Dennis Peterson wrote:

>> At some point you've got to trust someone/something.  Who watches
>> your daemon watcher? Who watches your OS? Who watches your
>> power-supply?
> 
> I run SPARC equipment - I have monitoring for all that and cpu
> temperature, too. There's a difference between proper monitoring and
> absurdity. Your strawman fails that. 

We run Intel equipment (mostly) and monitor all that too.  Still, it
sounds like you've decided to trust your daemon-watcher daemon?  We do
not use daemon-watchers simply because it's impossible to tell when to
stop. If you trust your watcher, you might as well trust the daemons it
watches. 

> but I can guarantee freshclam can fail regularly (and has) when run as
> a daemon. 

Now that is WORRYING.  Are the clamav developers listening in here?  I
can't verify Dennis' statement myself, but if freshclam can regularly
fail, it must be looked into!  Dennis, have you filed a bug-report or at
least an enhancement request? 

> It also examines the files freshclam has downloaded to a sandbox
> before they're deployed so that bad files don't replace good ones.

That is a separate, unrelated issue - I do the same, but triggered by
freshclams "OnUpdateExecute" procedure.

> Our requirements are for 5 9's reliability and system availability and
> that requires self-healing systems. If something can't heal itself I
> get paged and email.

We use SMS, but the idea is the same. 

> So what do you do when your freshclam dies or explodes from a memory
> leak or do you depend 100% on it never failing? 

For one thing, freshclam has never died nor exploded from a memory leak,
nor is it a critical process. If freshclam fails to do an update within
15mins after we've received the clamav email-notification, a warning is
raised.



/Per Jessen, Zürich

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Reply via email to