[clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

SCOTT PACKARD Scott.Packard at raytheon.com
Tue Jul 3 14:11:59 EDT 2018


The current DNS TXT does not work within my company, as a firewall fully blocks things, including DNS.
(as an aside, curl works, with sufficient massaging, but wget cannot, as it does not have an option to work with a proxy).

I rely on someone in Arizona to pull definitions from, but sometimes their server goes out, other times clamav's content system breaks,
and it's a pain to figure out which one is the culprit.

Regards, Scott

> -----Original Message-----
> From: clamav-users [mailto:clamav-users-bounces at lists.clamav.net] On Behalf Of Christopher X. Candreva
> Sent: Tuesday, July 03, 2018 10:36 AM
> To: ClamAV users ML <clamav-users at lists.clamav.net>
> Subject: [External] Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)
> 
> 
> 
> For everyone (or maybe the one) asking why the DNS system exists, as the
> person who came up with the idea in the first place (or the idea of stealing
> it from the DNSbls ) I thought I would provide a link to the original
> discussion in which is was hashed out ( beaten to death) back in 2004:
> 
> https://lists.gt.net/clamav/users/11106?do=post_view_threaded
> 
> I thought the math was in this thread, but at some point the actual savings
> of being able to check for a new version with a UDP packet over a TCP/http
> HEAD command was calculated, and it was a significant amount of transfer,
> expensive at the time.
> 
> 
> I have to admit I've wondered if Cloudflare and the other CDN's meant it
> outlived it's usefullness, but it's a contribution I'm fairly proud of.
> 
> -Chris
> 
> 
> 
> On Tue, 3 Jul 2018, Joel Esler (jesler) wrote:
> 
> >
> >
> >       On Jul 2, 2018, at 1:17 PM, Reindl Harald
> >       <h.reindl at thelounge.net> wrote:
> >
> > on a typical setup freshclam is running once or twice *daily* while a
> > webserver these days can spit out the same small static txt file many
> > thousands of times per seond with zero load
> >
> >
> > That is not the results we are seeing.  There are a LARGE amount of people
> > that check for updates once or twice a day, yes.  However, we have hundreds
> > of thousands of people that check for updates hundreds of times a day.  We
> > haven't started concentrating on these people yet (our biggest offender is
> > one IP that checks 100,000+ times a day), but clearly that's excessive.  We
> > publish approx 5-6 times a day.  So, let's say you check 50 times a day....
> >  Clearly, that's enough.
> >
> > --
> > Joel Esler
> > Sr. Manager
> > Open Source, Design, Web, and Education
> > Talos Group
> > http://www.talosintelligence.com
> >
> >
> 
> ---
> ========================================================================
> Chris Candreva  --  chris at westnet.com  --  http://www.westnet.com/~chris
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


More information about the clamav-users mailing list