a.kasparas at gmc
Mar 24, 2007, 12:49 AM
Post #7 of 7
(1746 views)
Permalink
|
|
Re: Patch: freshclam: keep downloaded cdiffs for local distribution
[In reply to]
|
|
Luca Gibelli wrote:
> Hello Aidas,
>
>>>> v. 0.90.1 applies downloaded cdiffs and removes them, so there is no
>>>> way to distribute them to local clients. Attached patch allows to keep
>>>> them and configure movement to RootDirectory of local web server.
>>> There's no need for such a patch, please check the latest version of the FAQ.
>> Which one is the latest?
>
> Obviously the one linked on our website:
> http://www.clamav.net/support/faq
Well, you have this faq, and you have faq in the wiki. They differ. And
I was not sure that options which do not apply anymore was not removed
from wiki.
>
> The FAQ explains why a patch is not needed:
>
> * I’m running ClamAV on a lot of clients on my local network. Can I serve the cvd files from a local server so that each client doesn’t have to download them from your servers?
>
> * Sure, there are two possible solutions.
> * If you want to take advantage of incremental updates, install a proxy server and then configure your freshclam clients to use it (watch for the HTTPProxyServer parameter in man freshclam.conf).
> * The second possible solution is to configure a local webserver on one of your machines (say machine1.mylan) and let freshclam download the *.cvd files from http://database.clamav.net to the webserver’s DocumentRoot. Finally, change freshclam.conf on your clients so that it reads:
> * DatabaseMirror machine1.mylan
> First the database will be downloaded to the local webserver and then the other clients on the network will update their copy of the database from it. For this to work, you have to add ScriptedUpdates off on all of your machines!
>
Again, I was (still am) not confident.
If I put ScriptUpdates off, then freshclam will get udpates the old way
-- by downloading megabyte size file on every update. This is not a good
option because:
- throws away all developer efforts to minimize traffic from signature
mirrors (and I preffer to be a good user);
- do not allow to minimize traffic in my network (of which only some
25% are on "unlimited" LAN, all others are located in other cities,
connected over not so wide pipes, some even on GPRS, where every byte
counts)
I am not happy with cacheing proxy solution because some of my users are
mobile and from time to time they connect their computers from outside
of my network. Some my users are outside of my network allways, but
connected over hardware which is incapable to work as cacheing HTTP
proxy server. So, if I'll go the proxy way, I'll have to open [limited]
HTTP proxy functionality to clients from internet side, which I preffer
to avoid for number of reasons.
Therefore, keeping modus operandi and serving freshclam downloaded
cdiffs doesn't seems so stupid and unnecessary idea to me.
The only problem -- current clamwin [I know, I should complain to them]
configuration fallbacks directly to the old way if it can't find the
very latest cdiff. And now dailies comes so often that chances are no
longer minimal that clients will ask for cdiff at the moment when new
daily is advertised on dns but it is not yet downloaded by freshclam.
Even with allowed 4 times per hour schedule.
--
Aidas Kasparas
IT administrator
GM Consult Group, UAB
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
|
signature.asc
