Re: [clamav-users] Server inside DMZ - No internet access - Howto update definitions
As long as I’ve been reading similar questions here, I don't recall any solution other than the three choices for using a Private Mirror. Note that freshclam normally will initially use wget to obtain updates, resorting to http only when that fails. Sent from my iPad -Al- On Jun 18, 2018, at 20:44, Webster, Matt (PIRSA) wrote: > Hi All, > > Currently have a RHEL server in a DMZ segment, where direct internet access > is not permitted. I have installed clamd on the host to be able to perform on > access scanning of documents uploaded through web based forms. The problem > is, what can I do to update the definitions so that the latest threat data is > being used in said scans? > > I doubt that tcp/53 will be permitted out of the firewall to do the latest > DNS checks and not sure if I can gain access to be able to whitelist the .au > mirrors of: > > $ host db.au.clamav.net > db.au.clamav.net is an alias for db.au.clamav.net.cdn.cloudflare.net. > db.au.clamav.net.cdn.cloudflare.net has address 104.16.186.138 > db.au.clamav.net.cdn.cloudflare.net has address 104.16.187.138 > db.au.clamav.net.cdn.cloudflare.net has address 104.16.188.138 > db.au.clamav.net.cdn.cloudflare.net has address 104.16.189.138 > db.au.clamav.net.cdn.cloudflare.net has address 104.16.185.138 > > Is there a way that I can copy the files from another server internal to the > network out to the server in the DMZ? Without running freshclam to update? > And just reload clamd? > > I did investigate the PrivateMirror and DatabaseMirror options, but as this > is the same protocol going out as coming in with the requests, I doubt > security will permit HTTP traffic to an internal host as it does not pass the > protocol separation requirements. > > Any ideas of options? > > Cheers and thanks ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Server inside DMZ - No internet access - Howto update definitions
Hi All, Currently have a RHEL server in a DMZ segment, where direct internet access is not permitted. I have installed clamd on the host to be able to perform on access scanning of documents uploaded through web based forms. The problem is, what can I do to update the definitions so that the latest threat data is being used in said scans? I doubt that tcp/53 will be permitted out of the firewall to do the latest DNS checks and not sure if I can gain access to be able to whitelist the .au mirrors of: $ host db.au.clamav.net db.au.clamav.net is an alias for db.au.clamav.net.cdn.cloudflare.net. db.au.clamav.net.cdn.cloudflare.net has address 104.16.186.138 db.au.clamav.net.cdn.cloudflare.net has address 104.16.187.138 db.au.clamav.net.cdn.cloudflare.net has address 104.16.188.138 db.au.clamav.net.cdn.cloudflare.net has address 104.16.189.138 db.au.clamav.net.cdn.cloudflare.net has address 104.16.185.138 Is there a way that I can copy the files from another server internal to the network out to the server in the DMZ? Without running freshclam to update? And just reload clamd? I did investigate the PrivateMirror and DatabaseMirror options, but as this is the same protocol going out as coming in with the requests, I doubt security will permit HTTP traffic to an internal host as it does not pass the protocol separation requirements. Any ideas of options? Cheers and thanks ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] WARNING: Local version: 0.99.4 Recommended version: 0.100.0
On June 19, 2018 2:17:18 AM UTC, Jobst Schmalenbach wrote: >Hi > >Receiving the message: WARNING: Local version: 0.99.4 Recommended >version: 0.100.0 > >So I did > > [root /tmp] #>yum info installed clamd > Installed Packages > Name: clamd > Arch: x86_64 > Version : 0.99.4 > >So checking yields > > [root /tmp] #>yum --enablerepo=epel update clam* > Loaded plugins: fastestmirror, priorities > Setting up Update Process > Loading mirror speeds from cached hostfile > * base: centos.mirror.ausnetservers.net.au > * epel: mirror.aarnet.edu.au > * extras: mirror.as24220.net > * updates: mirror.as24220.net > * webtatic: sp.repo.webtatic.com > No Packages marked for Update > >Listing epel shows: > >clamav-0.99.4-1.el6.i686.rpm 2018-03-02 >17:32 4.4M >clamav-0.99.4-1.el6.x86_64.rpm2018-03-02 >17:32 4.3M >clamav-db-0.99.4-1.el6.x86_64.rpm 2018-03-02 >17:32 155M >clamav-devel-0.99.4-1.el6.i686.rpm2018-03-02 >17:32 23K >clamav-devel-0.99.4-1.el6.x86_64.rpm 2018-03-02 >17:32 23K >clamav-milter-0.99.4-1.el6.x86_64.rpm 2018-03-02 >17:32 90K >clamav-unofficial-sigs-3.7.1-7.el6.noarch.rpm 2014-08-08 >21:57 39K > > >How can I get this updated? It looks like EPEL has been updated: https://bodhi.fedoraproject.org/updates/?search=clamav You should probably consult distro specific resources to get help with finding/installing the update. Scott K ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] WARNING: Local version: 0.99.4 Recommended version: 0.100.0
Hi Receiving the message: WARNING: Local version: 0.99.4 Recommended version: 0.100.0 So I did [root /tmp] #>yum info installed clamd Installed Packages Name: clamd Arch: x86_64 Version : 0.99.4 So checking yields [root /tmp] #>yum --enablerepo=epel update clam* Loaded plugins: fastestmirror, priorities Setting up Update Process Loading mirror speeds from cached hostfile * base: centos.mirror.ausnetservers.net.au * epel: mirror.aarnet.edu.au * extras: mirror.as24220.net * updates: mirror.as24220.net * webtatic: sp.repo.webtatic.com No Packages marked for Update Listing epel shows: clamav-0.99.4-1.el6.i686.rpm 2018-03-02 17:32 4.4M clamav-0.99.4-1.el6.x86_64.rpm2018-03-02 17:32 4.3M clamav-db-0.99.4-1.el6.x86_64.rpm 2018-03-02 17:32 155M clamav-devel-0.99.4-1.el6.i686.rpm2018-03-02 17:32 23K clamav-devel-0.99.4-1.el6.x86_64.rpm 2018-03-02 17:32 23K clamav-milter-0.99.4-1.el6.x86_64.rpm 2018-03-02 17:32 90K clamav-unofficial-sigs-3.7.1-7.el6.noarch.rpm 2014-08-08 21:57 39K How can I get this updated? -- You have junk mail. | |0| | Jobst Schmalenbach, General Manager | | |0| Barrett & Sales Essentials |0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml