What about a deeper mirroring system? Perhaps one that supports notification?
One of the things I like about BIND (not enough to use it, but still an admired concept ;-) is the way zones can be distributed... notification speeds things up if it works, polling creates a failsafe in which a missing notify doesn't cause the world to end...
right, but as discussed below, generally bind servers don't have 100k people waiting for notifications and updates.
Hourly polls is a good thing - but if the system worked both ways, the mirror could signal the end clients that it's time to download... those notifies could be send only to clients that had registered to receive it (an option in freshclam) and would not push the data, but trigger a freshclam pull.
with that option, the 'clients' would either have to remain connected the entire time, which is completely not feasable, or somehow the database mirrors would have to either 'remember' who to notify, or have some sort of registry of people to notify (I can see how one might do this with a paid mirror service), and then send out notifications (even a single UDP packet to 100k servers could be quite bandwidth intensive. The architecture could work, yes, but it doesn't scale well, and I don't think the clamav team has the resources to do this sort of ass-kissing for free. They're already providing a wonderful service to the internet community, we cannot bite the hand that feeds us.
Another problem with this notification is there are still the spikes when the notifications come out that EVERYONE AND THEIR BROTHER contacts the database mirrors for updates. Your solution doesn't solve any problems imposed by Christopher's idea, and actually introduces more.
In my opinion, the existing system is fine, and if you want better, you should talk to the clamav folks about setting up some sort of 'priority' mirror, in which you would pay a fee for having more enhanced services, like notification, dns update polling, etc. And of course, proceeds (or at least a major part of) would go to the clamav team for being the most kick ass anti-virus product out there. I'm not sure how the official procedure would be to roll something like this out, but now that I think of it, I may just go about working on something like this. Gotta pay for my colocation somehow :)
Tomasz, et al.: Please expect to see an email from me by the end of the work day tomorrow (or rather, today, but I haven't slept yet)
It could provide faster update response and smooth out the spikes in download traffic, and could be used to maintain a larger set of mirrors... without increasing polling frquency... a new "freshclam server" could allow all larger users to easily run their own mirrors for internal distribution...
I would think that most 'larger users' (5+ node mail server cluster) would already have an internal mirror. It's not difficult to do, and has been discussed on this list, and in the clamav documentation many times.
Just a few ideas...
hey, brainstorming is good, it's just the ideas aren't always ;)
-Jeremy
--
Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc.
[EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l
kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
