[clamav-users] Clamav with VPN

[G.W. Haywood]

Hi there,

On Tue, 5 May 2020, 21ch181 via clamav-users wrote:

> I use ExpressVPN and each time i want to update the database i see a
> message in the logs files (syslog and freshclam) ...
> To try to solve this issue, i have added this line in my /etc/hosts file :
>
>  * 104.16.218.84 database.clamav.net

Don't do things like that.  Sooner or later it will break, and you'll
find yourself back here again asking why.

> Please note that the update work well if i switch off my VPN.

It's clear from your log messages that your problem is caused by name
resolution issues.  It isn't clear exactly what they are, but it's
obviously associated with the DNS service provided when the VPN is
running.  Since the ExpressVPN sales pitch makes a thing of encrypting
your DNS traffic as well as other traffic this isn't a great surprise.
You could try to debug the name resolution using tools like 'dig', but
it's not necessarily straightforward and in any case I'm not persuaded
that there's a case for sending ClamAV database traffic over a VPN.
All the information (including, now that you've posted to this list,
the fact that you are using it) is in the public domain.

> Is someone could give me some solutions to solve this issue please ?

Send ClamAV traffic over normal routes.  It's possible that Cloudflare
is blocking ExpressVPN traffic, but I don't know what you'd be able to
do about that.  Joel (on this list) might have insights to offer.

I'd never use a VPN service provided by someone else.  You can't trust
them.  It's very easy to set up your own, then you know what's going
on, and you aren't providing raw material from which someone probably
intends to make a profit.

I'll leave aside the legality or otherwise of using strong encryption
in your country, but if you can tell us why you think you need ClamAV
on your Linux box that might be useful.

-- 

73,
Ged.