On Tuesday 30 June 2015 09:13:15 Steve Basford wrote: > On Tue, June 30, 2015 1:57 pm, Nixon, R A (AL) CIV USARMY SEC (US) wrote: > > My organization has been using Freshcalm to update virus definitions > > for a number of years. We are United States based and set the > > database mirror accordingly. In the past month we have notice that > > the Database mirror used is now connecting us to a mirror in Russia. > > Within the last week our cyber team has had to block the Russia IP > > because it is now attempting to probe our network. Is there any way > > to setup the Freshclam mirror database to only attempt connections > > to US based mirrors? > > if you are using (US code), eg: > > db.us.clamav.net > > There as some non-US IPs contained, mainly... > > 128.199.133.36 - Asia - Singapore > 150.214.142.197 - Europe - Spain > 194.186.47.19 - Europe - Russian Federation > 194.8.197.22 - Europe - Germany > 78.46.84.244 - Europe - Germany > > Not sure why, other than perhaps US code needs a lot of mirrors, so > some have been placed outside US. > > One for the team I think to answer.
While personally investigating it here, I came to /etc/freshclam.conf, and discovered it was checking hourly. IMO that is really severe abuse of a free service, so I reset it to 12x daily and may even set it down to 2x a day. Do I need to restart freshclam, or whatever to bring that setting in? Thanks again for a great piece of foss software. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
