listening in here? I can't verify Dennis' statement myself, but if freshclam can regularly fail, it must be looked into! Dennis, have you filed a bug-report or at least an enhancement request? > It also examines the files freshclam has downloaded to a sandbox > before they're deployed so that bad files don't replace good ones. That is a separate, unrelated issue - I do the same, but triggered by freshclams "OnUpdateExecute" procedure. > Our requirements are for 5 9's reliability and system availability and > that requires self-healing systems. If something can't heal itself I > get paged and email. We use SMS, but the idea is the same. > So what do you do when your freshclam dies or explodes from a memory > leak or do you depend 100% on it never failing? For one thing, freshclam has never died nor exploded from a memory leak, nor is it a critical process. If freshclam fails to do an update within 15mins after we've received the clamav email-notification, a warning is raised. /Per Jessen, Zürich _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
