[clamav-users] Freshclam 0.102.1 ignores "--disable-ipv6"
Paul Kosinski
clamav-users at iment.com
Tue Jan 7 05:50:33 UTC 2020
I looked back in the list a bit, and found some mentions of freshclam
and IPv6, but not this issue specifically.
The fact that freshclam ignores the "--disable-ipv6" option probably
won't be a problem in practice -- as long as the IPv4 connections to
ClamAV.net work -- but it is annoying, and clearly a (minor) bug.
There are some other services, like NTP, X, VNC and RSYNCD, that insist
on binding to IPv6, even though *none* of our interfaces have it, but
they only *listen*, and thus yield no error msgs.
On Mon, 6 Jan 2020 20:48:20 -0800
Al Varnell via clamav-users <clamav-users at lists.clamav.net> wrote:
> I’m fairly certain this was previously discussed. Might want to check
> the archives.
>
> I have not run across any site yet that is IPv6 only, but I suspect
> users in Asia have.
>
> Sent from my iPad
>
> -Al-
>
> > On Jan 6, 2020, at 18:12, Paul Kosinski via clamav-users
> > <clamav-users at lists.clamav.net> wrote:
> >
> > Even though I built the latest ClamAV (0.102.1) with the
> > 'configure' option "--disable-ipv6", freshclam tried using IPv6
> > addresses when it failed to connect via IPv4 due to a firewall rule
> > (which I now changed to allow port 443 as well as port 80).
> >
> > This rule was part of hardening our mail server a bit by blocking
> > most outbound connections, so I had added explicit pass-thru for the
> > clamav.net IPv4 addresses -- previously only port 80, now also 443.
> > (And I had to allow these outbound connections because my previous
> > attempts at local mirroring collapsed with the switch to Cloudflare:
> > the CVD files on the BOS Cloudflare mirror seemed to be out of date
> > a lot, as discussed in my previous postings).
> >
> >
> > P.S. As far as I can tell, disallowing IPv6 everywhere within, in to
> > and out of our small LAN, does not block anything of importance.
> > Does anyone know of anything on the Internet that is IPv6 *only*,
> > and is important enough to justify spending weeks of work
> > rebuilding our firewall (not to mention reconfiguring everything
> > else)?
More information about the clamav-users
mailing list