[clamav-users] We STILL cannot reliably get virus updates (since new mirrors)
Joel Esler (jesler)
jesler at cisco.com
Wed Jul 4 15:10:58 EDT 2018
I did block a couple people after I wrote that email. Probably about 10 in all. All the worst offenders. (The person in China attempting to download daily-1.diff every two seconds.)
But I did notice some interesting patterns. Like the same host downloading the same definitions over and over again.
Sent from my iPhone
> On Jul 4, 2018, at 13:08, G.W. Haywood <clamav at jubileegroup.co.uk> wrote:
> Hi Joel,
> FWIW I believe we've had no problems at all with mirrors since March
> 2018, when I responded to a post on 23rd March by Orion Poplawski, who
> saw a few timeouts. We also saw a very few timeouts in mid-late March.
>> On Wed, 4 Jul 2018, Joel Esler wrote:
>> ... It's the people that are downloading the *same* diff 1000x an
>> hour that are the problem.
> That sounds like probable cause. I'd drop 'em in the TARPIT.
> Could freshclam not be made to respect e.g. "304 NOT MODIFIED"?
> (That doesn't mean I wouldn't still drop abusers in the pit.:)
> clamav-users mailing list
> clamav-users at lists.clamav.net
> Help us build a comprehensive ClamAV guide:
More information about the clamav-users