Anish,
What sort of scanning are you doing on these client machines ?
Which databases are you using with ClamAV ?
What data is stored on these clients ?
What operating system(s) are they running ?
I ask since the way some of us run ClamAV there is
little benefit on running it on each client machine.
On Mon, 17 May 2021, ANISH SHETTY via clamav-users wrote:
Hi All,
I needed some clarifications in configuring clamav on our client machines.
We have several client machines and the client machines we have cannot contact
the official clamav server to fetch the cvd and cdiff files. And hosting a
private server and setting is up as a DownloadMirror is also not possible in
our case since we have many clients, and we'll have to setup and maintain a
server in network of each of these clients.
I believe that the download mirror can be on a different network as
long as the client can see and read it, so you may not need as many
servers as you think.
However, we provide these client machines with an update periodically (once in
a quarter as of now) Thereby, I was considering the possibility of pushing the
virus definition files as part of a client machine update. I can have a machine
in my local network where I can download the cvd and cdiff files as part of
cvdupdate and then push these to the client machines as part of the update. I
had a few questions related to these, would really appreciate some help
1) If I place the cvd files and cdiff file in a temporary location within the
machine, is it possible to use that location in local filesystem as
DownloadMirrror/PrivateMirror so that freshclam can merge the cvd and cdiff
files (or any other way to do this, to avoid having several cdiff files). I
couldn't find any info on this in the documentation.
2) If I place the cvd files and consequent cdiff files in /var/lib/clamav, will
clamd consider only the cvd files, or would it consider the cdiffs as well? (If
I can't use freshclam on local filesystem)
3) Is there any better way to approach this? I know that having a quarterly
update of virus definitions leave the machines at risk. The clients can keep
the cvds updated if they want to. But I expect a lot of the customers to not
keep the cvds updated and was thinking of a best possible way to address them.
I am also aware of the 90 days limit on the cdiffs available. So, if this
approach doesn't make sense for quarterly cycle, I can think of pushing them
each month.
Clam people:
if the machines are rebooted (not just hibernated) daily,
could the .cld (probably not .cvd) files be mounted from a network share
(kept updated by running freshclam on the server),
rather than each client running freshclam ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
