[clamav-users] mirror redirect to emeksensin.com
altineller at gmail.com
Tue Sep 6 16:38:25 EDT 2016
I am the administrator of emeksensin.com, a turkish arts and crafts web
For some reason, we are getting requests from clamav users / or clients.
I emailed the clamav developers group, years ago, like two years ago,
telling them about the problem. I got no reply. I recently noticed an
anomally with our internal log analysis software and I noticed that the
problem still persist. I had thought this was some temporary forgot by
someone at clamav but it seems that either this is not the case, or maybe
someone coded a hardware with clamav perhaps?
This issue has been brought up before at:
The weblogs look like this:
emeksensin.com:80 18.104.22.168 - - [31/Jul/2016:06:37:35 +0300] "GET
/daily-22000.cdiff HTTP/1.0" 301 - "-" "clamav/0.94.1 (OS: linux-gnu, ARCH:
x86_64, CPU: x86_64)" "-"
emeksensin.com:80 22.214.171.124 - - [31/Jul/2016:06:37:36 +0300] "GET
/daily.cvd HTTP/1.0" 301 - "-" "clamav/0.94.1 (OS: linux-gnu, ARCH: x86_64,
CPU: x86_64)" "-"
emeksensin.com:80 126.96.36.199 - - [31/Jul/2016:06:37:37 +0300] "GET
/daily-22000.cdiff HTTP/1.0" 301 - "-"
"ClamAV/devel-clamav-0.97-567-gb047bc0 (OS: win32, ARCH: i386, CPU: i386)"
emeksensin.com:80 188.8.131.52 - - [31/Jul/2016:06:37:38 +0300] "GET
/daily-22000.cdiff HTTP/1.0" 301 - "-" "ClamAV/devel-clamav-0.96 (OS:
win32, ARCH: i386, CPU: i386)" "-"
A normal request to the same resource looks like this: (our site returns
emeksensin.com:80 xxx.xxx.xxx.xxx - - [06/Sep/2016:23:22:37 +0300] "GET
/main.cvd HTTP/1.1" 404 836 "-" "Mozilla/5.0 (X11; Linux x86_64)
AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/51.0.2704.79
Chrome/51.0.2704.79 Safari/537.36" "
What can we do about this? If there are some people to work out on the
problem, I could assist by providing tcpdumps of the packets in question,
or I could program a special servlet returning an empty file or some
special response or redirect.
More information about the clamav-users