[clamav-users] Where can I download daily.cvd, bytecode.cvd and main.cvd from?

Nick Howitt nick at howitts.co.uk
Mon Jan 17 14:51:18 UTC 2022 


On 17/01/2022 14:33, Andrew C Aitchison wrote:
> On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:
> 
>> Hi,
>> I am trying to package ClamAV 0.103.5 for ClearOS. Normally they 
>> package the
>> latest three signature files listed above with their distributable rpm in
>> the same way that EPEL do so they have a working package on installation
>> rather than requiring freshclam to run first. Unfortunately it looks like
>> the links to the three files have been removed from
>> https://www.clamav.net/downloads and I would like to get the latest
>> signatures so I can update the package. How can I get hold of the files?
>>
>> Looking at the EPEL Sources, they download from:
>> https://database.clamav.net/main.cvd
>> https://database.clamav.net/daily.cvd
>> https://database.clamav.net/bytecode.cvd
>>
>> But I am being blocked by cloudflare:
>>
>>                                  Error 1015
>>
>> Ray ID: 6cefeaa67bc1549a • 2022-01-17 13:26:40 UTC
>>
>> YOU ARE BEING RATE LIMITED
>>
>> WHAT HAPPENED?
>>
>> The owner of this website (database.clamav.net) has banned you 
>> temporarily
>> from accessing this website.
>>
>>
>> How can I proceed as I would like to get an updated package built for
>> ClearOS
> 
> There has been a lot of abuse of the downloads (some sites were downloading
> multiple - thousands IIRC - copies per second and using up vast volumes of
> bandwidth).
> Freshclam and cvdupdate (
> https://github.com/Cisco-Talos/cvdupdate
> another tool from ClamAV) are tuned to minimize load on the servers
> and IIRC have special access to the downloads.
> 
> Could you use cvdupdate in the package script (clamav.spec or similar) ?
> Even this backs off if it is used too frequently, so watch out for that 
> when testing.
> 
> You might need to use the uncompressed .cld versions (daily.cld at least)
> as these are what are actually updated by the incremental updates.
> 
> Maarten suggests not including the database in the package, but
> downloading it with freshclam or cvdupdate afer installing
> (eg in a post-install script).
> daily.cld is currently over 170MB and changes daily,
> so this might be better still.
> 
> I see that you are thinking of this as a rescue tool.
> Do you have a sense of how likely clamav (especially a not up to date 
> version) is to actually detect a nasty ? My experience and that of
> some others on this list is that it is so far short of 50% that
> I would not take a pass from ClamAV as reliable.
> 
Not quite. I have taken over the packaging of this and the justification 
of packaging the sigs is partly that the tool will work and scan out of 
the box, partly for the offline consideration and partly because there 
will be a delay after installation where ClamAV is installed but not in 
a running condition. IIRC it won't even start without a database. This 
means that a yum install will need to pause and run freshclam before it 
can attempt to start clamd. This has knock-on issues and, apparently, it 
is always best for yum todownload what it needs with yum and not some 
third party tool.

More information about the clamav-users mailing list