[clamav-users] Feature request: show checksums of virus databases on the clamav.net website

Reindl Harald h.reindl at thelounge.net
Fri Sep 30 05:09:59 EDT 2016



Am 30.09.2016 um 04:51 schrieb Alexey Salmin:
> Thanks for your replies.
>
> My particular use case is a network that is physically disconnected
> from the internet. Storage devices are allowed though, so I bring a
> fresh virus database from time to time. It's used to run nightly scans
> on shared network filesystems where malware occasionally show up. I
> guess it comes from storage devices too and that was mostly fixed by
> installing USB Disk Security on Windows machines. However it only
> helps from autoruns, not from infected binaries, so scheduled scans
> are still needed (and I think that's a good practice anyway).
>
> Long story short: what is the recommended way to handle this scenario?
> I'm thinking of setting up a local mirror on the internet-capable
> machine and then take CVDs from there (with checksums or whatsoever)

use freshclam on whatever machine and take /var/lib/clamav/ to the 
destination machine - smart setups with more than one machine are doing 
that by rsync that folder to the other machines while freshclam runs on 
a admin-server instead produce multiple traffic for clamav 
infrastructure (the same for locations like /usr/shareGeoIP)

> On Fri, Sep 30, 2016 at 6:40 AM, Reindl Harald <h.reindl at thelounge.net> wrote:
>>
>> Am 30.09.2016 um 01:20 schrieb SCOTT PACKARD:
>>>
>>> Some of us clamav users are behind rather substantial proxies and can't
>>> pull them easily.
>>> It's nice to have a place to download them.  Just FYI.
>>
>>
>> sorry, but in that case these problems needs to be solved with the fools of
>> admins (or that admins replaced) responsible for only one part of the
>> infrastructure, blocking anything for security reasons and then at the same
>> time blocking update sof security software which is just pervert
>>
>>> -----Original Message-----
>>> From: clamav-users [mailto:clamav-users-bounces at lists.clamav.net] On
>>> Behalf Of Joel Esler (jesler)
>>> Sent: Thursday, September 29, 2016 3:23 PM
>>> To: ClamAV users ML <clamav-users at lists.clamav.net>
>>> Subject: Re: [clamav-users] Feature request: show checksums of virus
>>> databases on the clamav.net website
>>>
>>> We really don’t want people downloading the cvd’s through the browser
>>> directly on the website.  We really want to encourage people to use
>>> Freshclam to do this.
>>>
>>> --
>>> Joel Esler
>>> Manager
>>> Talos Group
>>> http://www.talosintelligence.com
>>>
>>> On Sep 29, 2016, at 12:21 PM, Alexey Salmin
>>> <alexey.salmin at gmail.com<mailto:alexey.salmin at gmail.com>> wrote:
>>>
>>> Sorry if this had been proposed before, nothing showed up in my search.
>>>
>>> I suggest to display checksums (MD5, SHA or both) on the website next
>>> to CVD download links on the
>>> www.clamav.net/downloads<http://www.clamav.net/downloads> page. This will
>>> provide a user with:
>>> 1) A simple way to check if files were updated since the last
>>> download. It takes time to fetch the main.cvd. I realize that this
>>> should be possible with a custom HTTP query but it's not convenient in
>>> case you're simply using a browser to get the file.
>>> 2) A quick and a standard way to validate the integrity of the file,
>>> without going into CVD internals and digital signatures
>>
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

-- 

Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / CISO / Software-Development
m: +43 676 40 221 40
p: +43 1 595 3999 33
http://www.thelounge.net/



More information about the clamav-users mailing list