pfSense

Assuming you are talking about Squid, it's not supposed to do anything with cron. You are totally on your own, this feature is completely unsupported.

Yeah you are right, I am talking about the squid package, but especially the freshclam component. Freshclam is executed periodically from cron to update the virus definitions. If you change the config Parameter "Checks" in freshclam.conf in the Web-GUI (advanced options) the crontab entry of freshclam is not updated (interval does not change). So this parameter has actually no effect at all.

In my crontab I had an entry that was looking like this:

*/1472 * * * * clamav /usr/local/bin/freshclam --config-file=/usr/local/etc/freshclam.conf

It was impossible to change this through the Web-GUI and was leading to a lot of freshclam updates / hour.
This doesn't seem like wanted behaviour for me.

I had to manually edit config.xml to make the changes permanent.

Sorry if I am missing something, but I thought this should be reported.

"Checks" in freshclam.conf is not using/configuring cron, at all. Switching to manual config and changing freshclam.conf will not touch cron, at all. The only thing using and configuring cron is the "ClamAV Database Update" dropdown in the GUI - Antivirus tab.

*/1472 * * * * is a value that's impossible to configure via the GUI plus it's definitely not something that'd be leading "to a lot of freshclam updates / hour"

As noted in bold read in the GUI, do NOT use advanced manual configuration unless you know what you are doing. If you need to delete corrupt/unwanted stuff fron crontab (or to manipulate crontab in general), install the Cron package.

This hopefully makes things more obvious: https://github.com/pfsense/FreeBSD-ports/pull/254

@OP: No, the above PR still will not make the cronjob honor Checks in freshclam.conf or anything similar.

Thanks for the git link. That makes things more clear.

Sorry I couldn't remember the exact value of the crontab entry. I only knew it started with */14xx

With looking at the code the value must have been */1440

That really makes no sense in the minute crontab column and it definitely leads to multiple executions per hour. That's at least what my logs etc. were showing me and should be clear because of the way crontab works.

Anyway this seems to have been fixed with moving the whole calculation to the hour column.

Finally I would like to say, that I definitely know what I am doing, so this was not really a problem for me to solve.
Actually the pfsense Web-GUI is somehow misleading with telling:

"You must edit the configuration files directly in the 'Advanced Features'."

In the case of editing the Checks Parameter it has no effect.

Cheers

Alexander Berkes wrote:

That really makes no sense in the minute crontab column and it definitely leads to multiple executions per hour. That's at least what my logs etc. were showing me and should be clear because of the way crontab works.

Definitely not here. Most liky due to a different issue with safebrowsing.cld that was causing freshclam to run over and over again with that feature enabled.

safebrowsing was never enabled in my setup. I also didn't investigate further.

The change broke saving General settings in Squid. https://forum.pfsense.org/index.php?topic=124218.0; will get that reverted.

Recall this being a repeated issue. There is something broken with install_cron_job() function in general.

All that could be done here is fixed with https://github.com/pfsense/FreeBSD-ports/pull/254 and https://github.com/pfsense/FreeBSD-ports/pull/261, close please.