On 5/2/10 9:59 AM, Alex wrote:
Hi,
Why are some of the databases duplicated in the clamav root dir and
also in the unofficial-dbs/ss-dbs directory, such as
winnow_malware.hdb?
The rsync protocol only downloads the changes between the local and remote
files, so the local file much be available comparison. The
unofficial/ss-dbs is also the working directory where the database's GPG
signature and integrity testing is done before rsyncing the files into the
ClamAV production directory.
By this time you must think I'm dumb or completely new at this. I'd
like to think I'm just more inquisitive and going beyond just the home
use. Time for some more coffee for me :-)
It sounds like the real reason for is duplicates is for the integrity
check, because rsync doesn't otherwise need two local copies. Also for
moving them all into place into production at once?
Rsync is able to transfer only the differences between two files provided a
version of the file being transferred exists on the source and the destination.
In addition, rsync will not transfer anything if it determines there are no
changes between the two files. This saves bandwidth for the mirrors. This
transfer economy requires the client maintain unmodified copies of the files in
the target directory so rsync can make these comparisons. (A bit more to know:
This also works best if the files are unsorted between versions. For a trivial
example, a syslog file that has grown over time. Rsync will skip over the parts
found in both files very quickly and transfer only those parts found in newer
version. If the files have been sorted rsync has to examine and reconstruct the
entire file.)
The above is the reason for having a working area for rsync. A reason for
keeping a separate area for clamd is because clamd will die if a corrupt file is
found in the clamd working area. A corrupt file could include a file that is
being copied into the working area but is not yet complete (non-atomic
copy/move). As clamd does check the working area from time to time the chance
exists that this scan can occur at a time a file is being placed in the working
area.
It is a good practice to minimize file activity in the clamd working area. As
another matter of good practice I only use rsync to place signatures in the
clamd working area because rsync writes to a hidden file until the transfer is
complete at which time that file is renamed. As such it appears suddenly and so
does not cause clamd any problems. This works for local file systems as well as
NAS/NFS/FUSE/CIFS file systems.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
