[clamav-users] 回覆: Not able to use curl to download the cvd files successfully

Tue Mar 9 02:27:05 UTC 2021

My server is behind a proxy, is it blocked somehow since I use curl for download cvd files before?

[cid:7e17dc76-3b4f-427f-a427-d34dede60d9f]
________________________________
寄件者: clamav-users <clamav-users-bounces at lists.clamav.net> 代表 Joel Esler (jesler) via clamav-users <clamav-users at lists.clamav.net>
寄件日期: 2021年3月9日 2:18
收件者: Todd Aiken <todd.aiken at ubishops.ca>
副本: Joel Esler (jesler) <jesler at cisco.com>; ClamAV users ML <clamav-users at lists.clamav.net>; G.W. Haywood <clamav at jubileegroup.co.uk>
主旨: Re: [clamav-users] Not able to use curl to download the cvd files successfully

On Mar 8, 2021, at 11:30 AM, Todd Aiken <todd.aiken at ubishops.ca<mailto:todd.aiken at ubishops.ca>> wrote:

> From: clamav-users <clamav-users-bounces at lists.clamav.net<mailto:clamav-users-bounces at lists.clamav.net>> on behalf of "Joel Esler (jesler) via clamav-users" <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>>
> Reply-To: ClamAV users ML <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>>
> Date: Monday, March 8, 2021 at 9:47 AM
> To: ClamAV users ML <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>>
> Cc: "Joel Esler (jesler)" <jesler at cisco.com<mailto:jesler at cisco.com>>
> Subject: [EXTERNAL] Re: [clamav-users] Not able to use curl to download the cvd files successfully

> No!  Don’t “bypass” it.
>
> And “protecting” does not need to be in quotes, it’s quite literally what we are doing.  And people doing the above are the problem.
>
> As I said in countless other emails, either use Freshclam or https://github.com/micahsnyder/cvdupdate.  The more people that do the above will force us to take drastic
> measures

Here's the reason I bypassed it.

I had a very old machine that I needed to do a scan on.  I had to boot the machine with a recovery CD which was a very basic version of Linux.  I compiled a statically linked version of ClamAV on another machine and transferred it to the problem machine, but needed to transfer two additional libraries (libpcre2 and libltdl I believe) before clamscan would run.  Trying to get freshclam was a pain because it required all sorts of extra libraries, so rather than fetch them one at a time and transfer them, I decided to download main.cvd, daily.cvd, and bytecode.cvd myself.  No Python on the machine, so I couldn't use the cvdupdate script.  So I figured out that changing the User Agent string would allow me to use wget to download the files, and that's what I did.

If you want to protect your site, I completely understand, but do so by limiting or rate limiting the amount of transfers that happen from IP addresses to the database sites.  There is nothing stopping people from abusing downloading full copies of these files using a real browser with some sort of automated download plugin, especially when you provide links to these files on your download page.  Blocking valid transfer applications like wget from downloading legitimately just because they don't send a browser as a user agent is a dumb way of protection.

As well, if you don't want people using stuff like wget or curl to download these files, why do you specifically tell them to do so in your own Troubleshooting FAQ?  A quote from the page https://www.clamav.net/documents/troubleshooting-faq: "Try to download daily.cvd with curl, wget, or lynx from the same machine that is running freshclam."

I am not being stupid as G.W. Haywood claimed, I was just trying to solve a problem that I had, and that other legitimate, responsible people might have in the future.

Yup.  We’re in emergency mode, and we’ll be fixing a lot of the documentation point to better solutions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210309/7aa12395/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 165571 bytes
Desc: image.png
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210309/7aa12395/attachment.png>