Endpoint Protection

 View Only

  • 1.  LiveUpdate consumes too much disk space

    Posted Jan 09, 2015 07:26 PM

    Hi all,

    not sure if this is the proper place to ask. If not I'd gladly appreciate a pointer into the right direction.

    Curently I'm running SEP (12.1.x) with these RPMs in an openSUSE 13.1 (i586) environment:

      sav-1.0.14-13.i386
  savjlu-1.0.14-13.i386

    I don't need managed clients. Neither do I need GUI or on-access scanning (Auto-Protect).

    All I need is scanning via the command line client and updating the signatures of course.

     

    Now, quite a few of these Linux clients are running into disk space issues when running LiveUpdate as of lately.

    Unfortunately there are only ~6.5 GB available for both the tmp directories and virus definitions.



    The first observation is that disk space needed for the virus definitions itself appears to have increased by 50% (!) in the last 2.5 months:
     

    # du -sch /opt/Symantec/virusdefs/*
359M    /opt/Symantec/virusdefs/binhub
8.0K    /opt/Symantec/virusdefs/texthub
4.0K    /opt/Symantec/virusdefs/incoming
807M    /opt/Symantec/virusdefs/20141001.002
1.2G    total
    		 Oct 01, 2014 
    # du -sch /opt/Symantec/virusdefs/*
913M    /opt/Symantec/virusdefs/20150108.001
889M    /opt/Symantec/virusdefs/binhub
4.0K    /opt/Symantec/virusdefs/definfo.dat
0       /opt/Symantec/virusdefs/incoming
4.0K    /opt/Symantec/virusdefs/texthub
4.0K    /opt/Symantec/virusdefs/usage.dat
1.8G    total
    		 Today


    (Perhaps it is worth noting that other AV products use well < 0.5 GB for their signature databases.)


    The second observation is that sometimes > 5 GB of tmp space are used by LiveUpdate during the update process. This is 3 times the size of the signature directory.

    I have observed this rather extensive usage of tmp space both when a machine had been turned off for 1 oder 2 weeks and while it was running continuously (and performing LiveUpdate several times a day).

    If I understand http://www.symantec.com/docs/TECH180196 correctly, a machine that's been turned off for a period of time in deed has to download quite a bit, perhaps even the full defs. But this should not occur if the machine is running and checking for signature updates every couple of hours.

     

    That said, is there anything I can do to reduce the amount of disk space used -- if only scanning via the command line is needed?

    • Can the size of the definitions perhaps be reduced?
    • What about the directory /opt/Symantec/virusdefs/binhub? Could it perhaps be removed?
    • Is there anything I could do about the excessive tmp usage?
    • ...

    Any hints are greatly appreciated!

     

    TIA, Till



  • 2.  RE: LiveUpdate consumes too much disk space

    Posted Jan 09, 2015 07:28 PM
    You could compile your own but at the end of the day it won't change the def sizes. Those continue to grow it seems with the release of new updates.


  • 3.  RE: LiveUpdate consumes too much disk space

    Posted Jan 09, 2015 07:31 PM
    Brian,
     
    does compiling my own set of definitions reduce the space required while updating? If yes, how do I do that?

    Thanks, Till



  • 4.  RE: LiveUpdate consumes too much disk space

    Posted Jan 09, 2015 07:46 PM

    Sorry, I meant compiling you're own auto-protect kernel. This won't change the size of the defs though.