Please take a few moments to check your ClamAV freshclam installations. Are you removing your mirrors.dat file after every run of Freshclam or cvdupdate?
We are seeing a few IPs, who have upgraded to 103.2 still downloading the entire daily.cvd and main.cvd every update. I am thinking this is because the installation has a script that is deleting the mirrors.dat file, or has the “OnErrorExecute” command in the Freshclam.conf file set to delete this file, or freshclam can’t write the file in the first place (which shouldn’t be possible). Please double check your installations? You may need even go so far as to create a new freshclam.conf file. If your downloads were working and now you are getting 403’s from Cloudflare and you’re on 103.2, the above situation may be the reason. Please double check the situation and feel free to write me back. We’ve seen about 34,000 downloads of the main and daily in the past 24 hours from these couple of IPs. I can tell the difference between a properly functioning copy of freshclam and not, very easily by looking at the files being downloaded. If an installation grabs the cvd and then grabs the cdiffs the next day, it’s properly functioning. But downloading the entire daily and main every 5 minutes or so indicates to me that something is broken. -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group https://www.talosintelligence.com | https://www.snort.org | https://www.clamav.net
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml