Re: [clamav-users] updates

Paul Kosinski Wed, 12 Sep 2018 13:54:01 -0700

Joel (and any other interested parties),

Attached is the code we use to update ClamAV: 'getfreshclam' is run by
cron under userid clamav (same as clamd) every so often (currently
every 15 mins) to determine if there are any relevant cvd files to
update (currently daily.cvd, bytecode.cvd and main.cvd).


Only if something is *really* there -- as determined by *both* the DNS
TXT record and quick 'curl' of the head of the cvd file -- is
'freshclam' invoked to do the actual work. This ensures that running
the test pretty often doesn't put a big load on the servers.

Notes to help understanding the code:

'testclam-external' does the DNS TXT and curl test.

'report-delays' logs the delays (or non- delays) found.

We keep various recent versions of ClamAV in /opt/clamav.d, both for
testing, and in case we have to backtrack. Thus, /opt/clamav is a
symlink to the current version, as in:

  /opt/clamav -> /opt/clamav.d/clamav.0.100.1


Enjoy!
Paul Kosinski


On Wed, 12 Sep 2018 15:41:23 +0000
"Joel Esler (jesler)" <jes...@cisco.com> wrote:

> Paul,
> 
> Can you give me some more information on how you do this?  How often
> is the check ran, etc.
> 
> I am working with cloudflare on the issue now.
> 
> On Sep 7, 2018, at 2:25 PM, Paul Kosinski
> <clamav-us...@iment.com<mailto:clamav-us...@iment.com>> wrote:
> 
> Here is our recent CVD delay report showing how long the actual
> daily.cvd (and sometimes bytcode.cvd) file(s) lag behind the DNS TXT
> record.
> 
> We are located near Boston, and the data comes via Comcast cable, but
> our DNS queries use our old, slow static-IP DSL. I keep it this way
> because there were stories about some major ISPs munging DSL replies
> (like replacing NXDOMAIN with an IP addresse of a Web site belonging
> to the ISP). Our DSL, on the other hand, doesn't ever do this, and
> even passes port 25, so we can send mail directly (rather than
> relaying through a possibly snoopy ISP.)
> 
>  2018-08-18 05:03:02  No delay
>  2018-08-18 13:18:02  00:15:01 delay
>  2018-08-18 21:33:02  00:15:01 delay
>  2018-08-19 05:03:01  No delay
>  2018-08-19 14:03:01  00:44:59 delay
>  2018-08-19 21:18:02  00:15:00 delay
>  2018-08-20 05:33:02  00:30:01 delay
>  2018-08-20 13:33:02  00:30:00 delay
>  2018-08-20 21:03:02  No delay
>  2018-08-21 05:18:01  No delay
>  2018-08-21 13:03:01  No delay
>  2018-08-22 18:18:02  00:15:00 delay
>  2018-08-23 02:33:01  00:29:59 delay
>  2018-08-23 09:48:02  00:45:00 delay
>  2018-08-23 17:03:02  No delay
>  2018-08-24 02:18:02  01:15:00 delay
>  2018-08-24 09:33:02  00:30:00 delay
>  2018-08-24 18:48:02  00:30:01 delay
>  2018-08-25 01:18:02  No delay
>  2018-08-25 09:18:02  00:15:00 delay
>  2018-08-25 17:33:02  00:30:00 delay
>  2018-08-26 02:33:01  01:29:59 delay
>  2018-08-26 09:48:02  00:45:01 delay
>  2018-08-26 18:03:02  01:00:00 delay
>  2018-08-27 01:03:01  No delay
>  2018-08-27 09:18:02  00:15:00 delay
>  2018-08-27 17:33:01  00:29:59 delay
>  2018-08-28 01:48:02  00:45:00 delay
>  2018-08-28 09:18:02  No delay
>  2018-08-28 17:33:01  No delay
>  2018-08-29 01:18:01  00:14:59 delay
>  2018-08-29 09:33:02  00:30:01 delay
>  2018-08-29 17:48:01  00:45:00 delay
>  2018-08-30 01:03:01  No delay
>  2018-08-30 09:18:02  00:15:00 delay
>  2018-08-30 17:18:01  00:14:59 delay
>  2018-08-31 01:18:01  00:14:59 delay
>  2018-08-31 09:48:02  00:45:01 delay
>  2018-08-31 22:18:01  00:45:00 delay
>  2018-09-01 05:18:01  00:14:59 delay
>  2018-09-01 13:33:02  00:30:00 delay
>  2018-09-01 21:48:01  00:44:59 delay
>  2018-09-02 07:03:02  01:00:00 delay
>  2018-09-02 13:48:01  00:44:59 delay
>  2018-09-02 21:03:01  No delay
>  2018-09-03 05:03:02  No delay
>  2018-09-03 13:03:02  No delay
>  2018-09-03 21:03:01  No delay
>  2018-09-04 05:03:01  No delay
>  2018-09-04 13:03:02  No delay
>  2018-09-04 21:03:01  No delay
>  2018-09-05 05:03:02  No delay
>  2018-09-05 14:18:01  01:14:59 delay
>  2018-09-05 21:18:02  00:15:00 delay
>  2018-09-06 05:18:02  00:15:00 delay
>  2018-09-06 13:33:02  00:30:01 delay
>  2018-09-06 21:03:03  No delay
>  2018-09-07 05:18:02  00:15:00 delay

reportdelays
Description: Binary data

testclam-external
Description: Binary data

getfreshclam
Description: Binary data

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] updates

Reply via email to