[clamav-users] Freshclam Question
Joel Esler (jesler)
jesler at cisco.com
Tue Jun 30 17:00:44 UTC 2015
On Jun 30, 2015, at 9:13 AM, Steve Basford <steveb_clamav at sanesecurity.com<mailto:steveb_clamav at sanesecurity.com>> wrote:
On Tue, June 30, 2015 1:57 pm, Nixon, R A (AL) CIV USARMY SEC (US) wrote:
My organization has been using Freshcalm to update virus definitions for
a number of years. We are United States based and set the database mirror
accordingly. In the past month we have notice that the Database mirror
used is now connecting us to a mirror in Russia. Within the last week our
cyber team has had to block the Russia IP because it is now attempting to
probe our network. Is there any way to setup the Freshclam mirror
database to only attempt connections to US based mirrors?
if you are using (US code), eg:
db.us.clamav.net<http://db.us.clamav.net>
There as some non-US IPs contained, mainly...
128.199.133.36 - Asia - Singapore
150.214.142.197 - Europe - Spain
194.186.47.19 - Europe - Russian Federation
194.8.197.22 - Europe - Germany
78.46.84.244 - Europe - Germany
Not sure why, other than perhaps US code needs a lot of mirrors, so
some have been placed outside US.
One for the team I think to answer.
Cheers,
We’ll take a look at this and follow up.
Thanks.
--
Joel Esler
Manager, Threat Intelligence Team & Open Source
Talos Group
http://www.talosintel.com
More information about the clamav-users
mailing list