Per Jessen wrote:
Dennis Peterson wrote:
Per Jessen wrote:
Jay Lee wrote:
The point of the exercise it to run freshclam *only* when the update
is published, not to run every x hours (or minutes) without knowing
if there is an update.
Looking at my options there...
Why not just run freshclam as a daemon?
Then you really need to have a daemon watcher to keep it going.
At some point you've got to trust someone/something. Who watches your
daemon watcher? Who watches your OS? Who watches your power-supply?
I run SPARC equipment - I have monitoring for all that and cpu
temperature, too. There's a difference between proper monitoring and
absurdity. Your strawman fails that. The objective for me is
self-healing systems with a human asset as a backup in the event of an
unhealable failure. Those are rare.
And it is actually used just a few seconds a day but as a daemon the
resources it uses are fully committed 100% of the day.
Given the very limited amount of resources it uses, I see no problem in
that.
We found different solutions. But in nearly 30 years of doing this every
day I can tell you I've never had a cron daemon fail, but I can
guarantee freshclam can fail regularly (and has) when run as a daemon.
At some point you just have to step back and take a simple approach,
especially when it's a simple problem.
Running freshclam IS a simple option, IMHO. Anything else is needs
additional scripting, checks of this and that etc. - not a simple
approach at all.
What makes it simple, and it is, is cron and a very basic reuseable
script - the script does far more than just launch freshclam. It also
examines the files freshclam has downloaded to a sandbox before they're
deployed so that bad files don't replace good ones.
And of course I have a daemon monitoring clamd and that daemon watching
tool watches a lot of daemons and other processes. I use cfengine and I
can't recommend it more strongly for data center operations. One of the
daemons it doesn't watch is freshclam because that runs out of cron as
described. It does watch cron, though, and cron watches it. And Big
Brother and HPOV watch everything. Our requirements are for 5 9's
reliability and system availability and that requires self-healing
systems. If something can't heal itself I get paged and email.
So what do you do when your freshclam dies or explodes from a memory
leak or do you depend 100% on it never failing? If the latter then I
assure you we have found different solutions.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
