Mailing List Archive

[clamav-users] clamac + amavis database reload
Hi there,

if the databases from clamav has changed clam-av is reloading by himself. I have configured to check every 5 min.

Does amavis need to be reloaded too?
i have the feeling that new "learned" virus will not be detect by amavis + clamav.


after some time amavis detect this virus without doing anything.

Does this behavior changed in the last month?

kind regards
Philipp


--
Philipp Ewald
Administrator


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamac + amavis database reload [ In reply to ]
Citeren Philipp Ewald <philipp.ewald@digionline.de>:

> if the databases from clamav has changed clam-av is reloading by
> himself. I have configured to check every 5 min.

That's a bit excessive. The DNS record that freshclam checks has a TTL
of 1800 seconds, so checking more often than every minutes is a waste
of effort.

> Does amavis need to be reloaded too?

No.

> i have the feeling that new "learned" virus will not be detect by
> amavis + clamav.
>
> after some time amavis detect this virus without doing anything.

It may depend on the way you reload the virus signatures. CPU and/or
memory constrained systems may take several minutes before the new
signatures are loaded. The default behaviour is to keep scanning with
the old signatures in the mean time.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamac + amavis database reload [ In reply to ]
i don't mean remote database, i mean the local
# Check for new database 24 times a day
Checks 24

i mean:
OfficialDatabaseOnly false
SelfCheck 300

> It may depend on the way you reload the virus signatures. CPU and/or memory constrained systems may take several minutes before the new signatures are loaded. The default behaviour is to keep scanning with the old signatures in the mean time.

Wed Nov 10 15:18:09 2021 -> SelfCheck: Database modification detected. Forcing reload.
Wed Nov 10 15:18:09 2021 -> Reading databases from /var/lib/clamav
Wed Nov 10 15:18:25 2021 -> Database correctly reloaded (8581056 signatures)
Wed Nov 10 15:18:25 2021 -> Activating the newly loaded database...


can i speed this up by reloading amavis manual?


many thanks!


On 11/10/21 5:01 PM, Arjen de Korte via clamav-users wrote:
> Citeren Philipp Ewald <philipp.ewald@digionline.de>:
>
>> if the databases from clamav has changed clam-av is reloading by himself. I have configured to check every 5 min.
>
> That's a bit excessive. The DNS record that freshclam checks has a TTL of 1800 seconds, so checking more often than every minutes is a waste of effort.
>
>> Does amavis need to be reloaded too?
>
> No.
>
>> i have the feeling that new "learned" virus will not be detect by amavis + clamav.
>>
>> after some time amavis detect this virus without doing anything.
>
> It may depend on the way you reload the virus signatures. CPU and/or memory constrained systems may take several minutes before the new signatures are loaded. The default behaviour is to keep scanning with the old signatures in the mean time.
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

--
Philipp Ewald
Administrator

DigiOnline GmbH, Probsteigasse 15 - 19, 50670 Köln
Fax: +49 221 6500-690, E-Mail: philipp.ewald@digionline.de

AG Köln HRB 27711, St.-Nr. 5215 5811 0640
Geschäftsführer: Werner Grafenhain

Informationen zum Datenschutz: www.digionline.de/ds

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamac + amavis database reload [ In reply to ]
Hi there,

On Wed, 10 Nov 2021, Philipp Ewald wrote:

> if the databases from clamav has changed clam-av is reloading by himself. I
> have configured to check every 5 min.

*What* is it that you have configured to check every 5 min? There are
two main periodic checks, the check by freshclam that the copy of the
database on your local storage medium is up to date, and the check by
clamd that it has an up to date copy of the local database in memory.
The clamd daemon does *not* check the status of the local database on
disc against the remote database maintained by the ClamAV team. It is
the freshclam utility which does that.

> Does amavis need to be reloaded too?

I don't know - please explain how you have configured Amavis and
ClamAV to work with each other. If Amavis is using the clamd daemon
over a socket, then you probably don't need to reload Amavis but you
will need to make sure that clamd reloads its database when it detects
that a database change has taken place. It can do that itself, or you
can configure freshclam to notify it when an update happens. It's all
in the documentation.

> i have the feeling

Your feeling is not much use to us. Is there something concrete which
gives you this feeling and which you can show to us?

> that new "learned" virus will not be detect by amavis + clamav.

ClamAV has no way of creating "learned" signaturees. It uses only the
data in its database, which you must arrange to be provided to it and
to be kept up to date - for example by running freshclam.

> after some time amavis detect this virus without doing anything.

Please be more precise.

> Does this behavior changed in the last month?

The behaviour of ClamAV has not changed except perhaps for faults
which may have been fixed. These will be listed in the release notes.
I cannot speak for the behaviour of Amavis, you probably need to talk
to the Amavis people about that.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml