Hello from the ClamAV team; Some concerns about freshclam data usage w/ new containers #17
Replies: 1 comment 3 replies
-
|
Hello! I understand the concern about CDN costs and rate limitation. Hopefully the system's approach addresses that concern. There are two Lambda functions that utilize ClamAV in the docker image (which is built locally at launch time and on system updates) . One for downloading definitions and one for scanning
Thanks for thoughtful response! |
Beta Was this translation helpful? Give feedback.
-
|
This sounds like a reasonable approach, but I do notice here: that you aren't taking the.cld files into account. When a .cvd (or .cld) database is updated by FreshClam, FreshClam downloads one or more .cdiff patch files. It unpacks the .cvd (or .cld) and applies the patches in order. When complete, it creates a new database archive with a .cld extension. So TL;DR is that the .cvd update process replaces the file with a .cld file.
Perhaps as a disclaimer, in a future version we may add more database archives than just |
Beta Was this translation helpful? Give feedback.
-
That makes sense. I've opened an issue for that. In regards to the With that being said. Should the download_defs lambda function be downloading the |
Beta Was this translation helpful? Give feedback.
-
|
No the download_defs lambda function should be downloading the |
Beta Was this translation helpful? Give feedback.
-
Hi!
I just saw your message on the #clamav IRC space. This is a neat project. 👍 By the way, I noticed that you didn't stick around. If you want, try using our Discord server or our user mailing list - which offer a better experience for drive by messages because you can check back later to see if you got any responses ;-) https://docs.clamav.net/#mailing-lists-and-irc-channel
We (the ClamAV team) recently added our own docker images on Docker Hub: https://hub.docker.com/r/clamav/clamav
Currently we don't have a stable release out yet -- our first will be 0.104. We haven't backported our image to older versions because we're using CMake to build ClamAV and the CMake build system was not complete in the current stable release.
You'll note that we offer 2 images. The first (eg "unstable") is very large and includes a signature database set which we'll update once per month. This will save the ClamAV project a lot of bandwidth when a new container is started from the image because
freshclamwon't have to download the entire database set from scratch. The second image has a_basesuffix and does not include any databases. This one should only be used when mounting a volume that stores existing signature databases for the database directory. See https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.104/README.Docker.md#persisting-the-virus-database-volumeUsing either an image which includes databases (that are newer than 90 days old) or mounting a database directory volume not only saves the ClamAV project 💰 on our CDN bill, but it also reduces the chance that new containers will get rate limited by our CDN. Rate limiting is particularly common in AWS and other public clouds because the public IP for different users is the same. It occurs when
freshclamtries to download a whole database file instead of a database patch file (.cdifffile).If your project could ensure that users do not download the entire database set when starting a new container, that would really help.
I haven't put a lot of time into reviewing the code here yet, just a cursory glance. I may try to look a little bit more but don't know that I'll provide much input. If you have any specific questions I can probably help better.
Also, I recently was working on documentation improvements. In reviewing the community projects list, I found there are 2 other projects for scanning S3 buckets. I haven't spent any time with them but you may find it helpful to review these projects, :
Beta Was this translation helpful? Give feedback.
All reactions