Log in

No account? Create an account


ClamAV aargh

« previous entry | next entry »
24th Jul 2008 | 13:30

We're being hammered by loads of vicious email trojans, which mutate fast. I've resorted to adding manual blocks in Exim because ClamAV isn't keeping up.

Just now I was very puzzled that freshclam wasn't downloading the latest version of the virus database. It turns out that although I have told it to poll 100 times a day (about every 15 minutes), freshclam uses the DNS to check what is the latest version, and the TTL on the relevant DNS record is 30 minutes.

| Leave a comment |

Comments {3}


from: pakennedy
date: 24th Jul 2008 14:37 (UTC)

I'm pretty sure that you can override that and make it not use DNS as a switch.

Reply | Thread

Tony Finch

from: fanf
date: 24th Jul 2008 14:54 (UTC)

Yeah I know, but if you do that then freshclam limits the number of daily updates to 50.

Reply | Parent | Thread


from: nonameyet
date: 24th Jul 2008 15:41 (UTC)

The dns check and the 50 times per day limit are only enforced in the damon code, so use the cron script (adding --no-dns) instead ?

Reply | Parent | Thread