[clamav-users] ClamAV(R) blog: Are you still attempting to download safebrowsing.cvd?

Joel Esler (jesler) jesler at cisco.com
Thu Apr 22 17:10:56 UTC 2021 

Effect:

Traffic surrounding safebrowsing has effectively ground to almost zero.  FANTASTIC!

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
https://www.talosintelligence.com | https://www.snort.org | https://www.clamav.net

On Apr 22, 2021, at 12:04 PM, Andrew Williams <awillia2 at sourcefire.com<mailto:awillia2 at sourcefire.com>> wrote:

To give a quick update on this, a new version of safebrowsing.cvd was published yesterday that removes all but a minimal number of signatures needed for it to be loaded correctly by ClamAV.  The block on safebrowsing.cvd download attempts was also lifted, and a corresponding zero-byte CDIFF published, which means that existing installations running FreshClam with the SafeBrowsing option set should expect a quick update that replaces the prior, 40 MB safebrowsing.cvd (if present) with the 1 KB latest one.

-Andrew

On Thu, Apr 8, 2021 at 6:33 PM Micah Snyder (micasnyd) via clamav-users <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>> wrote:
So it's actually kinda funny you should ask that.  In 0.103.2 we deprecated the SafeBrowsing option in freshclam.conf which means it will no longer add safebrowsing to the list of desired databases.

FreshClam has two options "ExcludeDatabase" and "ExtraDatabase" for adding/removing official CVD's to the list of databases to update. In version 0.102+, FreshClam detects if you have a CVD database in your database directory that isn't in the list (eg. because you excluded it, or no longer include an "extra" database) and will remove it.

I didn't realize that deprecating the SafeBrowsing option would cause FreshClam to remove the old safebrowsing.cld file until I read your question and the thought struck me.  I just tested it now.  I found that in 0.103.2 if you used to have safebrowsing.cld (or safebrowsing.cvd), FreshClam will automatically remove it for you.

-Micah

> -----Original Message-----
> From: clamav-users <clamav-users-bounces at lists.clamav.net<mailto:clamav-users-bounces at lists.clamav.net>> On Behalf Of
> Matus UHLAR - fantomas
> Sent: Thursday, April 8, 2021 5:40 AM
> To: clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
> Subject: Re: [clamav-users] ClamAV® blog: Are you still attempting to
> download safebrowsing.cvd?
>
> >Dne středa 7.  dubna 2021 19:41:34 CEST, Joel Esler (jesler) via
> >clamav-users napsal(a):
> >> > Are you still attempting to download safebrowsing.cvd?
> >> >
> >> >  It has come to our attention that a few of you (about 515,000 of
> >> > you, to  be more accurate), are still attempting to download the
> >> > safebrowsing.cvd  file from the official ClamAV mirrors.  This
> >> > tells us that these  attempted downloads are an installation of
> >> > FreshClam (a non-updated  FreshClam.conf or other script) that have
> >> > not been updated to remove the  safebrowsing database.>
>
> On 07.04.21 21:04, Vladislav Kurz via clamav-users wrote:
> >These could be Debian users. The debian package offers to enable
> >safebrowsing.cvd, and there is no indication that it is discontinued.
> >Perhaps, if you talk to Debian Clamav maintainers, they could release
> >an update that disables this option without asking ?
>
> it's disabled by default, but yes, that disabling it unconditionally would be
> good
>
> The question is, if the old safebrowsing.cld has to be removed if it exists.
>
> >Anyway I was one of those, and now disabling it everywhere...
>
> +1
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk<mailto:uhlar at fantomas.sk> ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> 2B|!2B, that's a question!
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210422/03acee25/attachment.htm>

More information about the clamav-users mailing list