Giampaolo Tomassoni wrote:
>>>> I don't know of any way to stop freshclam from updating.
>>>> Some mirrors can blacklist old versions, but not most/all.
>>>>
>>> Using a new DNS tree, such that old freshclam versions were unable to
>>> perform the job?
>>>
>> The DNS servers don't receive any information about the version of
>> freshclam used to perform the query.
>> The DNS request can go through many DNS caches...
>>
>
> So what?
>
> I see the old freshclam issues DNS request like these:
>
> current.cvd.clamav.net.
>
> What if this DNS name stops responding (and be propagated to mirrors) and
> instead a new current1.cvd.clamav.net (or maybe current.cvd1.clamav.net if
> you dislike the first) start working? Clamav's 0.96 could issue requests to
> that brand new name to get updates, while old clamav installations -which
> are unaware of it- would simply fail updating.
>
> They would probably scream error messages in big letters in their logs, but
> their clamscan would keep running...
>
Not a bad idea. It could be generalized to something like:
0.95.3.cvd.clamav.net
0.96.cvd.clamav.net
Each version would have it's own DNS name for updates. All of them
would point to the same group of servers. (Maybe just make them cnames
for current.cvd...) Then, when you want to disable updates for a
version, just drop the name from the DNS.
--
Bowie
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
