Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

I had completely forgotten about freshclam grabbing the entire file to determine currency. I recall knocking off a quick script to avoid that which included: curl -q -r 35-39 http://db.us.clamav.net/daily.cvd |strings It returns the ID of what ever version is on the mirror. I've added strings t

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Well damn - they say memory is the first thing to go... curl -s -r 35-39 http://db.us.clamav.net/daily.cvd |strings The -s (silent) inhibits stats. dp On 7/3/18 12:02 AM, Dennis Peterson wrote: I had completely forgotten about freshclam grabbing the entire file to determine currency. I recall

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Mon, 02 Jul 2018 04:02:58 -0700 Al Varnell wrote: Does the evidence available infivsyr that it's the mirrors that are out-of-date or is it DNS? Everything I've seen shows that they are not in sync, but I'm not sure which get's updated first. Am 02.07.2018 um 13:22 schrieb Brian Morrison: I

[clamav-users] lost the thread, but my ipv6 noise in the freshclam log has vanished

-- Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page ___ clamav-users mailing list clam

Re: [clamav-users] lost the thread, but my ipv6 noise in the freshclam log has vanished

What does that mean? Sent from my iPhone > On Jul 3, 2018, at 06:39, Gene Heskett wrote: > > > -- > Cheers, Gene Heskett > -- > "There are four boxes to be used in defense of liberty: > soap, ballot, jury, and ammo. Please use in that order." > -Ed Howdershelt (Author) > Genes Web page

Re: [clamav-users] lost the thread, but my ipv6 noise in the freshclam log has vanished

On Tuesday 03 July 2018 06:59:59 Joel Esler (jesler) wrote: > What does that mean? > The failure to access the outside world via ipv6 report has now vanished from the logs. Here is a paste from a couple days back: nonblock_connect: connect(): fd=4 errno=101: Network is unreachable Can't connect

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Determining what version a *mirror* has is a bit tricky. Looking at the capture of the entire HTTP session with the new mirrors, they seem to require some header magic to be acceptable: Host: db.us.clamav.net User-Agent: ClamAV/0.99.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Simply trying t

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Hi List Sorry I was not following that discussion... > Host: db.us.clamav.net > User-Agent: ClamAV/0.99.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) > >Error 1003 Ray ID: 4349da2f33f4ae20 • 2018-07-03 13:55:52 UTC >Direct IP access not allowed But this cought my attention... db.us.

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 10:37 AM, Benoit Panizzon mailto:benoit.paniz...@imp.ch>> wrote: Sorry I was not following that discussion... Host: db.us.clamav.net User-Agent: ClamAV/0.99.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Error 1003 Ray ID: 4349da2f33f4ae20 • 2018

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 2, 2018, at 2:10 PM, Brian Morrison mailto:b...@fenrir.org.uk>> wrote: On Mon, 2 Jul 2018 19:50:55 +0200 Reindl Harald wrote: For me freshclam runs roughly every 2 hours, so I think that the load is an order of magnitude higher than you state. I will confess that I don't know about the

[clamav-users] freshclam works for me

I just wanted to chime in and say that freshclam continues to work fine for me. I have great sympathy for those having trouble, but I strongly suspect they are the vocal minority. I'd complain too if it seemed unreliable, but it works fine here. Before any changes are made to freshclam or the pr

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Am 02.07.2018 um 19:07 schrieb Brian Morrison: > On Mon, 2 Jul 2018 10:26:34 +0200 > Reindl Harald wrote: > >> Am 02.07.2018 um 08:44 schrieb Bill Maidment: >>> Maybe these are dumb questions; if so, please ignore. >>> But doesn't it make more sense to update all the mirrors first, >>> before c

Re: [clamav-users] update report

Am 02.07.2018 um 19:20 schrieb Gene Heskett: >> And since that stuff did exist in my /etc/hosts file, I just stuck a # >> in front of all those, just for S&G of course. Watching log too. But >> its seems like an every other update run, and since I am not a >> paying/supporting customer, I only r

Re: [clamav-users] update report

Am 02.07.2018 um 19:38 schrieb Benny Pedersen: > Gene Heskett skrev den 2018-07-02 19:20: >> On Monday 02 July 2018 13:12:12 Gene Heskett wrote: >> However, a network restart did not get rid of the ipv6 stuff in the >> ifconfig lo report. ?  /etc/network/interfaces is also clean of any >> ipv

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Am 02.07.2018 um 19:45 schrieb Brian Morrison: > On Mon, 2 Jul 2018 19:17:32 +0200 > Reindl Harald wrote: > >> Am 02.07.2018 um 19:07 schrieb Brian Morrison: >>> On Mon, 2 Jul 2018 10:26:34 +0200 >>> Reindl Harald wrote: >>> Am 02.07.2018 um 08:44 schrieb Bill Maidment: > Maybe th

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Am 02.07.2018 um 20:10 schrieb Brian Morrison: > On Mon, 2 Jul 2018 19:50:55 +0200 > Reindl Harald wrote: > >>> For me freshclam runs roughly every 2 hours, so I think that the >>> load is an order of magnitude higher than you state. I will confess >>> that I don't know about the capability of

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Am 03.07.2018 um 03:37 schrieb Paul Kosinski: > Any system whereby new versions of files are announced before they are > actually available to automated downloads is awkward (to say the least). > > If, in addition, a server which doesn't have the announced version is > blacklisted by the automat

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Am 03.07.2018 um 09:14 schrieb Matus UHLAR - fantomas: >>> On Mon, 02 Jul 2018 04:02:58 -0700 >>> Al Varnell wrote: Does the evidence available infivsyr that it's the mirrors that are out-of-date or is it DNS? Everything I've seen shows that they are not in sync, but I'm not sure

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

The way Linux updates are done in practice is significantly different from ClamAV virus signature updates. With ClamAV, freshclam is automatically run periodically, sees (by some low-cost means) that a new file version is *supposed* to be available and tries to download it. If either it can't, o

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

You are right! Maybe it only rejects browser-ish headers. On Tue, 3 Jul 2018 08:12:47 -0700 Dennis Peterson wrote: > If you run that curl command I provided it will return only the > signature serial number. > > dp > > On 7/3/18 6:59 AM, Paul Kosinski wrote: > > Determining what version a *m

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 2, 2018, at 1:17 PM, Reindl Harald mailto:h.rei...@thelounge.net>> wrote: on a typical setup freshclam is running once or twice *daily* while a webserver these days can spit out the same small static txt file many thousands of times per seond with zero load That is not the results we ar

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Tue, Jul 3, 2018 at 9:28 AM, Paul Kosinski wrote: > The way Linux updates are done in practice is significantly different > from ClamAV virus signature updates. > > With ClamAV, freshclam is automatically run periodically, sees (by > some low-cost means) that a new file version is *supposed* t

Re: [clamav-users] freshclam works for me

On Jul 3, 2018, at 11:38 AM, Noel Jones mailto:njo...@megan.vbhcs.org>> wrote: Using Cloudflare changes the dynamics of updates. I wonder if it might be better if everyone pointed to db.clamav.net and all the direct mirrors are dropped. Let Cloudflare decide what is th

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

We used to check once every 90 minutes (16 per day). Plus, we run a local proxy/mirror so the updates can be served to other machines on our LAN without extra load on the ClamAV servers. That was before the new mirroring scheme. Now we're checking several times per hour in the (vain?) hope of gett

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

For everyone (or maybe the one) asking why the DNS system exists, as the person who came up with the idea in the first place (or the idea of stealing it from the DNSbls ) I thought I would provide a link to the original discussion in which is was hashed out ( beaten to death) back in 2004: h

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 1:36 PM, Christopher X. Candreva mailto:ch...@westnet.com>> wrote: I have to admit I've wondered if Cloudflare and the other CDN's meant it outlived it's usefullness, but it's a contribution I'm fairly proud of. That's what we are evaluating. It's a great system. The probl

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

The current DNS TXT does not work within my company, as a firewall fully blocks things, including DNS. (as an aside, curl works, with sufficient massaging, but wget cannot, as it does not have an option to work with a proxy). I rely on someone in Arizona to pull definitions from, but sometimes t

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 2:11 PM, SCOTT PACKARD mailto:scott.pack...@raytheon.com>> wrote: I rely on someone in Arizona to pull definitions from, but sometimes their server goes out, other times clamav's content system breaks, and it's a pain to figure out which one is the culprit. Well, hopefully,

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Does your wget not support the -e args to access a proxy? Example: wget http://someurl.com/filename.html -e use_proxy=yes -e http_proxy=xxx.xxx.xxx.xxx:3128 The proxy IP or hostname can be used. dp On 7/3/18 11:11 AM, SCOTT PACKARD wrote: The current DNS TXT does not work within my company,

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Hmm, I went to recreate both cases before replying, and I can get both to work, sort of. I still can't resolve DNS TXT records, but I can it seems throw the URI http://db.us.clamav.net/daily.cvd to the proxy server and it can handle it. Beats me what IP db.us.clamav.net resolves to. I get the whol

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 3:59 PM, Reindl Harald mailto:h.rei...@thelounge.net>> wrote: voila - all new connections which are more than 5 per hour from the same IP are dropped, i have similar rules for specific ports and max connections per client for many years now - no rocket science Yes. But meas

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Joel Esler (jesler) skrev den 2018-07-03 22:42: Yes. But measuring those numbers is the difficult part. A fresh install of ClamAV is going to download the main, the daily, then all the diffs since the last daily, which could be a ton. It's the people that are downloading the *same* diff 1000x

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 4:46 PM, Reindl Harald mailto:h.rei...@thelounge.net>> wrote: Am 03.07.2018 um 22:42 schrieb Joel Esler (jesler): On Jul 3, 2018, at 3:59 PM, Reindl Harald mailto:h.rei...@thelounge.net> > wrote: voila - all new connections which are more than

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 4:50 PM, Benny Pedersen mailto:m...@junc.eu>> wrote: Joel Esler (jesler) skrev den 2018-07-03 22:42: Yes. But measuring those numbers is the difficult part. A fresh install of ClamAV is going to download the main, the daily, then all the diffs since the last daily, which c

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Your proxy is not passing the request to the server. But never give up - try: curl -H "Range: bytes=35-39" -s --proxy http://proxy:3128 http://db.us.clamav.net/daily.cvd |strings On 7/3/18 1:29 PM, SCOTT PACKARD wrote: Hmm, I went to recreate both cases before replying, and I can get both to