[Avcheck] Avp update hourly

Piotr Klaban makler@man.torun.pl
Wed, 26 Sep 2001 09:31:35 +0200


On Wed, Sep 26, 2001 at 01:10:21AM +0400, Michael Tokarev wrote:
> BTW, is it useful to update hourly?  As long as I can tell,
> Kaspersky updates their virusbases once per day or so...

Recently (after the Nimda attack) we have changed update time
from daily to hourly. Our network was not affected by the
virus (we have not windows based network here), but I know
one institution that cures their local network for a couple of days
already. Their updated virus databases at 4am GMT, and it would
perhaps save them time for cure if they'd update bases hourly
(but it is not so clear here, because Nimda spreads with
viewing html page of the affected host - javascript code
opened readme.eml AFAIK).

>From that I know that daily.avc file is updated between 21:00 GMT
and 22:00 GMT, AND during the day at least one time - I can not
say exact time, but yesterday it was before 16pm GMT.
One think here is important - daily.avc is updated more than
once per day, but IT IS possible, that my update program
is broken.

>From their FTP server:
-rw-r-----   1 502      ftp            3120 Sep 25 21:17 avp.klb
-rw-r-----   1 502      ftp            5716 Sep 25 21:17 daily.avc
-rw-r-----   1 502      ftp             457 Sep 21 15:16 avp.set
-rw-r-----   1 502      ftp           16309 Sep 21 15:16 up010921.avc

It seems that daily.avc and avp.klb for know were updated at 21:17,
while the "normal" update time is 15:16 (their server displays
the time in GMT zone, according to my crontabs).

Then they release new avp.set and upYYMMDD.avc at about 15:15 GMT,
and update daily.avc (and avp.klb - filelist mtime etc. file)
at about 21:15 GMT.

Then for now it should be enough to update virus databases
at 16:00 GMT and 22:00 GMT, if you do not want to update
hourly.

I think that hourly updates are better if the connection
to Russia is broken for some time (or our local or international
connection), but I do not know how the ftp.avp.ru server
would behave when everybody would connect to them at one hour
e.g. 22:00 GMT (I am connecting at 21:55 :-).

-- 
Piotr Klaban