On Sun, Oct 17, 2004 at 03:40:23PM -0400, D Walsh said: > > On Oct 17, 2004, at 11:36, Stephen Gran wrote: > > >On Sat, Oct 16, 2004 at 09:51:53AM -0400, D Walsh said: > >>While I am very happy with clamav, I see room for expansion and > >>potential in a limited global environment. > >> > >>Is it possible to have clamd on other servers utilize the db files on > >>a > >>dedicated server in a local network? > >> > >>I think that it makes sense to have the ability to use a single > >>instance of freshclamd to update the db files while different servers > >>on the local network can utilize them. > >> > >>It may take a simple daemon to establish a port for communication > >>purposes and an option in the config to set the IP and an option to > >>enable/disable this feature (default is disabled) > >> > >>Communication can be robust yet simple in implementation, 2 digit > >>codes > >>for communication and status and a simple md5 checksum on the > >>transfered db files. > > > >I don't think the existing setup needs to be redone for this. There is > >OnUpdateExecute for freshclam, allowing you to run a local script to > >rsync the new cvd files to the other machines, and there is the > >DatabaseMirror directive, allowing you to point other freshclam's on > >the > >LAN to your local mirror. > >-- > > > >----------------------------------------------------------------------- > >--- > >| Stephen Gran | * joeyh_ runs ps and sees 10 lines > >of | > >| [EMAIL PROTECTED] | awk code * joeyh_ recoils in horror > > | > >| http://www.lobefin.net/~steve | > > | > > > >----------------------------------------------------------------------- > >--- > > OK, can you give me an example on how to do this? > local ip's, 10.1.100.10, 10.1.100.11 10.1.100.20, 10.1.100.29 are my > servers
Redirecting this to the list, since this does come up every now and again. I am going to extrapolate, since I do not know. For the purpose of this, I will say that 10.1.100.10 has internet access, and make it the master db server. I can imagine two ways that you might want to do this - one immediate, one a little less network intensive, but resulting in less bursty traffic. Use whichever method works in your environment. For the immediate update, you would write a script that rsync's the cvd files to each of the other machines, e.g., would contain lines like: rsync -e ssh /var/lib/clamav/ 10.1.100.11:/var/lib/clamav/ for each slave host on the network. If the script is /usr/local/sbin/update-slave-dbs, then you would have this line in freshclam.conf: OnUpdateExecute /usr/local/sbin/update-slave-dbs If this kind of bursty traffic (it will network copy both cvd files to each host in your network immediately after upgrade, so you will have (number of hosts * size of both cvd files) in traffic for each update), you can do a lazier update style, where the slaves query the master: On 10.1.100.10, use the normal DNSDataBaseInfo and DatabaseMirror directives. On the slaves, omit DNSDataBaseInfo, and just use: DatabaseMirror 10.1.100.10 in freshclam.conf on each of the slaves. HTH, -- -------------------------------------------------------------------------- | Stephen Gran | Who needs friends when you can sit | | [EMAIL PROTECTED] | alone in your room and drink? | | http://www.lobefin.net/~steve | | --------------------------------------------------------------------------
pgp1zYpbZDE4k.pgp
Description: PGP signature
