Re: [clamav-users] Linode Clam AV Updates

2021-03-20 Thread Al Varnell via clamav-users 
Sent from my iPad

On Mar 20, 2021, at 09:51, Paul Smith via clamav-users 
 wrote:
> On 20/03/2021 04:31, Joel Esler (jesler) via clamav-users wrote:
>> Please check out cvdupdate or Freshclam for your updates.  Once or twice a 
>> day to check is fine.
>> 
> FWIW, running cvdupdate only once or twice a day is a BAD idea.

And just to be clear, Joel's advise was for use on the Private Server, not the 
clients.

-Al-

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] unsubscribe

2021-03-20 Thread Al Varnell via clamav-users 
You must do that for yourself near the bottom of this page:



Sent from my iPad

-Al-

> On Mar 20, 2021, at 05:20, Larry Turner via clamav-users 
>  wrote:
> 
> Please unsubscribe me also.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Linode Clam AV Updates

2021-03-20 Thread Joel Esler (jesler) via clamav-users 
Ged is correct.  

Sent from my  iPhone

> On Mar 20, 2021, at 13:14, G.W. Haywood via clamav-users 
>  wrote:
> 
> Hi there,
> 
>> On Sat, 20 Mar 2021, Paul Smith via clamav-users wrote:
>> 
>>> On 20/03/2021 04:31, Joel Esler (jesler) via clamav-users wrote:
>>> Please check out cvdupdate or Freshclam for your updates.  Once or twice a 
>>> day to check is fine.
>> FWIW, running cvdupdate only once or twice a day is a BAD idea.
>> 
>> If you are running a private mirror, then if Freshclam tries to get the 
>> latest CDIFF (according to DNS) from the private mirror ...
> 
> My understanding is that if you're using a private mirror you're supposed
> to set the 'PrivateMirror' option, which does not use DNS to check for the
> existence of updated files, but checks the files themselves directly.
> 
> Quoting 'man freshclam.conf':
> 
>PrivateMirror STR
>This option allows you to easily point freshclam to private
>mirrors. If PrivateMirror is set, freshclam does not attempt
>to use DNS to determine whether its databases are out-of-date,
>instead it will use the If-Modified-Since request or directly
>check the headers of the remote database files.  For each
>database, freshclam first attempts to download the CLD file.
>If that fails, it tries to download the CVD file.  This option
>overrides DatabaseMirror, DNSDatabaseInfo and ScriptedUpdates.
>It can be used multiple times to provide fall-back mirrors.
>Default: disabled
> 
> -- 
> 
> 73,
> Ged.
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Linode Clam AV Updates

2021-03-20 Thread G.W. Haywood via clamav-users 

Hi there,

On Sat, 20 Mar 2021, Paul Smith via clamav-users wrote:


On 20/03/2021 04:31, Joel Esler (jesler) via clamav-users wrote:
Please check out cvdupdate or Freshclam for your updates.  Once or twice a 
day to check is fine.



FWIW, running cvdupdate only once or twice a day is a BAD idea.

If you are running a private mirror, then if Freshclam tries to get the 
latest CDIFF (according to DNS) from the private mirror ...


My understanding is that if you're using a private mirror you're supposed
to set the 'PrivateMirror' option, which does not use DNS to check for the
existence of updated files, but checks the files themselves directly.

Quoting 'man freshclam.conf':

PrivateMirror STR
This option allows you to easily point freshclam to private
mirrors. If PrivateMirror is set, freshclam does not attempt
to use DNS to determine whether its databases are out-of-date,
instead it will use the If-Modified-Since request or directly
check the headers of the remote database files.  For each
database, freshclam first attempts to download the CLD file.
If that fails, it tries to download the CVD file.  This option
overrides DatabaseMirror, DNSDatabaseInfo and ScriptedUpdates.
It can be used multiple times to provide fall-back mirrors.
Default: disabled

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Linode Clam AV Updates

2021-03-20 Thread Paul Smith via clamav-users 

On 20/03/2021 04:31, Joel Esler (jesler) via clamav-users wrote:

Please check out cvdupdate or Freshclam for your updates.  Once or twice a day 
to check is fine.


FWIW, running cvdupdate only once or twice a day is a BAD idea.

If you are running a private mirror, then if Freshclam tries to get the 
latest CDIFF (according to DNS) from the private mirror, and it's not 
there, it immediately downloads the full CVD from the private mirror.


So, if CDIFF 26116 is advertised in DNS but has not been downloaded by 
cvdupdate yet, then the private mirror gets hammered by all the 
Freshclam clients getting the full CVD - and the next time all the 
Freshclams check, they will get the full CVD *again*, and *again*, until 
cvdupdate finally updates the private mirror with the latest CDIFF.


So, you need to run cvdupdate at least every hour or so, so that 
hopefully each Freshclam instance doesn't download the full CVD more 
than once per released CDIFF...


Hopefully there'll soon either be a documented way to run our own 
'DNSDatabaseInfo' server in conjunction with cvdupdate, or a Freshclam 
update will make it be less impatient before it downloads the full CVD 
after a new CDIFF is published.



--
Paul


--


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates at http://www.pscs.co.uk/go/subscribe

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV, CVDs, CDIFFs and the magic behind the curtain

2021-03-20 Thread G.W. Haywood via clamav-users 

Hi there,

On Sat, 20 Mar 2021, Andrew C Aitchison via clamav-users wrote:


Is it possible to configure freshclam to keep the (verified) cdiffs if the
update fails, so that they don't have to be downloaded on the next update
attempt ?


I believe that's a work in progress.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV, CVDs, CDIFFs and the magic behind the curtain

2021-03-20 Thread Andrew C Aitchison via clamav-users 

On Fri, 19 Mar 2021, Joel Esler (jesler) via clamav-users wrote:


https://blog.clamav.net/2021/03/clamav-cvds-cdiffs-and-magic-behind.html

ClamAV, CVDs, CDIFFs and the magic behind the curtain


3. ... This is an expensive operation in terms of bandwidth
   because daily.cvd and main.cvd are, currently, 105 MB and 117 MB,
   respectively.
   ... For example, for an update where 10,000 signatures were removed
   from daily, the corresponding CDIFF was only around 60 KB in size.
   ...
   To update via CDIFF, FreshClam determines the version of the database
   on disk and requests every CDIFF between that version and the latest.
   Assuming each of those CDIFFs exists on the server (only the last
   90 days worth are currently kept) ...

   60KB * 90 ~= 5MB << 100MB.

   A zero-byte CDIFF indicates that FreshClam should download the CVD
   instead. This is sometimes preferred to patching when a significant
   portion of the CVD changes, like when a large portion of daily is
   migrated to main in a single update.

So a machine which is 100 updates behind will download 100+MB of .cvd
instead of <10MB of .cdiff files :-(

I think I may have read that the 90 CDIFF files was being reviewed
which sounds like a good idea
(except of course when there has been a large daily -> main migration).

Is it possible to configure freshclam to keep the (verified) cdiffs if the
update fails, so that they don't have to be downloaded on the next update
attempt ?

Thanks,

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Linode Clam AV Updates

2021-03-20 Thread Gary R. Schmidt 

On 21/03/2021 00:21, Joel Esler (jesler) via clamav-users wrote:


Sent from my  iPhone


On Mar 20, 2021, at 00:37, Gary R. Schmidt  wrote:

On 20/03/2021 14:12, Bill Speidel wrote:
[SNIP]

 on the other hand if all of Linode is blocked then there's not much i can 
do...

Well, complaining to them and indicating a willingness to move to a different 
provider if they don't clean up their act /might/ help.

But probably not...

> They aren’t blocked.  They fall into the same rate limit that the 
rest of the planet does


Ah, I just realised that what I wrote may be misinterpreted, it was the 
service provided by Linode I was referring to moving away from, not ClamAV.


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Linode Clam AV Updates

2021-03-20 Thread Joel Esler (jesler) via clamav-users 
Slight exaggeration, 2 years.

If you aren’t using a private safebrowing engine as shown in the blog post 
below.  Disable safebrowsing in your freshclam.conf.  A future version of 
Freshclam will help you with this. Don’t wait! Get rid of those 403’s today!

Sent from my  iPhone

On Mar 20, 2021, at 09:22, Joel Esler (jesler)  wrote:

 We haven’t published an updated safebrowsing file in about 3 or 4 years.

https://blog.clamav.net/2020/06/the-future-of-clamav-safebrowsing.html


Sent from my  iPhone

On Mar 20, 2021, at 00:21, Grant Taylor via clamav-users 
 wrote:

On 3/19/21 9:11 PM, Bill Speidel wrote:
hi,
thanks for the response...  i'm new to the clam users list...  i did see 
that the freshclam routine was pinging every 5 seconds after getting a 429 
error so i stopped freshclam...  then i waited several hours and tried again... 
 same 420 response...

I noticed that freshclam had problems when it tried to get safebrowsing.cvd and 
that it tried every five seconds for three or five times.  But it gave up 
relatively quickly and is falling back to it's regularly scheduled once an hour 
cycle.

the problem i see is that i don't know if it's my IP in particular, all of 
linode's IP addresses or a subnet...

My experience has been that Cloudflare has usually been good about per IP 
filtering vs per IP /block/ filtering.

on the other hand if all of Linode is blocked then there's not much i can 
do...

Per the freshclam.conf man page, it looks like the code's default is once every 
two hours.

I would hope -> expect that to be satisfactory.

Though comments in the man page say to check the safebrowsing file every 30 
minutes.



--
Grant. . . .
unix || die


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Linode Clam AV Updates

2021-03-20 Thread Joel Esler (jesler) via clamav-users 
We haven’t published an updated safebrowsing file in about 3 or 4 years.

https://blog.clamav.net/2020/06/the-future-of-clamav-safebrowsing.html


Sent from my  iPhone

On Mar 20, 2021, at 00:21, Grant Taylor via clamav-users 
 wrote:

On 3/19/21 9:11 PM, Bill Speidel wrote:
hi,
thanks for the response...  i'm new to the clam users list...  i did see 
that the freshclam routine was pinging every 5 seconds after getting a 429 
error so i stopped freshclam...  then i waited several hours and tried again... 
 same 420 response...

I noticed that freshclam had problems when it tried to get safebrowsing.cvd and 
that it tried every five seconds for three or five times.  But it gave up 
relatively quickly and is falling back to it's regularly scheduled once an hour 
cycle.

the problem i see is that i don't know if it's my IP in particular, all of 
linode's IP addresses or a subnet...

My experience has been that Cloudflare has usually been good about per IP 
filtering vs per IP /block/ filtering.

on the other hand if all of Linode is blocked then there's not much i can 
do...

Per the freshclam.conf man page, it looks like the code's default is once every 
two hours.

I would hope -> expect that to be satisfactory.

Though comments in the man page say to check the safebrowsing file every 30 
minutes.



--
Grant. . . .
unix || die


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Linode Clam AV Updates

2021-03-20 Thread Joel Esler (jesler) via clamav-users 
They aren’t blocked.  They fall into the same rate limit that the rest of the 
planet does 

Sent from my  iPhone

> On Mar 20, 2021, at 00:37, Gary R. Schmidt  wrote:
> 
> On 20/03/2021 14:12, Bill Speidel wrote:
> [SNIP]
>> on the other hand if all of Linode is blocked then there's not much i 
>> can do...
> Well, complaining to them and indicating a willingness to move to a different 
> provider if they don't clean up their act /might/ help.
> 
> But probably not...
> 
>Cheers,
>GaryB-)
> 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] unsubscribe

2021-03-20 Thread Larry Turner via clamav-users 

Please unsubscribe me also.

On 3/19/2021 12:33 PM, Alan Lehman via clamav-users wrote:

This is a multi-part message in MIME format.
--===1807894689631485590==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_DM6PR17MB37534253E6735DC8E5E6DCBFAE689DM6PR17MB3753namp_"

This is a multi-part message in MIME format.
--_000_DM6PR17MB37534253E6735DC8E5E6DCBFAE689DM6PR17MB3753namp_
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

unsubscribe

Alan=20
Lehman, PE, DCEP
Director of AES

=E2=80=8BGBA
9801 Renner Boulevard Suite 300|Lenexa, KS 66219-9745
P (913) 577-8829 | M (816) 210-8785
=20
www.gbateam.com | LinkedIn | Facebook | Twitter

=E2=80=8BCONFIDENTIALITY NOTICE: This e-mail message including attachments,=
  if any, is intended for the person or entity to which it is addressed and =
may contain confidential and/or privileged material. Any unauthorized revie=
w, use, disclosure or distribution is prohibited. If you are not the intend=
ed recipient, please contact the sender by reply e-mail and destroy all cop=
ies of the original message. Thank you.

--_000_DM6PR17MB37534253E6735DC8E5E6DCBFAE689DM6PR17MB3753namp_
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

http://schemas.microsoft.com/office/2004/12/omml"; xmlns=3D"http:=
//www.w3.org/TR/REC-html40">







unsubscribe

=
Alan​ Lehman, P=
E, DCEPDirector of AES​GBA9801 Ren=
ner Boulevard Suite 300|Lenexa, KS 66219=E2=80=919745P (913) 577-88=
29 | M (816) 210-8785&=
nbsp;http://www.gbateam.=
com/" target=3D"_blank" id=3D"LPlnk689713" title=3D"Creating Remarkable Sol=
utions" style=3D"text-decoration:none;color:#E04E39;">www.gbateam.com | =
https://www.linkedin.com/company/gba-george-butler-associates-?trk=3Dt=
op_nav_home" target=3D"_blank" id=3D"LPlnk689713" title=3D"GBA on LinkedIn"=
  style=3D"text-decoration:none;color:#E04E39;">LinkedIn | https://w=
ww.facebook.com/gbateam" target=3D"_blank" id=3D"LPlnk689713" title=3D"GBA =
on Facebook" style=3D"text-decoration:none;color:#E04E39;">Facebook | https://twitter.com/gbateam"; target=3D"_blank" id=3D"LPlnk689713" title=
=3D"GBA on Twitter" style=3D"text-decoration:none;color:#E04E39;">Twitter<=
tr style=3D"font-size:0;">=

​CONFIDENTIALITY NOT=

ICE: This e-mail message including attachments, if any, is intended for the=
  person or entity to which it is addressed and may contain confidential and=
/or privileged material. Any unauthorized review, use, disclosure or distri=
bution is prohibited. If you are not the intended recipient, please contact=
  the sender by reply e-mail and destroy all copies of the original message.=
  Thank you.


--_000_DM6PR17MB37534253E6735DC8E5E6DCBFAE689DM6PR17MB3753namp_--


--===1807894689631485590==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

--===1807894689631485590==--




--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml