[clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Paul Kosinski clamav-users at iment.com
Tue Jul 3 09:59:41 EDT 2018

Determining what version a *mirror* has is a bit tricky. Looking at the
capture of the entire HTTP session with the new mirrors, they seem to
require some header magic to be acceptable:

  Host: db.us.clamav.net
  User-Agent: ClamAV/0.99.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)

Simply trying to point your (e.g.) browser at a mirror's IP gets you:

   Error 1003 Ray ID: 4349da2f33f4ae20 • 2018-07-03 13:55:52 UTC
   Direct IP access not allowed

On Tue, 3 Jul 2018 00:11:06 -0700
Dennis Peterson <dennispe at inetnw.com> wrote:

> Well damn - they say memory is the first thing to go...
> curl -s -r 35-39 http://db.us.clamav.net/daily.cvd |strings
> The -s (silent) inhibits stats.
> dp
> On 7/3/18 12:02 AM, Dennis Peterson wrote:
> > I had completely forgotten about freshclam grabbing the entire file
> > to determine currency. I recall knocking off a quick script to
> > avoid that which included:
> >
> > curl -q -r 35-39 http://db.us.clamav.net/daily.cvd |strings
> >
> > It returns the ID of what ever version is on the mirror. I've added
> > strings to the end as a safety valve in case someone wants to try
> > it with different arguments to the -r.
> >
> > Being retired I no longer sweat the small schtuff, but when I was
> > responsible for hundreds of servers I used every trick in the book
> > to avoid wasting time (CFengine was involved and freshclam was
> > not). Because the filename daily.xxx is overloaded (version
> > agnostic) this kind of trick was needed.
> >
> > dp

More information about the clamav-users mailing list