On 9/29/15 3:41 AM, Joel Esler (jesler) wrote:
Al, Thanks for brining that up.
Once a minute? That’s fairly excessive.
Once an hour is appropriate… Overdoing it, but more appropriate. Keep in mind
that the mirrors are donated to ClamAV and the bandwidth you are consuming is
probably fairly heavy. If everyone did that….
--
Joel Esler
Manager, Talos Group
Not likely - it is a DNS query each minute, not a file transfer. There are other
reasons why it is a bad idea not the least of which is it is a form of
self-denial of service. And ignorance. It simply isn't necessary to poll each
minute.
The OP can avoid loss of service during a signature refresh by using two
instances of clamd on two different ports and dynamically manage port forwarding
in IPTables/IPChains. This allows updating each instance independently and a
near atomic change of clamd instances. It is a poor-man's Big-IP but one that is
not without some challenges of its own. There's no magic solution.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
