Cloudflare will grab the file from our infrastructure once it's been requested. (Otherwise it wouldn't know it was there, we can't push into Cloudflare.). But we have discussed a few ideas internally that I think will fix this, let us try a couple things and see if it cuts down on this.
On Oct 18, 2018, at 1:55 PM, Eric Tykwinski <eric-l...@truenet.com<mailto:eric-l...@truenet.com>> wrote: As far as I know you don't upload to cloudflare, it's more of how often does cloudflare check to see if the files have changed. So you setup a TTL on the check frequency on the cloudflare website. Since updates are new they should just be pulled when you ask from the main clam server. So you ask for daily-25048.cdiff, and Cloudflare will ask Clam's main server for that file and cache it. So my guess would be same as the TTL on the DNS check: current.cvd.clamav.net<http://current.cvd.clamav.net>. 1800 IN TXT "0.100.2:58:25048:1539883740:1:63:48006:327" I.E. 30 minutes for older files, and new ones are when they come in. Sound about right Joel, Micah? Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 -----Original Message----- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Paul Kosinski Sent: Thursday, October 18, 2018 1:23 PM To: clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> Subject: Re: [clamav-users] Latest report on update "delays" How can it take 10, 20 30 or more minutes (and I've seen well over an hour at times) to upload the ClamAV database to Cloudflare? Does it have to be uploaded separately (and maybe sequentially) from Cisco to each Cloudflare mirror? Or is Cloudflare's automatic propagation slow? On Thu, 18 Oct 2018 16:07:38 +0000 "Micah Snyder (micasnyd)" <micas...@cisco.com<mailto:micas...@cisco.com>> wrote: Hi Paul, I realize it may look misleading to state that you're up to date when a newer database has been announced. However, if the newer database is still being uploaded to the CDN, it is more accurate to say that the DNS announcement is premature. The change to freshclam is an effort to ignore potentially premature database version numbers listed via DNS. Micah Snyder ClamAV Development Talos Cisco Systems, Inc. On Oct 15, 2018, at 2:26 PM, Paul Kosinski <clamav-us...@iment.com<mailto:clamav-us...@iment.com><mailto:clamav-us...@iment.com>> wrote: I don't have time at the present to try out 0.100.2. I am rebuilding our Web server, which had a disk crash. We have backups, but we need whole new hardware since the old server had an old 32-bit-only CPU. Thus a *supported* Linux version will not run, and so a simple disk replacement was not a viable option. (Unfortunately the new server, although only a VM, still costs almost 50% more per month than the old raw hardware, which was adequate, if clunky.) Back to ClamAV: I don't much like the idea of saying signatures are "up to date" if only 1 version behind the latest version. Most of the time that won't matter, but sometimes a really urgent new signature comes out and this approach could mislead people into a false sense of security. On Thu, 4 Oct 2018 22:27:14 +0000 "Micah Snyder (micasnyd)" <micas...@cisco.com<mailto:micas...@cisco.com><mailto:micas...@cisco.com>> wrote: Hi Paul, Thanks for the update. I am interested to know how freshclam in ClamAV 0.100.2 performs for you. I have made some tweaks to make it ignore mirrors for less time, but more importantly I implemented a change to have it report "up to date" in the event that the signature version provided by the mirror is 1 behind what was advertised. My hope is that this alleviates the issue. Respectfully, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. On Oct 4, 2018, at 4:47 PM, Paul Kosinski <clamav-us...@iment.com<mailto:clamav-us...@iment.com><mailto:clamav- us...@iment.com<mailto:us...@iment.com>><mailto:clamav-us...@iment.com>> wrote: At Joel's suggestion, i have changed our sampling rate looking for ClamAV cvd updates from 15 minutes down to 1 minute. This gives a more precise measurement of how long it takes for the cvd file(s) to actually become available from Cloudflare after its presence is "advertised" by the CNS TXT record. Since these measurements are mainly useful for tuning the ClamAV servers, I won't in the future post them to clamav-users unless others besides the ClamAV team find them useful. (Maybe they should go to the clamav-developers list?) In any case, here is the latest log of delays. Note that these more precisely measured delays are not explained as mere 15-minute quantization errors. 2018-10-02 09:18:02 No delay 2018-10-02 17:18:02 No delay 2018-10-03 01:31:02 00:13:00 delay 2018-10-03 09:42:02 00:24:00 delay 2018-10-03 17:52:02 00:33:59 delay 2018-10-04 01:18:02 No delay 2018-10-04 09:40:01 00:21:59 delay _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net><mailto:clamav- us...@lists.clamav.net<mailto:us...@lists.clamav.net>><mailto:clamav-users@lists.clamav.net> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
