On Tue, 10 Aug 2004, Jeremy Kitchen wrote: > On Tuesday 10 August 2004 12:23 pm, Damian Menscher wrote: > > Ok, this is turning into a scary beast. But we already have several > > mailing lists (clamav-users, for example) which can obviously handle a > > bit of a load. Might be interesting to concoct a specially-formatted > > message that the milter (or clamd itself) could recognize as a database > > update, and automatically append to its list of signatures. > > this is actually a pretty decent idea. I think it would be best to, rather > than have clamd try to detect it, have a special address on the machine that > processes the message via a program. Most MTAs I'm aware of (at least on the > unix side) can do this, I know qmail can for sure.
Good idea. Taking it out of the milter allows for qmail/exim/postfix compatibility, and sending to a dedicated address saves the effort of processing every message (though presumably you're doing that anyway). With sendmail, you could add to /etc/aliases something like: clamav-updates | sigtool --add Before people get too excited about this idea, though, there are some issues that need to be fixed. Anyone know if it's really feasible for us to obtain a mailserver that can send out 2k emails to all (100,000?) users in a short (5-10 mins) time? Assuming those numbers are reasonable, that means 200 meg of data. Combined with SMTP overhead, it seems like it would be troublesome. Additionally, there are potential bandwidth issues if you consider we'd need to do that several times/day. Updating the "main" database is one concern. Sending out a 2-meg email to everyone seems like it might be too much load, but sending out the 1K email telling everyone to get it means the mirrors will get swamped. I can't think of a way around this, but hopefully someone else can? Also, this doesn't give much provision for removing "bad" signatures (that cause false positives) since it really just appends rules. We'd need to figure out a way to delete signatures also. I could imagine doing this by including a "null" signature, or using some other flag. Finally, there's the whole issue of multiplying your points of failure. If your current database is screwed, appending more to it will leave it screwed. And if you add stuff to it a few times a day, chances are it will get screwed up at some point. At least this issue has a simple fix: include an MD5 sum with the update which must match your MD5 sum after applying the update. If they don't match, you know something went wrong, either with this update or a previous one. (This has the danger that if the developers send an email with an incorrect MD5 hash, everyone will thrash the mirrors.) Note to the developers: please don't feel like you have to code up any of our random ideas. I'm just having fun brainstorming about how to optimize this process. I expect in another few days of discussion we'll have converged on a fairly sane idea. Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
