[clamav-users] No good deed goes unpunished, or, why CVD files don't work

Paul Kosinski clamav-users at iment.com
Wed Dec 19 18:03:08 EST 2018

Yeah, I know that the CDIFFs will/may be cached, but it shouldn't
matter. The file daily-25221.cdiff has the same contents no matter when
you download it via freshclam or whatever (assuming its contents hasn't
been munged by "HTTP-Transform"). But daily.cvd changes over time, as
it should. Thus caching is harmless for CDIFFs -- it only makes future
downloads faster. But caching van worsen the contents of CVDs: you
might expect version 25221 (as per the DNS TXT value), but get version
25220. This happened to us a lot (from the BOS server).

P.S. I did try at the proxy detection thing a bit, and it showed (I
think) that Comcast was doing it. But I gave up when I realized the
problem was more or less inherent for CVDs, but not for CDIFFs.

On Wed, 19 Dec 2018 15:08:06 -0600
"J.R." <themadbeaker at gmail.com> wrote:

> Joel - In regards to the comment on pointing everyone to Cloudflare...
> I'm guessing that statement means you are using a mix of the
> Cloudflare CDN and the original volunteer mirrors still?
> Also, is there a way to force a selection of a particular mirror
> (either by CF datacenter or previous mirror), or are all the database
> hostnames resolve strictly by GeoIP??
> Paul - If something was caching your daily.cvd file before, there is
> no reason think it's doing otherwise for each of the .cdiff files. So
> even though each client may be downloading the cdiff on its own, only
> the first hit is actually downloading from cloudflare.
> Don't know if I mentioned this before, there are websites that claim
> to do transparent proxy testing, don't know if they would show
> anything but worth trying just to see.

More information about the clamav-users mailing list