Bug #2504
freshclam should be run at least every hour
| Status: | CLOSED | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 100% | |
| Category: | nethserver-antivirus | |||
| Target version: | v6.5-beta3 | |||
| Security class: | Resolution: | |||
| Affected version: | v6.4-beta2 | NEEDINFO: | No |
Description
clamav releases updated definitions many times a day, we should update them more often than daily.
Associated revisions
Increased random sleep delay to 30' max. Refs #2504
To avoid run-parts blocks, output descriptors are closed and a child
process is started as session leader.
History
#1
Updated by Filippo Carletti over 7 years ago
- Target version set to v6.5-beta3
- Affected version set to v6.4-beta2
We could add our update script to the cron hourly directory or link the script coming from the clamav-db package in cron.daily.
If we add our script we could add some random delay inside the script to reduce the load on clamav mirrors.
We could also add a script in cron.d.
#2
Updated by Giacomo Sanchietti over 7 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
The random interval it's a best practice to avoid load on remote servers.
Proposed implementation: /etc/cron.hourly/freshclam-random
#!/bin/bash /bin/sleep $[ $RANDOM % 900 ] && /etc/cron.daily/freshclam
#3
Updated by Giacomo Sanchietti over 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#5
Updated by Giacomo Sanchietti over 7 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#6
Updated by Giacomo Sanchietti over 7 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
- nethserver-antivirus/nethserver-antivirus-1.0.5-1.0git6838bd73.ns6.noarch.rpm
Test case
Check freshclam-random script is launched each hour. See /var/log/cron
#7
Updated by Filippo Carletti over 7 years ago
- Status changed from ON_QA to TRIAGED
- Assignee set to Filippo Carletti
- % Done changed from 70 to 20
After updating freshclam is run every hour, but I suspect that the random sleep is expressed in seconds instead of minutes.
/bin/sleep $[ $RANDOM % 5 ] && exec /etc/cron.daily/freshclam
Evidence from logs that freshclam is run every hour:
Jan 29 18:06:57 Updated: nethserver-antivirus-1.0.5-1.0git6838bd73.ns6.noarch
Jan 29 19:01:01 nsrv64a2 run-parts(/etc/cron.hourly)[9695]: starting freshclam-random
Jan 29 19:01:08 nsrv64a2 run-parts(/etc/cron.hourly)[9714]: finished freshclam-random
ClamAV update process started at Wed Jan 29 19:01:05 2014
#8
Updated by Davide Principi over 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee changed from Filippo Carletti to Davide Principi
- % Done changed from 20 to 30
#9
Updated by Davide Principi over 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
Reworked the script to avoid run-parts blocks and increased random delay to a between 0 and 1800 seconds (30 minutes).
#10
Updated by Davide Principi over 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:
nethserver-antivirus-1.0.5-2.0git12a89187.ns6.noarch.rpm
#11
Updated by Giacomo Sanchietti over 7 years ago
- Assignee set to Giacomo Sanchietti
#12
Updated by Giacomo Sanchietti over 7 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 70 to 90
Freshclam is correctlry started by cron:
Jan 19 09:23:02 localhost run-parts(/etc/cron.daily)[3615]: starting freshclam Jan 19 09:23:10 localhost run-parts(/etc/cron.daily)[3643]: finished freshclam
Marking as VERIFIED.
#13
Updated by Davide Principi over 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
Released in nethserver/6.5/base repository.