Dennis Peterson wrote: > Steve Basford wrote: > >> Gut feeling is that it's not a signature problem, more timing perhaps >> caused by the increase in the number of signatures being reloaded, >> and the interaction between freshclam, the RELOAD/USR2 command (used by >> scripts) and clamd. >> > > I don't have a problem here (yet, fingers also crossed) but I don't run > freshclam as a daemon. It is run out of cron as is the script I wrote to > refresh > Sane Security signatures. I set them var enough apart they cannot collide. > > I also use rsync to move the Sane Security files from the download/test > directory into the clamav database directory as it does atomic copies. Clamd > is > not aware of them until rsync unhides them. The thinking is it makes them > immune > to clamd's self-check process. A self-check with a file partially copied to > the > db directory has caused clamd errors in the past.
I have read that standards since POSIX.1-1988 onwards have imposed atomicity requirements on rename (mv) that effectively require it to be a system call. The Open Group Base Specifications Issue 7 states: "This rename() function is equivalent for regular files to that defined by the ISO C standard. Its inclusion here expands that definition to include actions on directories and specifies behavior when the new parameter names a file that already exists. That specification requires that the action of the function be atomic." For reference, see: http://www.opengroup.org/onlinepubs/9699919799/functions/rename.html So why not just use mv, since mv is simply a rename (see man rename and man mv). > So the sequence here is: > > 1. Run freshclam from cron at random times between 0 and 10 minutes past the > hour, and randomly between 30 and 40 minutes past the hour. Freshclam will > notify clamd as appropriate. > > 2. Fetch Sane Security and MSRBL files at random times between 15 to 25 > minutes > past the hour twice each day. > > 3. If there are new downloads, process Sane Security and MSRBL files in a > working directory. Verify with clamscan there are no errors. Proceed to next > step on success or exit. > > 4. Use rsync to perform atomic copy of updated files from working directory > to > ClamAV db directory > > 5. Notify clamd via Unix socket > > dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
