On 17/01/2022 15:06, Arjen de Korte via clamav-users wrote:
Citeren Nick Howitt via clamav-users <clamav-users@lists.clamav.net>:
Not quite. I have taken over the packaging of this and the
justification of packaging the sigs is partly that the tool will work
and scan out of the box, partly for the offline consideration and
partly because there will be a delay after installation where ClamAV
is installed but not in a running condition. IIRC it won't even start
without a database. This means that a yum install will need to pause
and run freshclam before it can attempt to start clamd. This has
knock-on issues and, apparently, it is always best for yum todownload
what it needs with yum and not some third party tool.
One thing to remember is, is that if you intend your packaging tool to
rebuild the package frequently (daily? weekly?), you'll be
indistinguishable from abusive downloaders who download the full
database over and over again (and don't use freshclam / cvdupdate
instead). This will get your IP blacklisted fairly quickly as you
empirically found out already.
One option would be to setup a local database mirror that is updated
through either freshclam or cvdupdate and let your packaging tool
download the database from there with whatever method you see fit (wget,
curl). That will prevent frequent downloading the full database from the
ClamAV servers, yet will allow you to package fresh database files as
often as you see fit.
We only rebuild on an upstream update. At some point after it is
installed the servers will run freshclam. Until freshclam is run you
can't start clamd, so you perhaps need a watcher to start clamd at an
appropriate time? madness!
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
