[clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Joel Esler (jesler) jesler at cisco.com
Wed Jul 4 15:10:58 EDT 2018


I did block a couple people after I wrote that email.  Probably about 10 in all. All the worst offenders. (The person in China attempting to download daily-1.diff every two seconds.) 

But I did notice some interesting patterns.  Like the same host downloading the same definitions over and over again.  

Sent from my iPhone

> On Jul 4, 2018, at 13:08, G.W. Haywood <clamav at jubileegroup.co.uk> wrote:
> 
> Hi Joel,
> 
> FWIW I believe we've had no problems at all with mirrors since March
> 2018, when I responded to a post on 23rd March by Orion Poplawski, who
> saw a few timeouts.  We also saw a very few timeouts in mid-late March.
> 
>> On Wed, 4 Jul 2018, Joel Esler wrote:
>> 
>> ... It's the people that are downloading the *same* diff 1000x an
>> hour that are the problem.
> 
> That sounds like probable cause.  I'd drop 'em in the TARPIT.
> 
> Could freshclam not be made to respect e.g. "304 NOT MODIFIED"?
> (That doesn't mean I wouldn't still drop abusers in the pit.:)
> 
> -- 
> 
> 73,
> Ged.
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml



More information about the clamav-users mailing list