Hi there,
On Wed, 2 Sep 2020, Andrew C Aitchison via clamav-users wrote:
The sample freshclam.conf ...
# Default: 12 (every two hours)
...
but https://blog.clamav.net/2020/07/freshclam-cdiffs-effect-on-bandwidth.html
...
2. Reduce the checks to once or twice a day.
Would it make sense to make these agree ?
+1
Bear in mind that a normal freshclam database update check (which is
just a DNS query) doesn't necessarily result in the download of any
file - not even of a .cdiff file.
In the same blog post it says that the databases are only updated once
per day. In view of the types of threat that some folks have to deal
with that seems a little infrequent, although I do understand that
there are pressures on resources. Also bear in mind that if the update
frequency is once per day both at the server and at the client, then
if the timings are unfortunate the delay between an update at source
and the update by a client could be almost _two_ days.
Finally the blog post talks about a small number of IPs which seem to
be downloading the main and daily databases tens of thousands of times
per day. While I suppose it is plausible that these are deliberately
malicious downloads it seems more likely to me that the explanation is
incompetence in large organizations which have a lot of workstations
behind NAT firewalls. I suspect a local caching proxy or mirror could
eliminate some of the problems, but the blog post does not mention it.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
