Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ClamAV>
  3. win32
[clamav-users] Can clamd only reload changed databases?
jahlives at gmx
Apr 30, 2019, 6:07 AM
Post #1 of 3 (249 views)
Permalink
We have the problem that we change our custom clamav rules quite often.
A job syncs changed rules files to clamav server and then sends a
SIGUSR2 signal to reload the signatures. In that time of reloading
clamav does not really work and the application using clamd has to wait
for up to 30s.
So we wonder if it's somehow possible to "tell" the clamd that only
changed databases have to be re-read. As our own sigs are very small
compared to the stock sigs, the reload for our sigs is quite fast. What
takes long is the reload of stock sigs.
Basically we're looking for a way to tell clamd to only reload defined
databases or changed databases.

If that is not possible in current clamav, would it be worth considered
a feature request for future releases?

Thanks for any idea



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Can clamd only reload changed databases? [ In reply to ]
clamav-users at lists
Apr 30, 2019, 7:03 AM
Post #2 of 3 (249 views)
Permalink
Could you run two copies of clamd, one using stock db and the other using
your custom sigs? Then you would only need to signal the one running the
custom sigs when they change. Yes you would need to trigger two scans of
the target data, but the overhead shouldn't be too bad. The only thing I
can't remember is how to tell each clamdscan which clamd to use, but I'm
pretty sure it's possible.

On Tue, Apr 30, 2019, 9:08 AM Tobi <jahlives@gmx.ch> <jahlives@gmx.ch>
wrote:

> We have the problem that we change our custom clamav rules quite often.
> A job syncs changed rules files to clamav server and then sends a
> SIGUSR2 signal to reload the signatures. In that time of reloading
> clamav does not really work and the application using clamd has to wait
> for up to 30s.
> So we wonder if it's somehow possible to "tell" the clamd that only
> changed databases have to be re-read. As our own sigs are very small
> compared to the stock sigs, the reload for our sigs is quite fast. What
> takes long is the reload of stock sigs.
> Basically we're looking for a way to tell clamd to only reload defined
> databases or changed databases.
>
> If that is not possible in current clamav, would it be worth considered
> a feature request for future releases?
>
> Thanks for any idea
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] Can clamd only reload changed databases? [ In reply to ]
jahlives at gmx
Apr 30, 2019, 7:23 AM
Post #3 of 3 (249 views)
Permalink
That sounds do-able, thanks for the hint

> The only thing I can't remember is how to tell each clamdscan which
> clamd to use, but I'm pretty sure it's possible.

as our application directly talks to clamd that will be easy to solve.

Think the overhead can be more reduced as the 2nd clamd instance will
only run our sigs, so we can turn off a lot of clamd option which are
already performed in the 1st instance.


Am 30.04.19 um 16:03 schrieb Michael M. Minor:
> Could you run two copies of clamd, one using stock db and the other
> using your custom sigs? Then you would only need to signal the one
> running the custom sigs when they change. Yes you would need to trigger
> two scans of the target data, but the overhead shouldn't be too bad. The
> only thing I can't remember is how to tell each clamdscan which clamd to
> use, but I'm pretty sure it's possible.
>
> On Tue, Apr 30, 2019, 9:08 AM Tobi <jahlives@gmx.ch
> <mailto:jahlives@gmx.ch>> <jahlives@gmx.ch <mailto:jahlives@gmx.ch>> wrote:
>
> We have the problem that we change our custom clamav rules quite often.
> A job syncs changed rules files to clamav server and then sends a
> SIGUSR2 signal to reload the signatures. In that time of reloading
> clamav does not really work and the application using clamd has to wait
> for up to 30s.
> So we wonder if it's somehow possible to "tell" the clamd that only
> changed databases have to be re-read. As our own sigs are very small
> compared to the stock sigs, the reload for our sigs is quite fast. What
> takes long is the reload of stock sigs.
> Basically we're looking for a way to tell clamd to only reload defined
> databases or changed databases.
>
> If that is not possible in current clamav, would it be worth considered
> a feature request for future releases?
>
> Thanks for any idea
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal