The problem with our using a Web proxy is that it too cached stale CVDs if it was using the BOS Cloudflare server. That is, the DNS TXT record reported a new CVD, but the proxy couldn't deliver it. I considered using a proxy on our offsite domain host (which happened not to use BOS), but that seemed to be too complicated, considering our small LAN.
What I finally did was have each machine on our LAN point freshclam directly at Cloudflare, *but* I modified our firewall to let the file server access *only* the two Cloudflare IP addresses at port 80 and nothing else. (Why do computers always need so many special case workarounds?) On Wed, 31 Jul 2019 08:52:49 -0500 "J.R. via clamav-users" <clamav-users@lists.clamav.net> wrote: > > Then, when we had trouble with Cloudflare's BOS server often being > > out of sync (for CVDs) with the DNS TXT record, I removed it. Now, > > I am dismayed that I have to give our file server a bit of Internet > > access so that it can directly download the CDIFFs. > > I remember issue where some proxy was caching stale copies of > daily.cvd... > > If you don't want to let your file server access the internet > directly, did you ever try setting up a proxy server (and configure > freshclam to use it)? That would solve the direct access dilemma, and > also cache cdiff (and other) files locally to save bandwidth. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
