Chris said:
> On Sunday 21 August 2005 03:09 pm, Stephen Gran wrote:
>
>>
>> Certainly the OP should run freshclam from a normal init script, if the
>> idea is to start freshclam at boot. OP: locate the init script that
>> starts freshclam, and set your options that way, and then skip the cron
>> job. The init script method is the 'normal' way of doing things, and
>> will be something that admins that come after you will quickly grok.
>> Doing things in a non-standard way only raises the curve for others who
>> have to follow you.
>
> Gave up on the cronjob, I'll let freshclam start as per the init script. I
> did
> try adding the sleep to the init script, but, when placing it after
> ${LOGFILE}, and running "service freshclam start" from the cli resulted in
> the process starting "Starting Clam AntiVirus Update Daemon:" but the 'ok'
> was not given. My guess is because of the "sleep" variable.
Ok - time to back up the bus and take another whack at this, and maybe
there's an opportunity to learn something, too.
* You can run freshclam in daemon mode and from cron - no harm, no foul,
just some wasted cpu cycles.
* What you can do but should never do is run freshclam in daemon mode from
cron as this will continue to launch new instances of freshclam each time
cron wakes up.
* If you run freshclam in daemon mode it decides when to check for a new
database. You pick the interval, but the start time of that interval
depends on freshclam and when you started it. Placing a sleep statement in
the startup only affects the initial start time. It will query at that
time n intervals/day where n is in the freshclam.conf file. It doesn't
hurt to put a randomizer in there but it probably doesn't accomplish the
good intentions you meant.
* If you run freshclam from cron you have the opportunity, and I say the
obligation, to randomize the actual query time. BTW, some crons will also
do this - I run Solaris and it does not. By placing the random sleep
period in the non-daemon mode freshclam launch script you guarantee to a
high degree that you are not part of a dogpile problem on the ClamAV
servers.
So, randomizing aside, what are the ups and downs?
Upside for cron:
* Well, cron is pretty damn robust. After using it for nearly 30 years I
have never had a cron failure. That being the case it is in my mind an
excellent tool for handling repeating tasks and that, my friend, is
exactly what freshclam is doing. It is an excellent candidate for cron.
* Because cron starts a new instance of freshclam the system cannot suffer
from ills such as memory leaks common to long-running daemons.
* You will not have to write a monitoring process to ensure that freshclam
is up, running, and doing useful things. Running from cron assures you it
will. On my system I am notified by email if there is a failure - most
commonly I see "Server not synch'd" type messages.
* You don't need to have a startup/shutdown script as you would if running
as a daemon.
* If you run from cron you can be a good network neighbor by randomizing
the query time and period. And I will buy you a beer for being so
intelligent, assuming you are of age.
Downside for cron:
* There is no daemon running. For daemons that have interactive interfaces
such as clamd this is a disadvantage. So far as I know freshclam has no
such interface but this is always a general consideration.
* If cron dies then freshclam dies. But if cron dies you got trouble in
River City, my friend.
* There is a system penalty for starting up processes vs. having them run
continuously. For example, you could run Apache out of inetd and it would
run fine and serve pages, but oh lordy would it be expensive and slow. The
same is true for clamd - you could run it from inetd but it would have to
start up and load the databases each time it ran. Not efficient.
Freshclam, though, runs perhaps hourly, and as such is not a significant
resource load.
* Cron starts a new instance according to the schedule you define. If an
earlier instances fail to run to completion and stop then you can have a
very large parade of freshclam instances running on your system. This is a
potentially fatal problem but indicates a serious problem in your
configuration. Clearly it is abnormal, but it's worth watching for. It's
never happened in my systems.
* Truth is there's not a serious downside I can think of when running it
out of cron.
Summary:
* If you run freshclam in daemon mode don't bother with randomizers - they
won't do anything useful.
* If you run freshclam in daemon mode consider adding a monitoring tool to
ensure it's doing something useful. Not a bad idea even when running from
cron.
* If you run freshclam in daemon mode then don't also run it out of cron.
* If you run it in cron then don't use the daemon switch.
* If you run it in cron then do use a randomizer such as the script I
provided, and collect your beer.
* If you run it in cron add a process table sniffer to see if other
instances are running, and of so, notify you as this is an unhealthy
situation.
Get rid of webadmin as soon as possible. It is keeping you from using your
brain and I assure you it hasn't one of its own.
dp
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
