On 1/7/13 9:32 PM, "sys...@ra-schaal.de" wrote: > Hi Al, > > Am 07.01.2013 21:50, schrieb Al Varnell: >> I'm sure this is due to the large increases over the past month or so of new >> signatures being posted, but several ClamXav users are reporting seeing >> update sessions similar to the following on a frequent basis. > > For me this has nothing to do with ClamXav. I see a traffic-increase on > my mirror since mid-december. I discussed this with a few guys form > sourcefire and some mirror-admins. I have ~300 ip in my database which > allways (!) download main.cvd or daily.cvd. Most of them are not running > ClamXav. > > According to your post i check my logs and found out, that some clients > download the same file three or more times in a row. > > Maybe the diffs are not available on all (our the most) mirrors when the > DNS-record for the current version changes. > > Could you help me out off-list with some ip-adresses that canĀ“t download > diff-files? > I feel confident that it is not that the diffs haven't made it out to the mirrors yet, but that they are no longer there because the mirrors only retain diffs for a given amount of time. The only occurrence when I saw this on my machine was after it had been down for five days over the Christmas holiday. In my case I do two updates a day and my network reliability is very good, so at most I only need to download about twenty diff files. The users that have been experiencing this have needed 80 to 100 diffs to become current. Part of the reason is the holidays and at least one seems to be experiencing network issues that complicate his setup.
In looking at the IP's involved, there is little or no commonality, but I've only seen a fraction of their log entries. Four of us are in the US, one on the East coast, one in Texas (South-Central), one in Indiana (so called Mid-west) and myself on the West coast. Another user is in India. I can harvest IP's from what's been posted if you think it will help, but we haven't seen any patterns. Or you can obtain them for yourself from this discussion <http://www.clamxav.com/BB/viewtopic.php?f=1&t=3038>. ClamXav doesn't do anything unusual with updates. It uses the default freshclam process for main, daily and bytecode when ask. That now happens whenever the app is launched, when the on-access component (Sentry) is launched (either manually, upon wake from sleep or reboot) and it can be scheduled for a maximum of once per day. -Al- -- Al Varnell Mountain View, CA _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml