Hi there,
On Sun, 21 Mar 2021, Paul Smith via clamav-users wrote:
On 20/03/2021 17:12, G.W. Haywood via clamav-users wrote:
My understanding is that if you're using a private mirror you're supposed
to set the 'PrivateMirror' option, which does not use DNS to check for the
existence of updated files, but checks the files themselves directly.
...
I'm sorry, but this is definitively NOT what the website says!
https://www.clamav.net/documents/private-local-mirrors
Option (2) (which is still documented but won't work any more) says ...
Maybe I've missed something. Can you explain why it won't work?
As I understand it, as far as the Cloudflare service is concerned,
option 2 effectively makes a bunch of clients into a single client.
The single client is your Webserver - which behaves as any ordinary
client, in that it uses freshclam in the 'conventional' way. It uses
DNS to find the latest versions of the databases, and downloads cdiff
files if and when it needs to update the databases. But the database
files are now in the Webserver's document store; they are distributed
to the Webserver's clients (which are the remainder of your computers)
by running freshclam on _those_ computers in the 'unconventional' way,
i.e. with the 'PrivateMirror' option set. Your Webserver won't have
implemented DOS protection such as the ClamAV team has been obliged to
do by the ongoing abuse, and won't care that on every update freshclam
fetches the full database files instead of a few difference files; and
your LAN will probably have at least Gigabit/s capacity, so grabbing a
few hundred megabytes of files per day is a few seconds of traffic per
day per machine and isn't likely to be an issue. If your network is
larger than can be supported by a single mirror you could daisy-chain
more secondary mirrors from it (or perhaps something more creative)
but I'd expect you'd to be able to deal with that if you're managing
such a large network.
Anyway, the Cloudflare servers just see a single, well-behaved client.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
