On Wed, 30 Jul 2025 17:30:48 +0200 Benny Pedersen via clamav-users <[email protected]> wrote:
> Paul Kosinski via clamav-users skrev den 2025-07-30 17:05: > > How might I keep up to date on the *specific* IP addresses at > > Cloudflare for ClamAV database updates? They seem to change now and > > then. > > point is to have diffrent ips, so load is spread as much as possible, > other reasons might be that "other" ips is not in sync, and dns updated > when its ready, so you would need to get ips in 300 secs in firewall > rules, but why do you block outbound trafic from your clamav / freshclam > ip ? > > imho a hard task to not shot one in your own foot :=) > I understand quite well the reason that Cloudflare (and other CDNs) provide multiple (and sometimes rotating) IP addresses for load balancing. And, as I remember, Cloudflare even provides Anycast IPs for the ClamAV database with mirror servers worldwide. In fact, some years ago (2018) I was having trouble getting up to date CVDs/CLDs because our Boston mirror often did not have cached the latest version reported by ClamAV's DNS TXT record. BTW, in answer to "... not shot one in your own foot", I block almost all outbound off-LAN TCP traffic from the server that runs Dovecot because that machine is not a workstation which needs general Internet access, but a special purpose server. It's a precaution that is similar to, but less stringent than, air-gapping. (Would you suggest that people who have asked for advice about running ClamAV on air-gapped computers are "shooting themselves in their own foot"?) _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
