[clamav-users] We STILL cannot reliably get virus updates (since new mirrors)
Joel Esler (jesler)
jesler at cisco.com
Wed Jul 4 19:10:58 UTC 2018
I did block a couple people after I wrote that email. Probably about 10 in all. All the worst offenders. (The person in China attempting to download daily-1.diff every two seconds.)
But I did notice some interesting patterns. Like the same host downloading the same definitions over and over again.
Sent from my iPhone
> On Jul 4, 2018, at 13:08, G.W. Haywood <clamav at jubileegroup.co.uk> wrote:
>
> Hi Joel,
>
> FWIW I believe we've had no problems at all with mirrors since March
> 2018, when I responded to a post on 23rd March by Orion Poplawski, who
> saw a few timeouts. We also saw a very few timeouts in mid-late March.
>
>> On Wed, 4 Jul 2018, Joel Esler wrote:
>>
>> ... It's the people that are downloading the *same* diff 1000x an
>> hour that are the problem.
>
> That sounds like probable cause. I'd drop 'em in the TARPIT.
>
> Could freshclam not be made to respect e.g. "304 NOT MODIFIED"?
> (That doesn't mean I wouldn't still drop abusers in the pit.:)
>
> --
>
> 73,
> Ged.
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list