Re: [clamav-users] About the response result from ClamAV Server

[Joel Esler (jesler) via clamav-users]

https://www.clamav.net/documents/freshclam-faq

Under “error codes”

Sent from my  iPhone

On Mar 21, 2021, at 23:11, Eero Volotinen  wrote:


Try to update to supported clamav version?

Eero

On Mon 22. Mar 2021 at 4.07, takahiro suzuki via clamav-users 
mailto:clamav-users@lists.clamav.net>> wrote:


Hi,
 How are you?

I use ClamAV with Linux OS.

The following message is output when the definition file is updated after the 
beginning of March.
The update process can no longer be performed normally.

*Source server
 database.clamav.net (104.16.219.84,104.16.218.84)

*Response message:
695 HTTP / 1.1 429 Too Many Requests (text / plain)


Is this also related to the EOL in the blog below?
ClamAV EOL versions prior to 0.100
https://blog.clamav.net/


Please tell me the cause and countermeasures for this.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] About the response result from ClamAV Server

[Eero Volotinen]

Try to update to supported clamav version?

Eero

On Mon 22. Mar 2021 at 4.07, takahiro suzuki via clamav-users <
clamav-users@lists.clamav.net> wrote:

>
>
> Hi,
>  How are you?
>
> I use ClamAV with Linux OS.
>
> The following message is output when the definition file is updated after
> the beginning of March.
> The update process can no longer be performed normally.
>
> *Source server
>  database.clamav.net (104.16.219.84,104.16.218.84)
>
> *Response message:
> 695 HTTP / 1.1 429 Too Many Requests (text / plain)
>
>
> Is this also related to the EOL in the blog below?
> ClamAV EOL versions prior to 0.100
> https://blog.clamav.net/
>
>
> Please tell me the cause and countermeasures for this.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] About the response result from ClamAV Server

[takahiro suzuki via clamav-users]

Hi,
 How are you?

I use ClamAV with Linux OS.

The following message is output when the definition file is updated after
the beginning of March.
The update process can no longer be performed normally.

*Source server
 database.clamav.net (104.16.219.84,104.16.218.84)

*Response message:
695 HTTP / 1.1 429 Too Many Requests (text / plain)


Is this also related to the EOL in the blog below?
ClamAV EOL versions prior to 0.100
https://blog.clamav.net/


Please tell me the cause and countermeasures for this.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Blocked IP

[Joel Esler (jesler) via clamav-users]

Thanks Gary

Sent from my  iPhone

> On Mar 21, 2021, at 19:59, Gary R. Schmidt  wrote:
> 
> On 22/03/2021 10:42, Du, J. (Jingsong) via clamav-users wrote:
>> Dear Sir/Madam,
>> ING Australia External IP was blocked. May I please ask for assistance to 
>> get it unblocked?
>> Thanks.
>> Regards,
>> Jingsong
> 
> Quoting Joel (he'll be along later :-) ):
> 
> Hello,
> 
> Thank you for your email.  As a result of events documented in places here:
> https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html
> and
> https://lists.clamav.net/pipermail/clamav-users/2021-March/010578.html
> 
> We’ve been forced to take emergency measures to protect the ClamAV 
> environment.
> 
> Please Immediately switch to using Freshclam or 
> https://github.com/micahsnyder/cvdupdate to update your AV definitions. If 
> you are using Qnap or ClamWin, it’s likely that you are using a version of 
> ClamAV that has been EOL’ed: 
> https://blog.clamav.net/2021/02/clamav-eol-versions-prior-to-0100.html
> 
> Sorry for the inconvenience, but we are currently in emergency mode and have 
> to make several drastic changes over the last several days.
> 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Blocked IP

[Gary R. Schmidt]

On 22/03/2021 10:42, Du, J. (Jingsong) via clamav-users wrote:

Dear Sir/Madam,

ING Australia External IP was blocked. May I please ask for assistance 
to get it unblocked?


Thanks.

Regards,

Jingsong


Quoting Joel (he'll be along later :-) ):

Hello,

Thank you for your email.  As a result of events documented in places here:
https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html
and
https://lists.clamav.net/pipermail/clamav-users/2021-March/010578.html

We’ve been forced to take emergency measures to protect the ClamAV 
environment.


Please Immediately switch to using Freshclam or 
https://github.com/micahsnyder/cvdupdate to update your AV definitions. 
If you are using Qnap or ClamWin, it’s likely that you are using a 
version of ClamAV that has been EOL’ed: 
https://blog.clamav.net/2021/02/clamav-eol-versions-prior-to-0100.html


Sorry for the inconvenience, but we are currently in emergency mode and 
have to make several drastic changes over the last several days.



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Blocked IP

[Du, J. (Jingsong) via clamav-users]

Dear Sir/Madam,

ING Australia External IP was blocked. May I please ask for assistance to get 
it unblocked?

Thanks.

Regards,
Jingsong



IMPORTANT NOTICE
The information contained in this electronic mail message may be confidential 
and is intended only for use of the addressee. If you are not the intended 
recipient and have received this communication in error, please notify the 
sender by reply transmission and delete the message without copying or 
disclosing it. Any unauthorised disclosure, reproduction, distribution or other 
use of this communication is strictly prohibited. Please note any views 
expressed in this email are those of the individual sender and are not 
necessarily the views of ING. This email and its attachments are not intended 
to constitute any form of financial, taxation, legal, other professional advice 
or recommendation and should not be relied upon as such. We recommend that you 
seek your own independent legal or financial advice before proceeding with any 
decision. Except as required by law, ING does not represent, warrant and/or 
guarantee that the integrity of this communication has been maintained nor that 
the communication is free of errors, virus, interception or interference. ING 
is a business name of ING Bank (Australia) Limited ABN 24 000 893 292 AFS 
Licence 229823.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Linode Clam AV Updates

[G.W. Haywood via clamav-users]

Hi there,

On Sun, 21 Mar 2021, Paul Smith via clamav-users wrote:

On 20/03/2021 17:12, G.W. Haywood via clamav-users wrote:


My understanding is that if you're using a private mirror you're supposed
to set the 'PrivateMirror' option, which does not use DNS to check for the
existence of updated files, but checks the files themselves directly.

...

I'm sorry, but this is definitively NOT what the website says!

https://www.clamav.net/documents/private-local-mirrors

Option (2) (which is still documented but won't work any more) says ...


Maybe I've missed something.  Can you explain why it won't work?

As I understand it, as far as the Cloudflare service is concerned,
option 2 effectively makes a bunch of clients into a single client.

The single client is your Webserver - which behaves as any ordinary
client, in that it uses freshclam in the 'conventional' way.  It uses
DNS to find the latest versions of the databases, and downloads cdiff
files if and when it needs to update the databases.  But the database
files are now in the Webserver's document store; they are distributed
to the Webserver's clients (which are the remainder of your computers)
by running freshclam on _those_ computers in the 'unconventional' way,
i.e. with the 'PrivateMirror' option set.  Your Webserver won't have
implemented DOS protection such as the ClamAV team has been obliged to
do by the ongoing abuse, and won't care that on every update freshclam
fetches the full database files instead of a few difference files; and
your LAN will probably have at least Gigabit/s capacity, so grabbing a
few hundred megabytes of files per day is a few seconds of traffic per
day per machine and isn't likely to be an issue.  If your network is
larger than can be supported by a single mirror you could daisy-chain
more secondary mirrors from it (or perhaps something more creative)
but I'd expect you'd to be able to deal with that if you're managing
such a large network.

Anyway, the Cloudflare servers just see a single, well-behaved client.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Linode Clam AV Updates

[Paul Smith via clamav-users]

On 20/03/2021 17:12, G.W. Haywood via clamav-users wrote:

On 20/03/2021 04:31, Joel Esler (jesler) via clamav-users wrote:
Please check out cvdupdate or Freshclam for your updates.  Once or 
twice a day to check is fine.



FWIW, running cvdupdate only once or twice a day is a BAD idea.

If you are running a private mirror, then if Freshclam tries to get 
the latest CDIFF (according to DNS) from the private mirror ...


My understanding is that if you're using a private mirror you're supposed
to set the 'PrivateMirror' option, which does not use DNS to check for the
existence of updated files, but checks the files themselves directly.

On 20/03/2021 19:08, Joel Esler (jesler) via clamav-users wrote:

Ged is correct.


I'm sorry, but this is definitively NOT what the website says!

https://www.clamav.net/documents/private-local-mirrors

Option (2) (which is still documented but won't work any more) says "For 
this to work you have to change freshclam.conf on each client so that it 
reads


PrivateMirror machine1.mylan
ScriptedUpdates no"

This is NOT what we are doing!

Option (3) (using cvdupdate) says: "Set up your Freshclam clients’ 
freshclam.conf config file to point to:


DatabaseMirror http://machine1.mylan";

So, the cvdupdate method is meant to use 'DatabaseMirror' NOT 
'PrivateMirror'


The 'PrivateMirror' option means that Freshclam does not download CDIFF 
files at all, but that is how the 'cvdupdate' method expects the clients 
to work. Cvdupdate makes CDIFF files available to the mirror 'clients', 
just like the normal ClamAV method does. It is designed to be bandwidth 
efficient by allowing clients to get the CDIFFs, as opposed to the 
'PrivateMirror' method which requires them to get the full CVD file


It works absolutely fine, and wonderfully, as long as the private mirror 
is up to date, so cvdupdate needs to be run frequently. It will not 
download anything unless the DNS TXT record has updated.



Also, in case of doubt: https://github.com/micahsnyder/cvdupdate says

"You can test it by running freshclam or freshclam.exe locally, where 
you've configured freshclam.conf with:


DatabaseMirror http://localhost:8000";

(There is no mention of the 'PrivateMirror' configuration option in the 
cvdupdate docs)



--
Paul



--


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates at http://www.pscs.co.uk/go/subscribe
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] unsubscribe

[Matus UHLAR - fantomas]

On 21.03.21 08:38, Bill Speidel wrote:

please unsubscribe me...


what Al wrote (and what you removed) applies to you too. You must send request 
for
unsubscription:

https://lists.clamav.net/mailman/listinfo/clamav-users

but, what is important, you must confirm the e-mail that comes
... so random person can not unsubscribe you just by typing your address
there.

If you haven't seen the unsubscription e-mail, check your spam folder.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] help my IP address has been blocked

[Joel Esler (jesler) via clamav-users]

Hello,

Thank you for your email.  As a result of events documented in places here:
https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html
and
https://lists.clamav.net/pipermail/clamav-users/2021-March/010578.html

We’ve been forced to take emergency measures to protect the ClamAV environment.

Please Immediately switch to using Freshclam or 
https://github.com/micahsnyder/cvdupdate to update your AV definitions. If you 
are using Qnap or ClamWin, it’s likely that you are using a version of ClamAV 
that has been EOL’ed: 
https://blog.clamav.net/2021/02/clamav-eol-versions-prior-to-0100.html

Sorry for the inconvenience, but we are currently in emergency mode and have to 
make several drastic changes over the last several days.

-- 
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org



Sent from my  iPhone

> On Mar 21, 2021, at 07:16, Arjen de Korte via clamav-users 
>  wrote:
> 
> Citeren Diego D'Amico :
> 
>> I am using few synology at home and since I installed a new one, my IP 
>> address 80.254.190.8 has been blocked and I cannot update any more the 
>> signature on all of them.
> 
> In that case, you're either running an outdated version of ClamAV (< 0.100) 
> or you're not using 'freshclam' to update the virus signatures. See 
> https://lists.clamav.net/pipermail/clamav-users/2021-March/010726.html
> 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] unsubscribe

[Bill Speidel]

please unsubscribe me...

--
William H. Speidel, President
ENER G Systems, Inc.
117 Green Street Suite 1
Warrenton, VA 20186
540-547-6005


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] help my IP address has been blocked

[Arjen de Korte via clamav-users]

Citeren Diego D'Amico :

I am using few synology at home and since I installed a new one, my  
IP address 80.254.190.8 has been blocked and I cannot update any  
more the signature on all of them.


In that case, you're either running an outdated version of ClamAV (<  
0.100) or you're not using 'freshclam' to update the virus signatures.  
See  
https://lists.clamav.net/pipermail/clamav-users/2021-March/010726.html



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] help my IP address has been blocked

[Diego D'Amico]

Hi support team,

I am using few synology at home and since I installed a new one, my IP address 
80.254.190.8 has been blocked and I cannot update any more the signature on all 
of them.

thanks in advance for your support

Diego

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml