On 17/01/2022 14:33, Andrew C Aitchison wrote:
On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:
Hi,
I am trying to package ClamAV 0.103.5 for ClearOS. Normally they
package the
latest three signature files listed above with their distributable rpm in
the same way that EPEL do so they have a working package on installation
rather than requiring freshclam to run first. Unfortunately it looks like
the links to the three files have been removed from
https://www.clamav.net/downloads and I would like to get the latest
signatures so I can update the package. How can I get hold of the files?
Looking at the EPEL Sources, they download from:
https://database.clamav.net/main.cvd
https://database.clamav.net/daily.cvd
https://database.clamav.net/bytecode.cvd
But I am being blocked by cloudflare:
Error 1015
Ray ID: 6cefeaa67bc1549a • 2022-01-17 13:26:40 UTC
YOU ARE BEING RATE LIMITED
WHAT HAPPENED?
The owner of this website (database.clamav.net) has banned you
temporarily
from accessing this website.
How can I proceed as I would like to get an updated package built for
ClearOS
There has been a lot of abuse of the downloads (some sites were downloading
multiple - thousands IIRC - copies per second and using up vast volumes of
bandwidth).
Freshclam and cvdupdate (
https://github.com/Cisco-Talos/cvdupdate
another tool from ClamAV) are tuned to minimize load on the servers
and IIRC have special access to the downloads.
Could you use cvdupdate in the package script (clamav.spec or similar) ?
Even this backs off if it is used too frequently, so watch out for that
when testing.
You might need to use the uncompressed .cld versions (daily.cld at least)
as these are what are actually updated by the incremental updates.
Maarten suggests not including the database in the package, but
downloading it with freshclam or cvdupdate afer installing
(eg in a post-install script).
daily.cld is currently over 170MB and changes daily,
so this might be better still.
I see that you are thinking of this as a rescue tool.
Do you have a sense of how likely clamav (especially a not up to date
version) is to actually detect a nasty ? My experience and that of
some others on this list is that it is so far short of 50% that
I would not take a pass from ClamAV as reliable.
Not quite. I have taken over the packaging of this and the justification
of packaging the sigs is partly that the tool will work and scan out of
the box, partly for the offline consideration and partly because there
will be a delay after installation where ClamAV is installed but not in
a running condition. IIRC it won't even start without a database. This
means that a yum install will need to pause and run freshclam before it
can attempt to start clamd. This has knock-on issues and, apparently, it
is always best for yum todownload what it needs with yum and not some
third party tool.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
