[clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Joel Esler (jesler) jesler at cisco.com
Tue Jul 3 10:42:12 EDT 2018



On Jul 3, 2018, at 10:37 AM, Benoit Panizzon <benoit.panizzon at imp.ch<mailto:benoit.panizzon at imp.ch>> wrote:

Sorry I was not following that discussion...

 Host: db.us.clamav.net<http://db.us.clamav.net/>
 User-Agent: ClamAV/0.99.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)

  Error 1003 Ray ID: 4349da2f33f4ae20 • 2018-07-03 13:55:52 UTC
  Direct IP access not allowed

But this cought my attention...

db.us.clamav.net<http://db.us.clamav.net/> is an alias for db.us.clamav.net.cdn.cloudflare.net.

Cloudflare uses some kind of DDOS protection to detect if the visitor
might be a 'malicious bot' or a 'human' with a 'propper' webbrowser.

I fear, FreshClam does not pass the 'human' test.

I would suggest to the ClamAV team to move away from Cloudflare. Such
issues are bound to occur with CloudFlare.

That feature is turned off for the mirror network.  So, no, those issues will not occur.  In fact, it was on, and yes, it was causing problems, which is why it's now off.

However, the ~60TB of traffic we are passing on a 24 hour basis tells me that freshclam is working fine. You can't hit the cloudflare IPs directly, which is what that error says.

--
Joel Esler
Sr. Manager
Open Source, Design, Web, and Education
Talos Group
http://www.talosintelligence.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20180703/f5dec713/attachment.html>


More information about the clamav-users mailing list