[clamav-users] ClamAV mirrors have gotten worse!

Paul Kosinski clamav-users at iment.com
Sat Nov 24 00:39:04 UTC 2018

"I might be a little late to the party here, but are you saying that is the IP address which the Cloudflare servers see?"

Sorry, I left out a bit. The is the address assigned to
a NIC on our firewall / gateway / internal router machine, but that NIC
is connected to a Netgear C7100V cable modem which runs in NAT/routing
mode. The actual public IP address, as provided by Comcast via DHCP, is
currently (as it has been since well before Cloudflare).

The reason for this complicated setup is partly historical: until last
month we *also* had a DSL connection to the Internet. So the gateway did
the routing (including "Policy Routing") for that. And we have a few
other 10.x.x.x LANs internally, which we will keep. Plus, the gateway
runs iptables, HAVP (which uses libclamav), Privoxy, some OpenVPN
tunnels and occasionally captures packets to/from the Internet for

Although we *could* run the cable modem in bridge mode, that would mean
our gateway machine would be hit with lots of IPv6 packets, which we
would just have to drop. (Our internal LANs aren't set up for IPv6 and,
until some crucial Internet services won't work over IPv4, I have too
many other things to do.)

P.S. I think we've been using ClamAV since 0.86.2, back in July 2005
(how time flies), and I've generally been very happy with it.

On Fri, 23 Nov 2018 18:32:00 +0000 (GMT)
"G.W. Haywood" <clamav at jubileegroup.co.uk> wrote:

> Hi there,
> On Thu, 22 Nov 2018, Paul Kosinski wrote:
> > I wonder how many users of ClamAV actually log their freshclam
> > updates.
> I've been using ClamAV for more than a decade.  I've already said on
> the list that I log all freshclam updates and that in general my
> experience is that the mirrors are very reliable.  During the switch
> to Cloudflare I experienced no problems.  There was an issue back in
> March/April this year which I believe was the first that ran for more
> than a day for as long as I can remember.
> Like Mr. Peterson (and *un*like this mailing list's configuration :) I
> run freshclam so as to avoid pile-ups.  Typically I fetch three
> updates per day and they succeed as regularly as clockwork.
> On Wed, 21 Nov 2018, Paul Kosinski wrote:
> > ... 'LocalIPAddress' is the *outgoing* IP address ...
> > .. To sum up, the "LocalIPAddress" is ...
> I might be a little late to the party here, but are you saying that
> is the IP address which the Cloudflare servers see?  Some
> ISPs do issue RFC1918 addresses to their clients but I'd expect a NAT
> gateway somewhere between your interface and Cloudflare, so that the
> Cloudflare servers see an Internet-routable IP.  If there is such a
> gateway, maybe it's worth a look on the other side of it.  If there
> isn't, I'd expect problems because packets from/to RFC1918 addresses
> should never be allowed onto the public Internet.  Please forgive me
> for teaching granny; this *might* be news to some who are reading now.

More information about the clamav-users mailing list