Hi, I run some 40 PCs behind a linux firewall.

To stop 40 PCs querying the clamav servers every hour, I run freshclam on the linux firewall, and publish the clamav database directory through our internal webserver.

This has now ceased working since I upgraded to 0.93 on both server and clients.

The problem is that the linux freshclam now maintains a daily.cld file, whereas the clients are looking for a daily.cvd file. I tried creating a symbolic link from daily.cvd -> daily.cld, but the clients report a MD5 verify error.

I've set CompressLocalDatabase option = no on the linux server.

Q: How do I go about sharing the clamav database downloaded by my server to the clamwin clients on my LAN?

I actually had a few problems in this area with this when I upgraded to release 0.92 because the linux freshclam would only download clamwin.cvd and daily.cvd, yet the clients were looking for *.inc directories; but so long as I emptied the client database directory first, then the client would initialise using the cvd files, and would then happily update them.

All help gratefully received.

Cheers!
Nik

cvd files are different from cld, cld are created using .cdiff files, so you can force download of the cvd by removing the old one
or setup a proxy for .cdiff files

.inc directories are no more used so if a client looks for it then you need to upgrade to 0.93

hope this help

Hi Sherpya,

Thank you for your helpful reply.



Ok, so what you're saying is if I run freshclam from a script that deletes daily.* before it starts, then that would work?



I was thinking on this last night, and would like to investigate this again.

I tried this about two years ago. From memory, the problem was that the proxy didn't cache the clamav files, resulting in each file being downloaded 40 times per hour - I stopped that immediately.

I had understood that the cause was the metadata (or possibly a lack of it) associated with the clamav files causing the proxy not to cache them.

However, I was thinking that I might be able to force the proxy to cache .cvd and .cdiff files, thereby solving that problem. Of course, there remains the issue of having old cdiff files removed from the cache...

I'll look into that later this evening. )

Cheers!
Nik

any proxy is able to handle no more referenced files, but the problem is different
freshclam asks to the proxy to not cache the content to avoid having old files
My best suggestion is remove *.cld before calling freshclam on the master,
so you'll always have updated main.cvd and daily.cvd,
you'll lose cdiff functionality but you'll gain bandwidth by copying these files
on each client

Hi Sherpya,

Thank you for your reply.

Option P:
Looking up my squid (proxy) documentation, I believe that I can force it to cache .cdiff files, which would make sense anyway. From what I've seen in the clamwin logs, each cdiff file has a unique name, so it is reasonable and safe to cache them. (Is there anything I should be aware of if I do succeed in caching .cdiff files?)

What I am unsure about is what might happen if a number of clients decide to update their database files simultaneously - I don't know if my proxy would detect it properly and only download the files once and return the file from cache to the other clients, or whether that would result in multiple downloads of the same cdiff file.

Option C:
Looking at the size of daily.cvd, I guess I am probably up for 5-10 MB of downloads most days if I disable cdiff support by deleting the cld file.

One thing I need to achieve is to avoid having out-of-date clients accessing the clamav servers and causing our server address to be blocked because of that. I believe I can sort that with either option.

I'm testing both options at the moment, and will see if one is better than the other.

Thanks again for your

as you aid I think it's reasonable to cache cdiff files, but I'm not sure freshclam is putting or not no-cache header when downloading cdiff
I'll check it and it may also be a good idea to suggest to avoid the no-cache header to clamav developers

I just thought I'd post back to update folks.

I've been updating my 40-odd PCs through our squid caching proxy, and so far everything is working well.

It seems that squid is happy to cache the cdiff files without any intervention from me. I just set my clients to use my server as a proxy, and everything else "just works (TM)". I monitored the logs for the first few days, and then some weeks later, and as far as I can see each cdiff file is dragged into the cache only once, and then retrieved from cache by the other PCs.

One further benefit: When I run up a new PC, I just tell it to update its database. Any files in the cache are retrieved from there, and any not in the cache (presumably having been automatically cleaned up by the proxy) are just retrieved directly from the clamav download site.

So the system works with no config on the server, and just the additional proxy config on the clients. It requires zero maintenance, and handles even exceptional situations correctly and automatically.

I'm about to investigate telling squid to keep the cdiff files a little longer than some other files to hopefully reduce the traffic caused when updating newly installed machines.

Thanks again to everyone - and particularly Sherpya for all your help - and the great software!

Cheers!
Nik