[clamav-users] Private Mirror Via Artifactory

Joel Esler (jesler) jesler at cisco.com
Thu Mar 11 23:19:32 UTC 2021 

Hello,

Thank you for your email.  As a result of events documented in places here:
https://lists.clamav.net/pipermail/clamav-users/2021-March/010577.html
and
https://lists.clamav.net/pipermail/clamav-users/2021-March/010543.html

We’ve been forced to take emergency measures to protect the ClamAV environment.

Please Immediately switch to using Freshclam or https://github.com/micahsnyder/cvdupdate to update your AV definitions.

Sorry for the inconvenience, but we are currently in emergency mode and have to make several drastic changes over the last several days.

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org



Sent from my  iPhone

On Mar 11, 2021, at 07:11, Adam Copley via clamav-users <clamav-users at lists.clamav.net> wrote:

 Hi

I have an airgapped setup which only has one route out to the internet for select destinations…

The freshclam clients connect to an nginx vhost and ultimately forwards the requests to an artifactory instance which has a remote repository setup to use database.clamav.net<http://database.clamav.net> as its source in order to be able to pull the cvd updates.

This was working before Christmas, and has probably gone un-noticed as artifactory has caching enabled

However when removing the cvd files from the cache, and freshclam attempts to update the db it returns a 404 from the cache. Artifactory would normally at this point fetch files from the remote. However this isn’t happening anymore.

I see in the docs that scripting for things like curl return 403, amongst other error codes. I believe artifactory rather than acting as a proxy Is actually making a request itself so possibly behaving similarly as though I were to do a curl. As such our setup is broken.

Has anyone had any experience with a similar setup, primarily artifactory —> database.clamav.net<http://database.clamav.net> if anyone can share thoughts it would be greatly appreciated.

Kind Regards

Adam Copley
E: adam.copley at arola.co.uk<mailto:adam.copley at arola.co.uk> | M: 07500937181
W: http://www.arola.co.uk | Jabber: xmpp:adam.copley at arola.co.uk

Online Meeting
https://meet.arola.co.uk/AdamCopley


_______________________________________________

clamav-users mailing list
clamav-users at lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210311/f1fda1cc/attachment.htm>

More information about the clamav-users mailing list