Ok, at the time, doing an etag check then download seemed very simple and very stable… but given the recent updates, I’ll dive back into trying to setup freshclam with that config change. Thanks for the info.
> On Mar 5, 2021, at 11:00 AM, Andrew Williams <awill...@sourcefire.com> wrote: > > Setting the 'TestDatabases' option to false in freshclam.conf will prevent > freshclam from loading the database file into memory before replacing the > actual CVDs that clamd will use. The potential downside with this is that if > a CVD ends up having load issues for some reason (which shouldn't happen > given the testing we do on our end) clamd won't load in any signatures from > that CVD. With the TestDatabases option enabled, there can be issues on > memory constrained systems since clamd will have a copy of the CVDs loaded > into memory and then freshclam will load another copy into memory at the same > time, but the benefit is that if a new CVD does have issues loading for some > reasons then it won't replace the previous set of CVDs that clamd has been > able to load successfully. > > -Andrew > > Andrew Williams > Malware Research Team > Cisco Talos > > On Fri, Mar 5, 2021 at 1:53 PM Mark Pizzolato - Clamav-Win32 via clamav-users > <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>> wrote: > I've never seen any problem with freshclam's memory footprint. > > On my Windows box, freshclam runs taking up all of 2.6MB. > > Clamd, on the other hand sucks down 1.4GB. > > There is no need to run clamd for the situation you are dealing with. > > On Friday, March 5, 2021 at 10:45 AM, Joel Esler wrote: > > My current suggestion is setup Freshclam to do the initial update. > > > > Directly downloading the raw cld files is no longer scalable. > > > > > On Mar 5, 2021, at 1:29 PM, Ritch Parker <ri...@mixxum.com > > > <mailto:ri...@mixxum.com>> wrote: > > > > > > I originally tried to setup Freshclam but found that, like the scan, it > > consumes a large amount of memory. I have an instance large enough to run > > the scans, but it is on an internal subnet without external access… but > > downloading files takes almost no memory, so to save some cost I just setup > > a small instance on the public subnet to download the daily file… doing a > > once > > every four hour check, then move the file to the larger instance. Was going > > to update further to do a head request, but then it stopped working :( > > ...Really was just looking for an update solution that could be run with a > > very > > small amount of memory and resources and this seemed to be the best fit. > > > > > > > > >> On Mar 5, 2021, at 10:20 AM, Joel Esler (jesler) via clamav-users > > >> <clamav- > > us...@lists.clamav.net <mailto:us...@lists.clamav.net>> wrote: > > >> > > >> Are you using Freshclam to download the updates? > > >> > > >>> On Mar 5, 2021, at 12:58 PM, Ritch Parker <ri...@mixxum.com > > >>> <mailto:ri...@mixxum.com>> wrote: > > >>> > > >>> Hello, > > >>> > > >>> Yesterday, for some reason, all my AWS VMs receive a 403 Forbidden > > response from clamav when attempting to pull the latest cvd files. I’ve > > tried > > from two different instances, from a lambda, and then from my local > > machine. All result in the same response: > > >>> > > >>> $ wget http://database.clamav.net/daily.cvd > > >>> <http://database.clamav.net/daily.cvd> > > >>> --2021-03-05 09:47:46-- http://database.clamav.net/daily.cvd > > >>> <http://database.clamav.net/daily.cvd> > > >>> Resolving database.clamav.net <http://database.clamav.net/> > > >>> (database.clamav.net <http://database.clamav.net/>)... > > >>> 104.16.218.84, 104.16.219.84 Connecting to database.clamav.net > > >>> <http://database.clamav.net/> > > (database.clamav.net <http://database.clamav.net/>)|104.16.218.84|:80... > > connected. > > >>> HTTP request sent, awaiting response... 403 Forbidden > > >>> 2021-03-05 09:47:48 ERROR 403: Forbidden. > > >>> > > >>> Not sure how I can resolve this. Is this temporary? I been checking > > >>> once > > every 4 hours and no change. > > >>> > > >>> Thanks > > >>> > > >>> _______________________________________________ > > >>> > > >>> clamav-users mailing list > > >>> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> > > >>> https://lists.clamav.net/mailman/listinfo/clamav-users > > >>> <https://lists.clamav.net/mailman/listinfo/clamav-users> > > >>> > > >>> > > >>> Help us build a comprehensive ClamAV guide: > > >>> https://github.com/vrtadmin/clamav-faq > > >>> <https://github.com/vrtadmin/clamav-faq> > > >>> > > >>> http://www.clamav.net/contact.html#ml > > >>> <http://www.clamav.net/contact.html#ml> > > >> > > >> > > >> _______________________________________________ > > >> > > >> clamav-users mailing list > > >> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> > > >> https://lists.clamav.net/mailman/listinfo/clamav-users > > >> <https://lists.clamav.net/mailman/listinfo/clamav-users> > > >> > > >> > > >> Help us build a comprehensive ClamAV guide: > > >> https://github.com/vrtadmin/clamav-faq > > >> <https://github.com/vrtadmin/clamav-faq> > > >> > > >> http://www.clamav.net/contact.html#ml > > >> <http://www.clamav.net/contact.html#ml> > > > > > > > > > _______________________________________________ > > > > clamav-users mailing list > > clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> > > https://lists.clamav.net/mailman/listinfo/clamav-users > > <https://lists.clamav.net/mailman/listinfo/clamav-users> > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > <https://github.com/vrtadmin/clamav-faq> > > > > http://www.clamav.net/contact.html#ml > > <http://www.clamav.net/contact.html#ml> > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> > https://lists.clamav.net/mailman/listinfo/clamav-users > <https://lists.clamav.net/mailman/listinfo/clamav-users> > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > <https://github.com/vrtadmin/clamav-faq> > > http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml>
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
