Re: [clamav-users] Updates from ClamAV blocked by Cloudflare

[Joel Esler (jesler)]

I need more details (feel free to email me directly).

Version of ClamAV you are attempting to update.
Your IP
The RAYId from Cloudflare.

We have plenty of blocks in Cloudflare of people that are abusing the system.  
Hopefully that's not you :)

> On Nov 6, 2018, at 9:57 PM, twee...@secmail.pro wrote:
> 
> https://notabug.org/themusicgod1/cloudflare-tor/issues/32
> http://forums.clamwin.com/viewtopic.php?t=4915
> 
> What now? How can I update my computer?
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Updates from ClamAV blocked by Cloudflare

[Joel Esler (jesler)]

On Nov 6, 2018, at 10:37 PM, Al Varnell 
mailto:alvarn...@mac.com>> wrote:

Look under “Virus Definitions” here . Download 
daily.cvd and replace daily.cld file with it.

Which gets it from Cloudflare :)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Updates from ClamAV blocked by Cloudflare

[Gary R. Schmidt]

On 2018-11-07 13:57, twee...@secmail.pro wrote:

https://notabug.org/themusicgod1/cloudflare-tor/issues/32
http://forums.clamwin.com/viewtopic.php?t=4915

What now? How can I update my computer?

What you should do is find out *why* cloudflare has banned your IP 
address, and get that fixed, because if you are on a ban list then you 
will find that more and more sites will refuse to accept connections.


Short term - use a machine that is not on a blocked IP address to 
download items, and transfer them manually.


Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Updates from ClamAV blocked by Cloudflare

[Al Varnell]

Look under “Virus Definitions” here . Download 
daily.cvd and replace daily.cld file with it.

Sent from my iPad

-Al-
ClamXAV user

> On Nov 6, 2018, at 18:57, twee...@secmail.pro wrote:
> 
> https://notabug.org/themusicgod1/cloudflare-tor/issues/32
> http://forums.clamwin.com/viewtopic.php?t=4915
> 
> What now? How can I update my computer?
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Updates from ClamAV blocked by Cloudflare

[tweeter]

https://notabug.org/themusicgod1/cloudflare-tor/issues/32
http://forums.clamwin.com/viewtopic.php?t=4915

What now? How can I update my computer?

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] updates

[Paul Kosinski]

"Ah, so when you have things like the 14/15 minute delay, the delay may
not be that long?"

Yes, sampling every 15 minutes *could* mean that a nominal 15 min delay
is in fact only a fraction of a second, but assuming that delays are
uniformly distributed, the mean and median would be 7.5 minutes. And of
course there have been lots of delays over 15 minutes nominal.

Notes:

1. We only sample every 15 minutes since we didn't want to risk being
   banned for excessive HTTP traffic -- long delays would result in
   lots of (short) curls.

2. Freshclam et al run on our gateway machine, which is NTP stratum 2,
   so the reported delays are not due to local clock errors.

3. Other machines on our LAN get updates from the gateway machine, using
   strictly local curls without even using DNS TXT. (External bandwidth
   is not needed.)

4. The most recent delay reports are rather worse than previous ones:

   2018-09-07 14:33:01  01:29:59 delay
   2018-09-07 21:48:01  00:45:00 delay
   2018-09-08 05:48:02  00:44:59 delay
   2018-09-08 13:18:01  00:15:00 delay
   2018-09-08 21:48:02  00:30:00 delay
   2018-09-09 05:03:02  No delay
   2018-09-09 13:18:01  00:14:59 delay
   2018-09-09 21:48:01  00:45:00 delay
   2018-09-10 05:03:02  No delay
   2018-09-10 14:18:01  00:59:59 delay
   2018-09-10 21:33:02  00:30:00 delay
   2018-09-11 05:48:01  00:44:59 delay
   2018-09-11 14:03:01  00:59:59 delay
   2018-09-11 21:18:01  00:15:00 delay
   2018-09-12 05:33:02  00:15:00 delay
   2018-09-12 13:48:02  00:45:01 delay
   2018-09-12 22:18:02  No delay
   2018-09-13 06:03:02  01:00:00 delay

---

On Thu, 13 Sep 2018 14:00:36 +
"Joel Esler (jesler)"  wrote:

> Ah, so when you have things like the 14/15 minute delay, the delay
> may not be that long?
> 
> > On Sep 13, 2018, at 2:16 AM, Paul Kosinski 
> > wrote:
> > 
> > "What is the interval that you run this?"
> > 
> > Every 15 minutes by cron, specifically:
> > 
> > OCBG='/opt/clamav/bin/getfreshclam'
> > 
> >3  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav
> > $OCBG  &&  /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP
> > havp80d 18  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u
> > clamav $OCBG  &&  /usr/bin/killall -HUP havp80c
> > &&  /usr/bin/killall -HUP havp80d 33  *   * * *  root  test -x
> > $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  /usr/bin/killall -HUP
> > havp80c  &&  /usr/bin/killall -HUP havp80d 48  *   * * *  root
> > test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG
> > &&  /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
> > 
> > 
> > (Original post mentioned the interval in passing in the text.)
> > 
> >>> Attached is the code we use to update ClamAV: 'getfreshclam' is
> >>> run by cron under userid clamav (same as clamd) every so often
> >>> (currently every 15 mins) to determine if there are any relevant
> > 
> > --
> > 
> > On Wed, 12 Sep 2018 20:59:45 +
> > "Joel Esler (jesler)"  wrote:
> > 
> >> What is the interval that you run this?
> >> 
> >>> On Sep 12, 2018, at 4:53 PM, Paul Kosinski
> >>>  wrote:
> >>> 
> >>> Joel (and any other interested parties),
> >>> 
> >>> Attached is the code we use to update ClamAV: 'getfreshclam' is
> >>> run by cron under userid clamav (same as clamd) every so often
> >>> (currently every 15 mins) to determine if there are any relevant
> >>> cvd files to update (currently daily.cvd, bytecode.cvd and
> >>> main.cvd).
> >>> 
> >>> Only if something is *really* there -- as determined by *both* the
> >>> DNS TXT record and quick 'curl' of the head of the cvd file -- is
> >>> 'freshclam' invoked to do the actual work. This ensures that
> >>> running the test pretty often doesn't put a big load on the
> >>> servers.
> >>> 
> >>> Notes to help understanding the code:
> >>> 
> >>> 'testclam-external' does the DNS TXT and curl test.
> >>> 
> >>> 'report-delays' logs the delays (or non- delays) found.
> >>> 
> >>> We keep various recent versions of ClamAV in /opt/clamav.d, both
> >>> for testing, and in case we have to backtrack. Thus, /opt/clamav
> >>> is a symlink to the current version, as in:
> >>> 
> >>> /opt/clamav -> /opt/clamav.d/clamav.0.100.1
> >>> 
> >>> 
> >>> Enjoy!
> >>> Paul Kosinski

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] updates

[Joel Esler (jesler)]

Ah, so when you have things like the 14/15 minute delay, the delay may not be 
that long?

> On Sep 13, 2018, at 2:16 AM, Paul Kosinski  wrote:
> 
> "What is the interval that you run this?"
> 
> Every 15 minutes by cron, specifically:
> 
> OCBG='/opt/clamav/bin/getfreshclam'
> 
>3  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  
> /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
>   18  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  
> /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
>   33  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  
> /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
>   48  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  
> /usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
> 
> 
> (Original post mentioned the interval in passing in the text.)
> 
>>> Attached is the code we use to update ClamAV: 'getfreshclam' is run
>>> by cron under userid clamav (same as clamd) every so often
>>> (currently every 15 mins) to determine if there are any relevant
> 
> --
> 
> On Wed, 12 Sep 2018 20:59:45 +
> "Joel Esler (jesler)"  wrote:
> 
>> What is the interval that you run this?
>> 
>>> On Sep 12, 2018, at 4:53 PM, Paul Kosinski 
>>> wrote:
>>> 
>>> Joel (and any other interested parties),
>>> 
>>> Attached is the code we use to update ClamAV: 'getfreshclam' is run
>>> by cron under userid clamav (same as clamd) every so often
>>> (currently every 15 mins) to determine if there are any relevant
>>> cvd files to update (currently daily.cvd, bytecode.cvd and
>>> main.cvd).
>>> 
>>> Only if something is *really* there -- as determined by *both* the
>>> DNS TXT record and quick 'curl' of the head of the cvd file -- is
>>> 'freshclam' invoked to do the actual work. This ensures that running
>>> the test pretty often doesn't put a big load on the servers.
>>> 
>>> Notes to help understanding the code:
>>> 
>>> 'testclam-external' does the DNS TXT and curl test.
>>> 
>>> 'report-delays' logs the delays (or non- delays) found.
>>> 
>>> We keep various recent versions of ClamAV in /opt/clamav.d, both for
>>> testing, and in case we have to backtrack. Thus, /opt/clamav is a
>>> symlink to the current version, as in:
>>> 
>>> /opt/clamav -> /opt/clamav.d/clamav.0.100.1
>>> 
>>> 
>>> Enjoy!
>>> Paul Kosinski
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] updates

[Paul Kosinski]

"What is the interval that you run this?"

Every 15 minutes by cron, specifically:

 OCBG='/opt/clamav/bin/getfreshclam'

3  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  
/usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
   18  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  
/usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
   33  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  
/usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d
   48  *   * * *  root  test -x $OCBG  &&  /usr/bin/sudo -u clamav $OCBG  &&  
/usr/bin/killall -HUP havp80c  &&  /usr/bin/killall -HUP havp80d


(Original post mentioned the interval in passing in the text.)

> > Attached is the code we use to update ClamAV: 'getfreshclam' is run
> > by cron under userid clamav (same as clamd) every so often
> > (currently every 15 mins) to determine if there are any relevant

--

On Wed, 12 Sep 2018 20:59:45 +
"Joel Esler (jesler)"  wrote:

> What is the interval that you run this?
> 
> > On Sep 12, 2018, at 4:53 PM, Paul Kosinski 
> > wrote:
> > 
> > Joel (and any other interested parties),
> > 
> > Attached is the code we use to update ClamAV: 'getfreshclam' is run
> > by cron under userid clamav (same as clamd) every so often
> > (currently every 15 mins) to determine if there are any relevant
> > cvd files to update (currently daily.cvd, bytecode.cvd and
> > main.cvd).
> > 
> > Only if something is *really* there -- as determined by *both* the
> > DNS TXT record and quick 'curl' of the head of the cvd file -- is
> > 'freshclam' invoked to do the actual work. This ensures that running
> > the test pretty often doesn't put a big load on the servers.
> > 
> > Notes to help understanding the code:
> > 
> > 'testclam-external' does the DNS TXT and curl test.
> > 
> > 'report-delays' logs the delays (or non- delays) found.
> > 
> > We keep various recent versions of ClamAV in /opt/clamav.d, both for
> > testing, and in case we have to backtrack. Thus, /opt/clamav is a
> > symlink to the current version, as in:
> > 
> >  /opt/clamav -> /opt/clamav.d/clamav.0.100.1
> > 
> > 
> > Enjoy!
> > Paul Kosinski
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] updates

[Paul Kosinski]

Joel (and any other interested parties),

Attached is the code we use to update ClamAV: 'getfreshclam' is run by
cron under userid clamav (same as clamd) every so often (currently
every 15 mins) to determine if there are any relevant cvd files to
update (currently daily.cvd, bytecode.cvd and main.cvd).

Only if something is *really* there -- as determined by *both* the DNS
TXT record and quick 'curl' of the head of the cvd file -- is
'freshclam' invoked to do the actual work. This ensures that running
the test pretty often doesn't put a big load on the servers.

Notes to help understanding the code:

'testclam-external' does the DNS TXT and curl test.

'report-delays' logs the delays (or non- delays) found.

We keep various recent versions of ClamAV in /opt/clamav.d, both for
testing, and in case we have to backtrack. Thus, /opt/clamav is a
symlink to the current version, as in:

  /opt/clamav -> /opt/clamav.d/clamav.0.100.1


Enjoy!
Paul Kosinski


On Wed, 12 Sep 2018 15:41:23 +
"Joel Esler (jesler)"  wrote:

> Paul,
> 
> Can you give me some more information on how you do this?  How often
> is the check ran, etc.
> 
> I am working with cloudflare on the issue now.
> 
> On Sep 7, 2018, at 2:25 PM, Paul Kosinski
> mailto:clamav-us...@iment.com>> wrote:
> 
> Here is our recent CVD delay report showing how long the actual
> daily.cvd (and sometimes bytcode.cvd) file(s) lag behind the DNS TXT
> record.
> 
> We are located near Boston, and the data comes via Comcast cable, but
> our DNS queries use our old, slow static-IP DSL. I keep it this way
> because there were stories about some major ISPs munging DSL replies
> (like replacing NXDOMAIN with an IP addresse of a Web site belonging
> to the ISP). Our DSL, on the other hand, doesn't ever do this, and
> even passes port 25, so we can send mail directly (rather than
> relaying through a possibly snoopy ISP.)
> 
>  2018-08-18 05:03:02  No delay
>  2018-08-18 13:18:02  00:15:01 delay
>  2018-08-18 21:33:02  00:15:01 delay
>  2018-08-19 05:03:01  No delay
>  2018-08-19 14:03:01  00:44:59 delay
>  2018-08-19 21:18:02  00:15:00 delay
>  2018-08-20 05:33:02  00:30:01 delay
>  2018-08-20 13:33:02  00:30:00 delay
>  2018-08-20 21:03:02  No delay
>  2018-08-21 05:18:01  No delay
>  2018-08-21 13:03:01  No delay
>  2018-08-22 18:18:02  00:15:00 delay
>  2018-08-23 02:33:01  00:29:59 delay
>  2018-08-23 09:48:02  00:45:00 delay
>  2018-08-23 17:03:02  No delay
>  2018-08-24 02:18:02  01:15:00 delay
>  2018-08-24 09:33:02  00:30:00 delay
>  2018-08-24 18:48:02  00:30:01 delay
>  2018-08-25 01:18:02  No delay
>  2018-08-25 09:18:02  00:15:00 delay
>  2018-08-25 17:33:02  00:30:00 delay
>  2018-08-26 02:33:01  01:29:59 delay
>  2018-08-26 09:48:02  00:45:01 delay
>  2018-08-26 18:03:02  01:00:00 delay
>  2018-08-27 01:03:01  No delay
>  2018-08-27 09:18:02  00:15:00 delay
>  2018-08-27 17:33:01  00:29:59 delay
>  2018-08-28 01:48:02  00:45:00 delay
>  2018-08-28 09:18:02  No delay
>  2018-08-28 17:33:01  No delay
>  2018-08-29 01:18:01  00:14:59 delay
>  2018-08-29 09:33:02  00:30:01 delay
>  2018-08-29 17:48:01  00:45:00 delay
>  2018-08-30 01:03:01  No delay
>  2018-08-30 09:18:02  00:15:00 delay
>  2018-08-30 17:18:01  00:14:59 delay
>  2018-08-31 01:18:01  00:14:59 delay
>  2018-08-31 09:48:02  00:45:01 delay
>  2018-08-31 22:18:01  00:45:00 delay
>  2018-09-01 05:18:01  00:14:59 delay
>  2018-09-01 13:33:02  00:30:00 delay
>  2018-09-01 21:48:01  00:44:59 delay
>  2018-09-02 07:03:02  01:00:00 delay
>  2018-09-02 13:48:01  00:44:59 delay
>  2018-09-02 21:03:01  No delay
>  2018-09-03 05:03:02  No delay
>  2018-09-03 13:03:02  No delay
>  2018-09-03 21:03:01  No delay
>  2018-09-04 05:03:01  No delay
>  2018-09-04 13:03:02  No delay
>  2018-09-04 21:03:01  No delay
>  2018-09-05 05:03:02  No delay
>  2018-09-05 14:18:01  01:14:59 delay
>  2018-09-05 21:18:02  00:15:00 delay
>  2018-09-06 05:18:02  00:15:00 delay
>  2018-09-06 13:33:02  00:30:01 delay
>  2018-09-06 21:03:03  No delay
>  2018-09-07 05:18:02  00:15:00 delay


reportdelays
Description: Binary data


testclam-external
Description: Binary data


getfreshclam
Description: Binary data
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] updates

[Joel Esler (jesler)]

We are going to need more information than that 

Sent from my iPhone

> On Sep 12, 2018, at 06:58, Michael Da Cova  wrote:
> 
> Hi
> 
> is anyone else getting sync errors
> 
> Michael
> 
> 
> 
>> On 07/09/18 10:11, Michael Da Cova wrote:
>> Hi
>> 
>> I still get "WARNING: Mirror 104.16.187.138 is not synchronized" often on 
>> freshclam updates
>> 
>> Trying to download http://database.clamav.net/daily.cvd (IP: 104.16.187.138)
>> Downloading daily.cvd [100%]
>> WARNING: Mirror 104.16.187.138 is not synchronized
>> 
>> Trying to download http://database.clamav.net/daily.cvd (IP: 104.16.185.138)
>> Downloading daily.cvd [100%]
>> WARNING: Mirror 104.16.185.138 is not synchronized.
>> 
>> Trying to download http://database.clamav.net/daily.cvd (IP: 104.16.186.138)
>> Downloading daily.cvd [100%]
>> WARNING: Mirror 104.16.186.138 is not synchronized.
>> 
>> Querying daily.0.79.0.0.6810BA8A.ping.clamav.net
>> Giving up on database.clamav.net...
>> 
>> I have been deleting the mirror.dat file which seems to help for a while
>> 
> 
> -- 
> Michael Da Cova
> 
> Technical Support Manager
> 
> Main Tel: +44 (0)117 3357335 / Mob: +44 (0)790887629
> Email: mdac...@netpilot.com - Web: www.netpilot.com
> 
> NetPilot Global Ltd. 9 Portland Square, Bristol, BS2 8ST
> 
> Registered in England & Wales, Company No. 11034665 - VAT Number. 280 6776 73
> Privileged/Confidential Information may be contained in this message.
> If you are not the addressee indicated in this message (or responsible for 
> delivery of the message to such person),
> you may not copy or deliver this message to anyone. In such case, you should 
> destroy this message and kindly notify the sender by reply email.
> Please advise immediately if you or your employer do not consent to Internet 
> email for messages of this kind. Opinions,
> conclusions and other information in this message that do not relate to the 
> official business of NetPilot Global Ltd shall be understood as neither given 
> nor endorsed by it.
> 
> NetPilot Global Ltd is committed to GDPR compliance.
> We are also committed to helping our customers comply with the GDPR by 
> providing stringent privacy and security protections that are built into our 
> service and contracts.
> Any personal information that NetPilot Global Ltd may collect (including, but 
> not limited to, your name, company and email address) will be collected, used 
> and held in accordance with the provisions of GDPR and your rights under that 
> Act.
> 
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] updates

[Michael Da Cova]

Hi

is anyone else getting sync errors

Michael



On 07/09/18 10:11, Michael Da Cova wrote:

Hi

I still get "WARNING: Mirror 104.16.187.138 is not synchronized" often 
on freshclam updates


Trying to download http://database.clamav.net/daily.cvd (IP: 
104.16.187.138)

Downloading daily.cvd [100%]
WARNING: Mirror 104.16.187.138 is not synchronized

Trying to download http://database.clamav.net/daily.cvd (IP: 
104.16.185.138)

Downloading daily.cvd [100%]
WARNING: Mirror 104.16.185.138 is not synchronized.

Trying to download http://database.clamav.net/daily.cvd (IP: 
104.16.186.138)

Downloading daily.cvd [100%]
WARNING: Mirror 104.16.186.138 is not synchronized.

Querying daily.0.79.0.0.6810BA8A.ping.clamav.net
Giving up on database.clamav.net...

I have been deleting the mirror.dat file which seems to help for a while



--
Michael Da Cova

Technical Support Manager

Main Tel: +44 (0)117 3357335 / Mob: +44 (0)790887629
Email: mdac...@netpilot.com - Web: www.netpilot.com

NetPilot Global Ltd. 9 Portland Square, Bristol, BS2 8ST

Registered in England & Wales, Company No. 11034665 - VAT Number. 280 6776 73
Privileged/Confidential Information may be contained in this message.
If you are not the addressee indicated in this message (or responsible for 
delivery of the message to such person),
you may not copy or deliver this message to anyone. In such case, you should 
destroy this message and kindly notify the sender by reply email.
Please advise immediately if you or your employer do not consent to Internet 
email for messages of this kind. Opinions,
conclusions and other information in this message that do not relate to the 
official business of NetPilot Global Ltd shall be understood as neither given 
nor endorsed by it.

NetPilot Global Ltd is committed to GDPR compliance.
We are also committed to helping our customers comply with the GDPR by 
providing stringent privacy and security protections that are built into our 
service and contracts.
Any personal information that NetPilot Global Ltd may collect (including, but 
not limited to, your name, company and email address) will be collected, used 
and held in accordance with the provisions of GDPR and your rights under that 
Act.

 


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] updates

[Michael Da Cova]

Hi

sorry just noticed the question below, I never got the original email 
from Micah


EU, Ireland (IE)


~michael


We are located near Boston, and the data comes via Comcast cable, but
our DNS queries use our old, slow static-IP DSL. I keep it this way
because there were stories about some major ISPs munging DSL replies
(like replacing NXDOMAIN with an IP addresse of a Web site belonging to
the ISP). Our DSL, on the other hand, doesn't ever do this, and even
passes port 25, so we can send mail directly (rather than relaying
through a possibly snoopy ISP.)

   2018-08-18 05:03:02  No delay
   2018-08-18 13:18:02  00:15:01 delay
   2018-08-18 21:33:02  00:15:01 delay
   2018-08-19 05:03:01  No delay
   2018-08-19 14:03:01  00:44:59 delay
   2018-08-19 21:18:02  00:15:00 delay
   2018-08-20 05:33:02  00:30:01 delay
   2018-08-20 13:33:02  00:30:00 delay
   2018-08-20 21:03:02  No delay
   2018-08-21 05:18:01  No delay
   2018-08-21 13:03:01  No delay
   2018-08-22 18:18:02  00:15:00 delay
   2018-08-23 02:33:01  00:29:59 delay
   2018-08-23 09:48:02  00:45:00 delay
   2018-08-23 17:03:02  No delay
   2018-08-24 02:18:02  01:15:00 delay
   2018-08-24 09:33:02  00:30:00 delay
   2018-08-24 18:48:02  00:30:01 delay
   2018-08-25 01:18:02  No delay
   2018-08-25 09:18:02  00:15:00 delay
   2018-08-25 17:33:02  00:30:00 delay
   2018-08-26 02:33:01  01:29:59 delay
   2018-08-26 09:48:02  00:45:01 delay
   2018-08-26 18:03:02  01:00:00 delay
   2018-08-27 01:03:01  No delay
   2018-08-27 09:18:02  00:15:00 delay
   2018-08-27 17:33:01  00:29:59 delay
   2018-08-28 01:48:02  00:45:00 delay
   2018-08-28 09:18:02  No delay
   2018-08-28 17:33:01  No delay
   2018-08-29 01:18:01  00:14:59 delay
   2018-08-29 09:33:02  00:30:01 delay
   2018-08-29 17:48:01  00:45:00 delay
   2018-08-30 01:03:01  No delay
   2018-08-30 09:18:02  00:15:00 delay
   2018-08-30 17:18:01  00:14:59 delay
   2018-08-31 01:18:01  00:14:59 delay
   2018-08-31 09:48:02  00:45:01 delay
   2018-08-31 22:18:01  00:45:00 delay
   2018-09-01 05:18:01  00:14:59 delay
   2018-09-01 13:33:02  00:30:00 delay
   2018-09-01 21:48:01  00:44:59 delay
   2018-09-02 07:03:02  01:00:00 delay
   2018-09-02 13:48:01  00:44:59 delay
   2018-09-02 21:03:01  No delay
   2018-09-03 05:03:02  No delay
   2018-09-03 13:03:02  No delay
   2018-09-03 21:03:01  No delay
   2018-09-04 05:03:01  No delay
   2018-09-04 13:03:02  No delay
   2018-09-04 21:03:01  No delay
   2018-09-05 05:03:02  No delay
   2018-09-05 14:18:01  01:14:59 delay
   2018-09-05 21:18:02  00:15:00 delay
   2018-09-06 05:18:02  00:15:00 delay
   2018-09-06 13:33:02  00:30:01 delay
   2018-09-06 21:03:03  No delay
   2018-09-07 05:18:02  00:15:00 delay

--

On Fri, 7 Sep 2018 15:32:51 +
"Micah Snyder (micasnyd)"  wrote:


Hi Michael,

Can you tell me what geographic region/country you're coming from?
We've seen reports of this from a number of users though I've never
personally observed this.  I am starting to wonder if the issue is
only occurring in certain region(s).

Regardless, I am going to try to mitigate the error in the upcoming
0.100.2 patch release and 0.101 feature release.

-Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Sep 7, 2018, at 5:11 AM, Michael Da Cova
mailto:mdac...@netpilot.com>> wrote:

Hi

I still get "WARNING: Mirror 104.16.187.138 is not synchronized"
often on freshclam updates

Trying to download http://database.clamav.net/daily.cvd (IP:
104.16.187.138) Downloading daily.cvd [100%]
WARNING: Mirror 104.16.187.138 is not synchronized

Trying to download http://database.clamav.net/daily.cvd (IP:
104.16.185.138) Downloading daily.cvd [100%]
WARNING: Mirror 104.16.185.138 is not synchronized.

Trying to download http://database.clamav.net/daily.cvd (IP:
104.16.186.138) Downloading daily.cvd [100%]
WARNING: Mirror 104.16.186.138 is not synchronized.

Querying daily.0.79.0.0.6810BA8A.ping.clamav.net
Giving up on database.clamav.net...

I have been deleting the mirror.dat file which seems to help for a
while

--
Michael Da Cova

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


--
Michael Da Cova

Technical Support Manager

Main Tel: +44 (0)117 3357335 / Mob: +44 (0)790887629
Email: mdac...@netpilot.com - Web: www.netpilot.com

NetPilot Global Ltd. 9 Portland Square, Bristol, BS2 8ST

Registered in England & Wales, Company No. 11034665 - VAT Number. 280 6776 73
Privileged/Confidential Information may be contained in this message.
If you are not the addressee indicated in this message (or responsible for 
delivery of the message to such person),
you may not copy or deliver this message to anyone. In such case, you should 
destroy this message and kindly notify the sender by reply 

Re: [clamav-users] updates

[Paul Kosinski]

Here is our recent CVD delay report showing how long the actual
daily.cvd (and sometimes bytcode.cvd) file(s) lag behind the DNS TXT
record.

We are located near Boston, and the data comes via Comcast cable, but
our DNS queries use our old, slow static-IP DSL. I keep it this way
because there were stories about some major ISPs munging DSL replies
(like replacing NXDOMAIN with an IP addresse of a Web site belonging to
the ISP). Our DSL, on the other hand, doesn't ever do this, and even
passes port 25, so we can send mail directly (rather than relaying
through a possibly snoopy ISP.)

  2018-08-18 05:03:02  No delay
  2018-08-18 13:18:02  00:15:01 delay
  2018-08-18 21:33:02  00:15:01 delay
  2018-08-19 05:03:01  No delay
  2018-08-19 14:03:01  00:44:59 delay
  2018-08-19 21:18:02  00:15:00 delay
  2018-08-20 05:33:02  00:30:01 delay
  2018-08-20 13:33:02  00:30:00 delay
  2018-08-20 21:03:02  No delay
  2018-08-21 05:18:01  No delay
  2018-08-21 13:03:01  No delay
  2018-08-22 18:18:02  00:15:00 delay
  2018-08-23 02:33:01  00:29:59 delay
  2018-08-23 09:48:02  00:45:00 delay
  2018-08-23 17:03:02  No delay
  2018-08-24 02:18:02  01:15:00 delay
  2018-08-24 09:33:02  00:30:00 delay
  2018-08-24 18:48:02  00:30:01 delay
  2018-08-25 01:18:02  No delay
  2018-08-25 09:18:02  00:15:00 delay
  2018-08-25 17:33:02  00:30:00 delay
  2018-08-26 02:33:01  01:29:59 delay
  2018-08-26 09:48:02  00:45:01 delay
  2018-08-26 18:03:02  01:00:00 delay
  2018-08-27 01:03:01  No delay
  2018-08-27 09:18:02  00:15:00 delay
  2018-08-27 17:33:01  00:29:59 delay
  2018-08-28 01:48:02  00:45:00 delay
  2018-08-28 09:18:02  No delay
  2018-08-28 17:33:01  No delay
  2018-08-29 01:18:01  00:14:59 delay
  2018-08-29 09:33:02  00:30:01 delay
  2018-08-29 17:48:01  00:45:00 delay
  2018-08-30 01:03:01  No delay
  2018-08-30 09:18:02  00:15:00 delay
  2018-08-30 17:18:01  00:14:59 delay
  2018-08-31 01:18:01  00:14:59 delay
  2018-08-31 09:48:02  00:45:01 delay
  2018-08-31 22:18:01  00:45:00 delay
  2018-09-01 05:18:01  00:14:59 delay
  2018-09-01 13:33:02  00:30:00 delay
  2018-09-01 21:48:01  00:44:59 delay
  2018-09-02 07:03:02  01:00:00 delay
  2018-09-02 13:48:01  00:44:59 delay
  2018-09-02 21:03:01  No delay
  2018-09-03 05:03:02  No delay
  2018-09-03 13:03:02  No delay
  2018-09-03 21:03:01  No delay
  2018-09-04 05:03:01  No delay
  2018-09-04 13:03:02  No delay
  2018-09-04 21:03:01  No delay
  2018-09-05 05:03:02  No delay
  2018-09-05 14:18:01  01:14:59 delay
  2018-09-05 21:18:02  00:15:00 delay
  2018-09-06 05:18:02  00:15:00 delay
  2018-09-06 13:33:02  00:30:01 delay
  2018-09-06 21:03:03  No delay
  2018-09-07 05:18:02  00:15:00 delay

--

On Fri, 7 Sep 2018 15:32:51 +
"Micah Snyder (micasnyd)"  wrote:

> Hi Michael,
> 
> Can you tell me what geographic region/country you're coming from?
> We've seen reports of this from a number of users though I've never
> personally observed this.  I am starting to wonder if the issue is
> only occurring in certain region(s).
> 
> Regardless, I am going to try to mitigate the error in the upcoming
> 0.100.2 patch release and 0.101 feature release.
> 
> -Micah
> 
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> 
> 
> On Sep 7, 2018, at 5:11 AM, Michael Da Cova
> mailto:mdac...@netpilot.com>> wrote:
> 
> Hi
> 
> I still get "WARNING: Mirror 104.16.187.138 is not synchronized"
> often on freshclam updates
> 
> Trying to download http://database.clamav.net/daily.cvd (IP:
> 104.16.187.138) Downloading daily.cvd [100%]
> WARNING: Mirror 104.16.187.138 is not synchronized
> 
> Trying to download http://database.clamav.net/daily.cvd (IP:
> 104.16.185.138) Downloading daily.cvd [100%]
> WARNING: Mirror 104.16.185.138 is not synchronized.
> 
> Trying to download http://database.clamav.net/daily.cvd (IP:
> 104.16.186.138) Downloading daily.cvd [100%]
> WARNING: Mirror 104.16.186.138 is not synchronized.
> 
> Querying daily.0.79.0.0.6810BA8A.ping.clamav.net
> Giving up on database.clamav.net...
> 
> I have been deleting the mirror.dat file which seems to help for a
> while
> 
> --
> Michael Da Cova

> 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] updates

[Micah Snyder (micasnyd)]

Hi Michael,

Can you tell me what geographic region/country you're coming from?  We've seen 
reports of this from a number of users though I've never personally observed 
this.  I am starting to wonder if the issue is only occurring in certain 
region(s).

Regardless, I am going to try to mitigate the error in the upcoming 0.100.2 
patch release and 0.101 feature release.

-Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Sep 7, 2018, at 5:11 AM, Michael Da Cova 
mailto:mdac...@netpilot.com>> wrote:

Hi

I still get "WARNING: Mirror 104.16.187.138 is not synchronized" often on 
freshclam updates

Trying to download http://database.clamav.net/daily.cvd (IP: 104.16.187.138)
Downloading daily.cvd [100%]
WARNING: Mirror 104.16.187.138 is not synchronized

Trying to download http://database.clamav.net/daily.cvd (IP: 104.16.185.138)
Downloading daily.cvd [100%]
WARNING: Mirror 104.16.185.138 is not synchronized.

Trying to download http://database.clamav.net/daily.cvd (IP: 104.16.186.138)
Downloading daily.cvd [100%]
WARNING: Mirror 104.16.186.138 is not synchronized.

Querying daily.0.79.0.0.6810BA8A.ping.clamav.net
Giving up on database.clamav.net...

I have been deleting the mirror.dat file which seems to help for a while

--
Michael Da Cova

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] updates

[Michael Da Cova]

Hi

I still get "WARNING: Mirror 104.16.187.138 is not synchronized" often 
on freshclam updates


Trying to download http://database.clamav.net/daily.cvd (IP: 104.16.187.138)
Downloading daily.cvd [100%]
WARNING: Mirror 104.16.187.138 is not synchronized

Trying to download http://database.clamav.net/daily.cvd (IP: 104.16.185.138)
Downloading daily.cvd [100%]
WARNING: Mirror 104.16.185.138 is not synchronized.

Trying to download http://database.clamav.net/daily.cvd (IP: 104.16.186.138)
Downloading daily.cvd [100%]
WARNING: Mirror 104.16.186.138 is not synchronized.

Querying daily.0.79.0.0.6810BA8A.ping.clamav.net
Giving up on database.clamav.net...

I have been deleting the mirror.dat file which seems to help for a while

--
Michael Da Cova

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Updates seem to be stalled.

[Greg Folkert]

I haven't seen an update on my local LAN mirror since daily-18317.cdiff
at January 2, 2014 at 05:01 MT. 

Both daily.cvd and daily-18317.cdiff are the same date and time.

Could it be that DNS is not being updated? Or are we just that lucky?
-- 
greg folkert - systems administration and support
web:donor.com
email:  g...@donor.com
phone:  877-751-3300 x416
direct: 616-328-6449 (direct dial and fax)
I like to listen. I have learned a great deal from listening carefully.
Most people never listen.
-- Ernest Hemingway

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] Updates seem to be stalled.

[Greg Folkert]

On Mon, 2014-01-06 at 07:18 -0500, Greg Folkert wrote:
 I haven't seen an update on my local LAN mirror since daily-18317.cdiff
 at January 2, 2014 at 05:01 MT. 
 
 Both daily.cvd and daily-18317.cdiff are the same date and time.
 
 Could it be that DNS is not being updated? Or are we just that lucky?

And just so we are clear, here is my Google DNS entry for 

###
$ dig -ttxt current.cvd.clamav.net
[SNIP]
;; QUESTION SECTION:
;current.cvd.clamav.net.IN  TXT

;; ANSWER SECTION:
current.cvd.clamav.net. 1324IN  TXT 
0.98:55:18317:1389007854:1:63:41411:235
###

and from my systems in Denver:
###
$ dig -ttxt current.cvd.clamav.net
[SNIP]
;; QUESTION SECTION:
;current.cvd.clamav.net.IN  TXT

;; ANSWER SECTION:
current.cvd.clamav.net. 1800IN  TXT 
0.98:55:18317:1389007854:1:63:41411:235
###

Cheers!
-- 
greg folkert - systems administration and support
web:donor.com
email:  g...@donor.com
phone:  877-751-3300 x416
direct: 616-328-6449 (direct dial and fax)
I like to listen. I have learned a great deal from listening carefully.
Most people never listen.
-- Ernest Hemingway

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] Updates seem to be stalled.

[Alain Zidouemba]

Thanks for the notification. The signatures updates will resume in the next
few hours.

-Alain

On Monday, January 6, 2014, Greg Folkert wrote:

 I haven't seen an update on my local LAN mirror since daily-18317.cdiff
 at January 2, 2014 at 05:01 MT.

 Both daily.cvd and daily-18317.cdiff are the same date and time.

 Could it be that DNS is not being updated? Or are we just that lucky?
 --
 greg folkert - systems administration and support
 web:donor.com
 email:  g...@donor.com javascript:;
 phone:  877-751-3300 x416
 direct: 616-328-6449 (direct dial and fax)
 I like to listen. I have learned a great deal from listening carefully.
 Most people never listen.
 -- Ernest Hemingway

 ___
 Help us build a comprehensive ClamAV guide:
 https://github.com/vrtadmin/clamav-faq
 http://www.clamav.net/support/ml



-- 
--
Alain Zidouemba
Malware Research Manager, VRT
Sourcefire, now part of Cisco
+1(410)423-4764 | direct
azidoue...@sourcefire.com
sourcefire.com
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] Updates seem to be stalled.

[Greg Folkert]

I'm seeing updates now. Thanks.

On Mon, 2014-01-06 at 07:27 -0500, Alain Zidouemba wrote:
 Thanks for the notification. The signatures updates will resume in the next
 few hours.
 
 -Alain
 
 On Monday, January 6, 2014, Greg Folkert wrote:
 
  I haven't seen an update on my local LAN mirror since daily-18317.cdiff
  at January 2, 2014 at 05:01 MT.
 
  Both daily.cvd and daily-18317.cdiff are the same date and time.
 
  Could it be that DNS is not being updated? Or are we just that lucky?
  --
  greg folkert - systems administration and support
  web:donor.com
  email:  g...@donor.com javascript:;
  phone:  877-751-3300 x416
  direct: 616-328-6449 (direct dial and fax)
  I like to listen. I have learned a great deal from listening carefully.
  Most people never listen.
  -- Ernest Hemingway
 
  ___
  Help us build a comprehensive ClamAV guide:
  https://github.com/vrtadmin/clamav-faq
  http://www.clamav.net/support/ml
 
 
 

-- 
greg folkert - systems administration and support
web:donor.com
email:  g...@donor.com
phone:  877-751-3300 x416
direct: 616-328-6449 (direct dial and fax)
I like to listen. I have learned a great deal from listening carefully.
Most people never listen.
-- Ernest Hemingway

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

[Clamav-users] Updates w/o freshclam

[John Corelli]

Hi All -

I'm new to clamav, but I've spent time looking through the archives and
FAQs, so I hope my question is not too newbish.

I'm running clam 0.95.3 on a single Centos 5.3 system.  That system will not
be connected to the internet ever, but I have DSS/NISPOM security
requirements that I run AV tools on that computer and update the virus
dat/database files on a regular basis.  I see that freshclam is a nice way
to get the updated sigs etc., but I will be running without that tool.

What is the best way to get virus sig updates via sneakernet?  From the
setup I have, I see that there is the main.cvd, daily.cvd and daily.cld
files which are all the ones that need to get updated.  

I believe it is the two daily.* files that need to be the same version at
all times, correct?  Is main.cvd the engine then?

Thanks for the help
John

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Updates w/o freshclam

[Török Edwin]

On 2010-01-07 19:49, John Corelli wrote:
 Hi All -

 I'm new to clamav, but I've spent time looking through the archives and
 FAQs, so I hope my question is not too newbish.

 I'm running clam 0.95.3 on a single Centos 5.3 system.  That system will not
 be connected to the internet ever, but I have DSS/NISPOM security
 requirements that I run AV tools on that computer and update the virus
 dat/database files on a regular basis.  I see that freshclam is a nice way
 to get the updated sigs etc., but I will be running without that tool.
   

If you are not connected to the internet what are you scanning? Network
shares?

 What is the best way to get virus sig updates via sneakernet?  From the
 setup I have, I see that there is the main.cvd, daily.cvd and daily.cld
 files which are all the ones that need to get updated.  

 I believe it is the two daily.* files that need to be the same version at
 all times, correct?  Is main.cvd the engine then?
   

Both main.cvd and daily.* are the database, main.cvd is updated less often,
while daily.cvd is updated several times a day.

The CVD and CLD files store the same information, the former is the
compressed database,
the latter is a previous CVD/CLD, with an incremental update applied to it.
Thus if you have a .cld file you shouldn't have a .cvd file. If the
incremental update fails you'll get a CVD file again.

The simplest way would be to run freshclam, copy {main,daily}.c[vl]d to
your device, then
stop clamd on the CentOS system, remove main.*, daily.* from the DBdir,
copy over your new databases,
and start clamd.

Best regards,
--Edwin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Updates w/o freshclam

[John Corelli]

 
 On 2010-01-07 19:49, John Corelli wrote:
  Hi All -
 
  I'm new to clamav, but I've spent time looking through the archives 
  and FAQs, so I hope my question is not too newbish.
 
  I'm running clam 0.95.3 on a single Centos 5.3 system.  That system 
  will not be connected to the internet ever, but I have DSS/NISPOM 
  security requirements that I run AV tools on that computer 
 and update 
  the virus dat/database files on a regular basis.  I see 
 that freshclam 
  is a nice way to get the updated sigs etc., but I will be 
 running without that tool.

 
 If you are not connected to the internet what are you 
 scanning? Network shares?
 
Any PDFs or other docs that get brought into the system.

  What is the best way to get virus sig updates via sneakernet?  From 
  the setup I have, I see that there is the main.cvd, daily.cvd and 
  daily.cld files which are all the ones that need to get updated.
 
  I believe it is the two daily.* files that need to be the 
 same version 
  at all times, correct?  Is main.cvd the engine then?

 
 Both main.cvd and daily.* are the database, main.cvd is 
 updated less often, while daily.cvd is updated several times a day.
 
 The CVD and CLD files store the same information, the former 
 is the compressed database, the latter is a previous CVD/CLD, 
 with an incremental update applied to it.
 Thus if you have a .cld file you shouldn't have a .cvd file. 
 If the incremental update fails you'll get a CVD file again.
 
 The simplest way would be to run freshclam, copy 
 {main,daily}.c[vl]d to your device, then stop clamd on the 
 CentOS system, remove main.*, daily.* from the DBdir, copy 
 over your new databases, and start clamd.

Okay, seems reasonable...but why run freshclam at all if I am manually
copying the databases over onto the device?  Are the steps you described the
ones that actually get done  automatically when you run freshclam?  (save
for the getting the databases from the 'net)  Or are you running freshclam
in the above sequence to verify versions at the start?

Regards
John

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Updates w/o freshclam

[Török Edwin]

On 2010-01-07 21:31, John Corelli wrote:
 On 2010-01-07 19:49, John Corelli wrote:
 
 Hi All -

 I'm new to clamav, but I've spent time looking through the archives 
 and FAQs, so I hope my question is not too newbish.

 I'm running clam 0.95.3 on a single Centos 5.3 system.  That system 
 will not be connected to the internet ever, but I have DSS/NISPOM 
 security requirements that I run AV tools on that computer 
   
 and update 
 
 the virus dat/database files on a regular basis.  I see 
   
 that freshclam 
 
 is a nice way to get the updated sigs etc., but I will be 
   
 running without that tool.
 
   
   
 If you are not connected to the internet what are you 
 scanning? Network shares?

 
 Any PDFs or other docs that get brought into the system.

   
 What is the best way to get virus sig updates via sneakernet?  From 
 the setup I have, I see that there is the main.cvd, daily.cvd and 
 daily.cld files which are all the ones that need to get updated.

 I believe it is the two daily.* files that need to be the 
   
 same version 
 
 at all times, correct?  Is main.cvd the engine then?
   
   
 Both main.cvd and daily.* are the database, main.cvd is 
 updated less often, while daily.cvd is updated several times a day.

 The CVD and CLD files store the same information, the former 
 is the compressed database, the latter is a previous CVD/CLD, 
 with an incremental update applied to it.
 Thus if you have a .cld file you shouldn't have a .cvd file. 
 If the incremental update fails you'll get a CVD file again.

 The simplest way would be to run freshclam, copy 
 {main,daily}.c[vl]d to your device, then stop clamd on the 
 CentOS system, remove main.*, daily.* from the DBdir, copy 
 over your new databases, and start clamd.

 
 Okay, seems reasonable...but why run freshclam at all if I am manually
 copying the databases over onto the device? 

You can download the databases yourself directly, like:
wget database.clamav.net/main.cvd
wget database.clamav.net/daily.cvd

main.cvd is rather large though, so its faster if you use freshclam to
update.

  Are the steps you described the
 ones that actually get done  automatically when you run freshclam?  (save
 for the getting the databases from the 'net) 

Freshclam checks remote DB version, tries to download an incremental
update and apply it,
if that is not possible it downloads the full DB and checks its version.
It also warns if engine is out of date.

  Or are you running freshclam
 in the above sequence to verify versions at the start?
   

I recommended to use freshclam, because its the simplest way to get an
up-to-date database.
For example it knows to retry downloading  from another mirror, if one
of the mirrors is down,
or has an old version.

Best regards,
--Edwin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Updates w/o freshclam

[Robert Wyatt]

The simplest way would be to run freshclam, copy
{main,daily}.c[vl]d to your device, then stop clamd on the
CentOS system, remove main.*, daily.* from the DBdir, copy
over your new databases, and start clamd.


Okay, seems reasonable...but why run freshclam at all if I am manually
copying the databases over onto the device?  Are the steps you described the
ones that actually get done  automatically when you run freshclam?  (save
for the getting the databases from the 'net)  Or are you running freshclam
in the above sequence to verify versions at the start?



Hi John,

Wanted to jump in to say that I found that confusing also. This is how 
I read it:


1) On external (meaning: not CentOS) machine: run freshclam (which 
will pick up the new {main,daily}.c[vl]d), then copy those new files 
to your sneakerware device.


2) On CentOS machine: stop clamd, copy over new files, restart clamd.

So the question is back to Torok for clarification.

Thanks,
Robert
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Updates w/o freshclam

[Török Edwin]

On 2010-01-07 22:08, Robert Wyatt wrote:
 The simplest way would be to run freshclam, copy
 {main,daily}.c[vl]d to your device, then stop clamd on the
 CentOS system, remove main.*, daily.* from the DBdir, copy
 over your new databases, and start clamd.

 Okay, seems reasonable...but why run freshclam at all if I am manually
 copying the databases over onto the device?  Are the steps you
 described the
 ones that actually get done  automatically when you run freshclam? 
 (save
 for the getting the databases from the 'net)  Or are you running
 freshclam
 in the above sequence to verify versions at the start?


 Hi John,

 Wanted to jump in to say that I found that confusing also. This is how
 I read it:

 1) On external (meaning: not CentOS) machine: run freshclam (which
 will pick up the new {main,daily}.c[vl]d), then copy those new files
 to your sneakerware device.

 2) On CentOS machine: stop clamd, copy over new files, restart clamd.

Also remove any old database files in step 2). Otherwise you may end up
with both a .cvd and a .cld file, which will load the same database twice.

 So the question is back to Torok for clarification.

Yes, that is what I meant, thanks for explaining it more clearly.

--Edwin

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Updates w/o freshclam

[John Corelli]

 
  Hi John,
 
  Wanted to jump in to say that I found that confusing also. 
 This is how 
  I read it:
 
  1) On external (meaning: not CentOS) machine: run freshclam (which 
  will pick up the new {main,daily}.c[vl]d), then copy those 
 new files 
  to your sneakerware device.
 
  2) On CentOS machine: stop clamd, copy over new files, 
 restart clamd.
 
 Also remove any old database files in step 2). Otherwise you 
 may end up with both a .cvd and a .cld file, which will load 
 the same database twice.
 
  So the question is back to Torok for clarification.
 
 Yes, that is what I meant, thanks for explaining it more clearly.
 
 --Edwin
 

Ahah...got it.
Thanks for the help and clarifications Torok and Robert - that helped.
I'll just need to run clam updates on another machine that's
connected...makes perfect sense now.
Thanks again!

John

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] Updates to my patches

[Joe Maimon]

Hello All,

For those who care,

There are new versions of these patches on my 
http://www.jmaimon.com/clamav page

- clamav-devel.jm-pl4

OR

-  max-child-wait - clamav-milter 0.70x (with the recent fix)
-  streammaxlength - clamav-milter 0.70x
- ALLOC_CHECK - clamav-milter 0.70x
- vsnprintf_alloc has now become vasprintf. There is now a patch which 
should apply against un-jm patched clamav-milter.
- Loginfected - new version that applies against a jm patched 
clamav-milter 0.70x

As usual any feedback, including flames is welcome,

Joe

---
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562alloc_id=6184op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] updates download

[Daniel Wiberg]

On Tue, Sep 16, 2003 at 05:18:16AM +, Payal Rathod wrote:
 Hi,
 Is it possible to download the updates manually and transfer therm on
 floppy or CD to a machine which does not have internet access but just
 local LAN access?
 If yes, how to do it?

wget http://clamav.sourceforge.net/database/viruses.db  wget
http://clamav.sourceforge.net/database/viruses.db2

Add .gz if you want them compressed.

//daniel wiberg

-- 
www.wiberg.nu


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] updates download

[Chris de Vidal]

--- Daniel Wiberg [EMAIL PROTECTED] wrote:
 On Tue, Sep 16, 2003 at 05:18:16AM +, Payal Rathod wrote:
  Is it possible to download the updates manually and transfer therm on
  floppy or CD to a machine which does not have internet access but just
  local LAN access?
  If yes, how to do it?
 
 wget http://clamav.sourceforge.net/database/viruses.db  wget
 http://clamav.sourceforge.net/database/viruses.db2
 
 Add .gz if you want them compressed.

...and then plop them into /usr/local/share/clamav (tarball install) or
/var/clamav (RedHat RPM install).

Good luck!

=
/dev/idal
GNU/Linux is free freedom --Me

__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users