[Avcheck] Avp update hourly
Piotr Klaban
makler@man.torun.pl
Wed, 26 Sep 2001 09:31:35 +0200
On Wed, Sep 26, 2001 at 01:10:21AM +0400, Michael Tokarev wrote:
> BTW, is it useful to update hourly? As long as I can tell,
> Kaspersky updates their virusbases once per day or so...
Recently (after the Nimda attack) we have changed update time
from daily to hourly. Our network was not affected by the
virus (we have not windows based network here), but I know
one institution that cures their local network for a couple of days
already. Their updated virus databases at 4am GMT, and it would
perhaps save them time for cure if they'd update bases hourly
(but it is not so clear here, because Nimda spreads with
viewing html page of the affected host - javascript code
opened readme.eml AFAIK).
>From that I know that daily.avc file is updated between 21:00 GMT
and 22:00 GMT, AND during the day at least one time - I can not
say exact time, but yesterday it was before 16pm GMT.
One think here is important - daily.avc is updated more than
once per day, but IT IS possible, that my update program
is broken.
>From their FTP server:
-rw-r----- 1 502 ftp 3120 Sep 25 21:17 avp.klb
-rw-r----- 1 502 ftp 5716 Sep 25 21:17 daily.avc
-rw-r----- 1 502 ftp 457 Sep 21 15:16 avp.set
-rw-r----- 1 502 ftp 16309 Sep 21 15:16 up010921.avc
It seems that daily.avc and avp.klb for know were updated at 21:17,
while the "normal" update time is 15:16 (their server displays
the time in GMT zone, according to my crontabs).
Then they release new avp.set and upYYMMDD.avc at about 15:15 GMT,
and update daily.avc (and avp.klb - filelist mtime etc. file)
at about 21:15 GMT.
Then for now it should be enough to update virus databases
at 16:00 GMT and 22:00 GMT, if you do not want to update
hourly.
I think that hourly updates are better if the connection
to Russia is broken for some time (or our local or international
connection), but I do not know how the ftp.avp.ru server
would behave when everybody would connect to them at one hour
e.g. 22:00 GMT (I am connecting at 21:55 :-).
--
Piotr Klaban