[clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Paul Kosinski clamav-users at iment.com
Thu Jul 5 14:06:19 EDT 2018


Mirrors should support a well-defined protocol. Using an ill-defined
protocol which only works with a particular tool is not, in my mind,
consistent with the spirit of Open Source.

I've been perfectly happy (until the recent sync failures, at least)
using freshclam, which is Open Source like the rest of ClamAV. But
some people apparently can't use it because of their network structure.
They would be stuck if only it were allowed. With a well-defined
protocol, then such people would likely be able to develop a
workaround. 

Finally I think that a defining (and if necessary enforcing) a clear
*protocol* would fully protect the mirrors against overload or abuse.


On Wed, 4 Jul 2018 19:12:48 +0000
"Joel Esler (jesler)" <jesler at cisco.com> wrote:

> Okay.  Here’s a good conversation. Why?   
> 
> If the tool is provided for updates, and the mirror network is setup
> to function to that tool....
> 
> Why should the mirrors function for all tools?
> 
> Or, should the tools have to conform to the mirror network?  (I
> believe this)
> 
> Sent from my iPhone
> 
> > On Jul 4, 2018, at 14:46, Dennis Peterson <dennispe at inetnw.com>
> > wrote:
> > 
> > It would be a mistake to think everyone is using freshclam to dl
> > signatures. The system needs to accommodate that.
> > 
> > dp
> > 
> >> On 7/4/18 10:08 AM, G.W. Haywood wrote:
> >> Hi Joel,
> >> 
> >> FWIW I believe we've had no problems at all with mirrors since
> >> March 2018, when I responded to a post on 23rd March by Orion
> >> Poplawski, who saw a few timeouts.  We also saw a very few
> >> timeouts in mid-late March.
> >> 
> >>> On Wed, 4 Jul 2018, Joel Esler wrote:
> >>> 
> >>> ... It's the people that are downloading the *same* diff 1000x an
> >>> hour that are the problem.
> >> 
> >> That sounds like probable cause.  I'd drop 'em in the TARPIT.
> >> 
> >> Could freshclam not be made to respect e.g. "304 NOT MODIFIED"?
> >> (That doesn't mean I wouldn't still drop abusers in the pit.:)




More information about the clamav-users mailing list