Bill Landry's unofficial sigs script does it right by using a random
function as an offset from cron time to actually initial a sig download.
For those of us with a couple dozen or more systems this is a
mirror-friendly way of not getting into lockstep with any fixed-offset
scheme. Here is the code segment from Bill's script and I recommend
something like it.
if [ -n "$RANDOM" ]
then
sleep_time=$(($RANDOM * $(($max_sleep_time - $min_sleep_time))
/ 32767 + $min_sleep_time))
else
sleep_time=0
while [ "$sleep_time" -lt "$min_sleep_time" -o "$sleep_time"
-gt "$max_sleep_time" ] ; do
sleep_time=`head -1 /dev/urandom | cksum | awk '{print $2}'`
done
fi
A bit of precision overkill given there are only 3600 seconds in an
hour, but it works. I use sleep $[ RANDOM % 900 ] and I have no idea nor
care when the signature download actually begins, but every machine's
crontab starts at the same time. The important thing to remember here is
there is a finite amount of time required to dl all the sigs so
regardless of the start time there will be overlap with other clients
just because there are more clients than there are seconds in an hour.
On my personal servers I do this once each day and most of what I catch
are traced to signatures from Sane Security. Less than 15/day, on average.
dp
On 1/28/13 2:50 PM, McDonald, Dan wrote:
On 1/28/13 4:10 PM, "Noel Jones" <njo...@megan.vbhcs.org> wrote:
On 1/28/2013 2:27 PM, Benny Pedersen wrote:
if you used freshclam as a deamon it will update when dns is showing
new versions, not wait one hour or more in cron to get the newest
updates
Incorrect.
When you run freshclam as a daemon, the freshclam.conf specifies how
many times per day to check for updates. There's not a lot of
practical difference between a daemonized freshclam with "Checks 24"
and a once-an-hour cron job.
I normally run "checks 47" or "checks 49". That's not quite (or just
slightly more often than) every half hour. Using an odd number like that
ensures that I don't get stuck on a popular minute for polls...
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
