On Tue, June 30, 2015 1:57 pm, Nixon, R A (AL) CIV USARMY SEC (US) wrote: >
> My organization has been using Freshcalm to update virus definitions for > a number of years. We are United States based and set the database mirror > accordingly. In the past month we have notice that the Database mirror > used is now connecting us to a mirror in Russia. Within the last week our > cyber team has had to block the Russia IP because it is now attempting to > probe our network. Is there any way to setup the Freshclam mirror > database to only attempt connections to US based mirrors? if you are using (US code), eg: db.us.clamav.net There as some non-US IPs contained, mainly... 128.199.133.36 - Asia - Singapore 150.214.142.197 - Europe - Spain 194.186.47.19 - Europe - Russian Federation 194.8.197.22 - Europe - Germany 78.46.84.244 - Europe - Germany Not sure why, other than perhaps US code needs a lot of mirrors, so some have been placed outside US. One for the team I think to answer. Cheers, Steve Web : sanesecurity.com Blog: sanesecurity.blogspot.com _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
