[sanesecurity] Re: Long DB refresh times

  • From: Henrique de Moraes Holschuh <henrique.holschuh@xxxxxxxxxxxxx>
  • To: sanesecurity@xxxxxxxxxxxxx
  • Date: Wed, 25 Apr 2012 09:30:39 -0300

On 24-04-2012 19:11, TR Shaw wrote:
On Apr 24, 2012, at 4:41 PM, Richard Doyle wrote:
On 04/24/2012 09:29 AM, Richard Doyle wrote:
On 04/24/2012 09:13 AM, micah anderson wrote:

Has anyone else seen these kinds of delays? Is there any way
to get these databases to load faster or to allow ClamAV to
continue scanning when the database is being reloaded?

I was noticing this as well, and it seemed like it was
something that has only recently started to happen. I
suspected a bug or something, but perhaps we reached some
tipping point.

Me too. I'm moving to once-a-day updates.

Once a day updates defeats the purpose to detect early threats.  We
need to get this solved and IMHO I think that it is a bug ClamAV.

Indeed it is an scalability issue in clamav.

Anyway, if you really want to fix the root cause behind this kind of
issue, you need to decouple your capabilities to receive email from
clamav and the rest of the complex components of your content filter.

Note that "receive mail" is different from "forward mail".  You'd queue
it until the content filtering engine is back online, users would notice
the added latency, but would still be able to submit email to the MSA
and it would eventually be delivered when the content filtering engine
came back online.

Obviously, when you do this, you CANNOT reject on the part of the
content filter that is behind the queue.  You can only discard or let
the email through.

Henrique de Moraes Holschuh <hmh@xxxxxxxxxxxxx>
IM@ - Informática de Municípios Associados
Engenharia de Telecomunicações
TEL +55-19-3755-6555/CEL +55-19-9293-9464

Antes de imprimir, lembre-se de seu compromisso com o Meio Ambiente
e do custo que você pode evitar.

Other related posts: