[clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Paul Kosinski clamav-users at iment.com
Tue Jul 3 12:36:16 EDT 2018


You are right!  Maybe it only rejects browser-ish headers.


On Tue, 3 Jul 2018 08:12:47 -0700
Dennis Peterson <dennispe at inetnw.com> wrote:

> If you run that curl command I provided it will return only the
> signature serial number.
> 
> dp
> 
> On 7/3/18 6:59 AM, Paul Kosinski wrote:
> > Determining what version a *mirror* has is a bit tricky. Looking at
> > the capture of the entire HTTP session with the new mirrors, they
> > seem to require some header magic to be acceptable:
> >
> >    Host: db.us.clamav.net
> >    User-Agent: ClamAV/0.99.4 (OS: linux-gnu, ARCH: x86_64, CPU:
> > x86_64)
> >
> > Simply trying to point your (e.g.) browser at a mirror's IP gets
> > you:
> >
> >     Error 1003 Ray ID: 4349da2f33f4ae20 • 2018-07-03 13:55:52 UTC
> >     Direct IP access not allowed
> >
> >
> > On Tue, 3 Jul 2018 00:11:06 -0700
> > Dennis Peterson <dennispe at inetnw.com> wrote:
> >
> >> Well damn - they say memory is the first thing to go...
> >>
> >> curl -s -r 35-39 http://db.us.clamav.net/daily.cvd |strings
> >>
> >> The -s (silent) inhibits stats.
> >>
> >> dp
> >>
> >> On 7/3/18 12:02 AM, Dennis Peterson wrote:
> >>> I had completely forgotten about freshclam grabbing the entire
> >>> file to determine currency. I recall knocking off a quick script
> >>> to avoid that which included:
> >>>
> >>> curl -q -r 35-39 http://db.us.clamav.net/daily.cvd |strings
> >>>
> >>> It returns the ID of what ever version is on the mirror. I've
> >>> added strings to the end as a safety valve in case someone wants
> >>> to try it with different arguments to the -r.
> >>>
> >>> Being retired I no longer sweat the small schtuff, but when I was
> >>> responsible for hundreds of servers I used every trick in the book
> >>> to avoid wasting time (CFengine was involved and freshclam was
> >>> not). Because the filename daily.xxx is overloaded (version
> >>> agnostic) this kind of trick was needed.
> >>>
> >>> dp

> 
> 



More information about the clamav-users mailing list