From clamav-users-bounces@lists.clamav.net Wed Apr 11 20:52:33 2007 Return-Path: X-Original-To: list@tad.clamav.net Delivered-To: list@tad.clamav.net X-Virus-Scanned: Debian amavisd-new at tad.clamav.net Received: from tad.clamav.net ([127.0.0.1]) by localhost (tad.clamav.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tIIwqhRWCU0C; Wed, 11 Apr 2007 20:52:32 +0200 (CEST) Received: from tad.clamav.net (localhost.localdomain [127.0.0.1]) by tad.clamav.net (Postfix) with ESMTP id 347F241411A; Wed, 11 Apr 2007 20:52:22 +0200 (CEST) X-Original-To: clamav-users@tad.clamav.net Delivered-To: clamav-users@tad.clamav.net X-Virus-Scanned: Debian amavisd-new at tad.clamav.net Received: from tad.clamav.net ([127.0.0.1]) by localhost (tad.clamav.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jmm+iL6bcTik for ; Wed, 11 Apr 2007 20:52:20 +0200 (CEST) Received: from tlyons.ivenue.net (nat.ivenue.com [216.35.188.120]) by tad.clamav.net (Postfix) with ESMTP id 11491414102 for ; Wed, 11 Apr 2007 20:52:19 +0200 (CEST) Received: by tlyons.ivenue.net (Postfix, from userid 580) id 911924C453; Wed, 11 Apr 2007 11:52:18 -0700 (PDT) Date: Wed, 11 Apr 2007 11:52:18 -0700 From: Todd Lyons To: clamav-users@lists.clamav.net Message-ID: <20070411185218.GI12285@ivenue.com> Mail-Followup-To: clamav-users@lists.clamav.net References: <461CBC94.3040607@gmx.net> <20070411174141.GA5757@adsl.nervous.it> <461D27F4.7050505@elih.org> Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: <461D27F4.7050505@elih.org> Organization: Ivenue.com User-Agent: Mutt/1.5.11 Subject: Re: [Clamav-users] error stops clamd X-BeenThere: clamav-users@lists.clamav.net X-Mailman-Version: 2.1.9 Precedence: list Reply-To: ClamAV users ML List-Id: ClamAV users ML List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: clamav-users-bounces@lists.clamav.net Errors-To: clamav-users-bounces@lists.clamav.net -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Apr 11, 2007 at 02:24:52PM -0400, Jim Maul wrote: >However, it is illogical that clamd would die completely due to issues >with a recently downloaded definition file. Why can it not just roll >back to the old, previously working, definitions? Can someone please >explain this? Im having trouble trying to comprehend the current behavior. Neutral question: What's worse? a) AV that dies because of problems with virus definitions b) AV that reverts back to previously working definitions but then leaves you with a system that lets the latest things through and the whole time you think you're protected a is not great, but then neither is b. In the case of a, cron scripts watching the daemon process fixes things if it can and notifies you via pager (and 10 pages coming in simultaneously definitely indicates that something is wrong). In the case of b, you see no interruption so you assume all is well (and in this case, all IS well, but suppose some corporation changes their firewall blocking traffic outbound from your clamav box and you never know that it's not getting the latest updates). Notification is a part of the solution IMHO. If clamd recognizes that it's not able to load the new ones because the update process is still occurring, then it should continue running *AND* notify the sysadmin that it's running in what should be considered a degraded mode. The ease with which this is attained will vary by system. - -- Regards... Todd There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. --Ed Howdershelt Linux kernel 2.6.17-6mdv 4 users, load average: 0.24, 0.05, 0.02 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGHS5iY2VBGxIDMLwRAnjPAJ9towGydLsfkSuqnfQdzNKKqCroogCffUx3 HiUQ+beTO8mdlrNI1iSljf0= =I8dY -----END PGP SIGNATURE----- _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html