On 3/16/2022 12:35 PM, G.W. Haywood via clamav-users wrote:
Hi there,
On Wed, 16 Mar 2022, Bowie Bailey via clamav-users wrote:
On 3/16/2022 10:09 AM, Joel Esler via clamav-users wrote:
On Mar 16, 2022, at 5:35 AM, Gary R. Schmidt <grschm...@acm.org> wrote:
On 16/03/2022 20:19, Christoph Moench-Tegeder via clamav-users wrote:
## Joel Esler via clamav-users (clamav-users@lists.clamav.net):
Can’t use wget.
Looks like "can't use anything which doesn't look like a web browser",
as BSD fetch hits the 403, too.
That's a major PITA on the BSD side (just like openSuse), but it
was working just fine at the time of the 0.104.2 release (and all
the time prior to that). Is there any reason behind making the source
(not talking about the database files) inaccessible like that?
Hanlon's Razor: "Never attribute to malice what can be adequately explained by
neglect, ignorance, or incompetence."
With the added FLOSS variant, "or trying to show just how much smarter they are
than everybody else.”
It was done because there are people that download the entire ClamAV package from
the same every every 1 minute and do a complete reinstall.
Why not simply block the IP addresses that are doing excessive downloads?
There can't be that many people who are doing constant rebuilds.
The system I use for building ClamAV has no GUI. I download the files by grabbing
the URL from my desktop and then pasting it into a wget on the build machine. Am
I going to have to make wget spoof its user-agent every time I need to update
ClamAV? ...
I don't see much in the way of sympathy for a company that spends good
money on a content delivery network in order to provide a FREE service
to the community, only then to take flak from that same community when
they are obliged to prevent literally hundreds of thousands of what I
can only describe as scrotes from flagrantly abusing the service.
That was my point. They are inconveniencing their users with a change that is
unlikely to slow down these abusers for any length of time.
Before grumbling about the implementation of the solutions, would it
not at least be reasonable to find out what the problems are?
I understand the problem. I just don't see this as a good solution.
How often do you update ClamAV? It must be all of a thirty-second job
to write a user agent string, and e.g. pop it in a 'bash' alias.
And all of the people who are doing excessive downloads will spend the same 30
seconds and then be back in business. So what has been gained? A few days or weeks
of reduced server load until they all update their scripts and then you are right
back where you started.
At the same time, every ClamAV user (new or existing) that wants to download from the
command line will have to spend time figuring out why they are getting errors trying
to download from the published links. Since this software is designed to be used on
a server, that will probably be a decent percentage of the user base who are all
going to have to figure out this undocumented issue (since documenting the
work-around would kind of defeat the point). I would bet that quite a few
prospective new users will simply give up on ClamAV and assume the website is broken
when they keep getting "403 forbidden" on the downloads.
--
Bowie
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
