Hi there, On Tue, 18 May 2021, ANISH SHETTY via clamav-users wrote:
... the update operation performed by clients is the only time when I can manage what data goes into the machines. I can't setup a cron or such alternatives. I could use the web server on the same machine as a server for freshclam (since I guess I need a webserver and can't do it from local filesystem).
Yes, freshclam only obtains the signature data via Web servers, and cannot usefully access the local filesystem as an alternative. You can in the case of a multi-homed machine specify which interface is to be used for the downloads. In case it's also an issue for you, the current state of the database is held in DNS records. That means that freshclam should also have access to a nameserver, so that it can make the DNS queries to get the information which it needs in order to know if the signature databases are up to date. Although we call them the 'signature databases' they are in fact just ordinary files. Some are compressed (and signed), but you can uncompress them to plain, flat, text files which you can display with almost any pager or text editor (and which I occasionally do to investigate signature issues). If I understand correctly, the clients disable the network connection most of the time, and enable it only every three months to do some sort of update operation; it might be possible to get them to do this once per month, is that correct? Is the update operation to be purely for the ClamAV databases or is it also for some kind of maintenance of other software and/or data?
Given all this, I'm not sure if it's worth the effort. I'll see if I can think of any other approaches where the client machines can access a server which is kept up to date.
It does not matter what the Web server is - it could be a proxy like Squid for example. You could update the files which Squid serves in whatever way you choose, and of course prevent it from accessing any data other than your signature databases. I do not know enough about the restrictions in your networks to know if that might help. It does not matter to ClamAV (that is, to the scanners - clamdscan, clamscan and clamd) how the signature files are kept up to date. But it matters to the infrastructure how the downloads are performed, as there are abuse protections in place which will probably be activated if freshclam (and it must be a fairly up to date version of freshclam) is not used. That would mean that the IP address trying to download the signatures will be blocked by the infrastructure provider and you would need to ask for it to be unblocked after rectifying any issues. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
