date:20180913

Re: [clamav-users] updates

2018-09-13 Thread Paul Kosinski

"Ah, so when you have things like the 14/15 minute delay, the delay may
not be that long?"

Yes, sampling every 15 minutes *could* mean that a nominal 15 min delay
is in fact only a fraction of a second, but assuming that delays are
uniformly distributed, the mean and median would be 7.5 minutes. And of
course there have been lots of delays over 15 minutes nominal.

Notes:

1. We only sample every 15 minutes since we didn't want to risk being
   banned for excessive HTTP traffic -- long delays would result in
   lots of (short) curls.

2. Freshclam et al run on our gateway machine, which is NTP stratum 2,
   so the reported delays are not due to local clock errors.

3. Other machines on our LAN get updates from the gateway machine, using
   strictly local curls without even using DNS TXT. (External bandwidth
   is not needed.)

4. The most recent delay reports are rather worse than previous ones:

   2018-09-07 14:33:01  01:29:59 delay
   2018-09-07 21:48:01  00:45:00 delay
   2018-09-08 05:48:02  00:44:59 delay
   2018-09-08 13:18:01  00:15:00 delay
   2018-09-08 21:48:02  00:30:00 delay
   2018-09-09 05:03:02  No delay
   2018-09-09 13:18:01  00:14:59 delay
   2018-09-09 21:48:01  00:45:00 delay
   2018-09-10 05:03:02  No delay
   2018-09-10 14:18:01  00:59:59 delay
   2018-09-10 21:33:02  00:30:00 delay
   2018-09-11 05:48:01  00:44:59 delay
   2018-09-11 14:03:01  00:59:59 delay
   2018-09-11 21:18:01  00:15:00 delay
   2018-09-12 05:33:02  00:15:00 delay
   2018-09-12 13:48:02  00:45:01 delay
   2018-09-12 22:18:02  No delay
   2018-09-13 06:03:02  01:00:00 delay

---

On Thu, 13 Sep 2018 14:00:36 +
"Joel Esler (jesler)"  wrote:

> Ah, so when you have things like the 14/15 minute delay, the delay
> may not be that long?
> 
> > On Sep 13, 2018, at 2:16 AM, Paul Kosinski 
> > wrote:
> > 
> > "What is the interval that you run this?"
> > 
> > Every 15 minutes by cron, specifically:
> > 
> > OCBG='/opt/clamav/bin/getfreshclam'
> > 
> >3  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav
> > $OCBG  &&  /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP
> > havp80d 18  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u
> > clamav $OCBG  &&  /usr/bin/killall -HUP havp80c
> > &&  /usr/bin/killall -HUP havp80d 33  *   * * *  root  test -x
> > $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  /usr/bin/killall -HUP
> > havp80c  &&  /usr/bin/killall -HUP havp80d 48  *   * * *  root
> > test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG
> > &&  /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
> > 
> > 
> > (Original post mentioned the interval in passing in the text.)
> > 
> >>> Attached is the code we use to update ClamAV: 'getfreshclam' is
> >>> run by cron under userid clamav (same as clamd) every so often
> >>> (currently every 15 mins) to determine if there are any relevant
> > 
> > --
> > 
> > On Wed, 12 Sep 2018 20:59:45 +
> > "Joel Esler (jesler)"  wrote:
> > 
> >> What is the interval that you run this?
> >> 
> >>> On Sep 12, 2018, at 4:53 PM, Paul Kosinski
> >>>  wrote:
> >>> 
> >>> Joel (and any other interested parties),
> >>> 
> >>> Attached is the code we use to update ClamAV: 'getfreshclam' is
> >>> run by cron under userid clamav (same as clamd) every so often
> >>> (currently every 15 mins) to determine if there are any relevant
> >>> cvd files to update (currently daily.cvd, bytecode.cvd and
> >>> main.cvd).
> >>> 
> >>> Only if something is *really* there -- as determined by *both* the
> >>> DNS TXT record and quick 'curl' of the head of the cvd file -- is
> >>> 'freshclam' invoked to do the actual work. This ensures that
> >>> running the test pretty often doesn't put a big load on the
> >>> servers.
> >>> 
> >>> Notes to help understanding the code:
> >>> 
> >>> 'testclam-external' does the DNS TXT and curl test.
> >>> 
> >>> 'report-delays' logs the delays (or non- delays) found.
> >>> 
> >>> We keep various recent versions of ClamAV in /opt/clamav.d, both
> >>> for testing, and in case we have to backtrack. Thus, /opt/clamav
> >>> is a symlink to the current version, as in:
> >>> 
> >>> /opt/clamav -> /opt/clamav.d/clamav.0.100.1
> >>> 
> >>> 
> >>> Enjoy!
> >>> Paul Kosinski

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] updates

2018-09-13 Thread Joel Esler (jesler)

Ah, so when you have things like the 14/15 minute delay, the delay may not be 
that long?

> On Sep 13, 2018, at 2:16 AM, Paul Kosinski  wrote:
> 
> "What is the interval that you run this?"
> 
> Every 15 minutes by cron, specifically:
> 
> OCBG='/opt/clamav/bin/getfreshclam'
> 
>3  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  
> /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
>   18  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  
> /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
>   33  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  
> /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
>   48  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  
> /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
> 
> 
> (Original post mentioned the interval in passing in the text.)
> 
>>> Attached is the code we use to update ClamAV: 'getfreshclam' is run
>>> by cron under userid clamav (same as clamd) every so often
>>> (currently every 15 mins) to determine if there are any relevant
> 
> --
> 
> On Wed, 12 Sep 2018 20:59:45 +
> "Joel Esler (jesler)"  wrote:
> 
>> What is the interval that you run this?
>> 
>>> On Sep 12, 2018, at 4:53 PM, Paul Kosinski 
>>> wrote:
>>> 
>>> Joel (and any other interested parties),
>>> 
>>> Attached is the code we use to update ClamAV: 'getfreshclam' is run
>>> by cron under userid clamav (same as clamd) every so often
>>> (currently every 15 mins) to determine if there are any relevant
>>> cvd files to update (currently daily.cvd, bytecode.cvd and
>>> main.cvd).
>>> 
>>> Only if something is *really* there -- as determined by *both* the
>>> DNS TXT record and quick 'curl' of the head of the cvd file -- is
>>> 'freshclam' invoked to do the actual work. This ensures that running
>>> the test pretty often doesn't put a big load on the servers.
>>> 
>>> Notes to help understanding the code:
>>> 
>>> 'testclam-external' does the DNS TXT and curl test.
>>> 
>>> 'report-delays' logs the delays (or non- delays) found.
>>> 
>>> We keep various recent versions of ClamAV in /opt/clamav.d, both for
>>> testing, and in case we have to backtrack. Thus, /opt/clamav is a
>>> symlink to the current version, as in:
>>> 
>>> /opt/clamav -> /opt/clamav.d/clamav.0.100.1
>>> 
>>> 
>>> Enjoy!
>>> Paul Kosinski
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] updates

Re: [clamav-users] updates

2 matches

Site Navigation

Mail list logo

Footer information