Hi All,

 

Currently have a RHEL server in a DMZ segment, where direct internet access is not permitted. I have installed clamd on the host to be able to perform on access scanning of documents uploaded through web based forms.  The problem is, what can I do to update the definitions so that the latest threat data is being used in said scans?

 

I doubt that tcp/53 will be permitted out of the firewall to do the latest DNS checks and not sure if I can gain access to be able to whitelist the .au mirrors of:

 

$ host db.au.clamav.net

db.au.clamav.net is an alias for db.au.clamav.net.cdn.cloudflare.net.

db.au.clamav.net.cdn.cloudflare.net has address 104.16.186.138

db.au.clamav.net.cdn.cloudflare.net has address 104.16.187.138

db.au.clamav.net.cdn.cloudflare.net has address 104.16.188.138

db.au.clamav.net.cdn.cloudflare.net has address 104.16.189.138

db.au.clamav.net.cdn.cloudflare.net has address 104.16.185.138

 

Is there a way that I can copy the files from another server internal to the network out to the server in the DMZ? Without running freshclam to update? And just reload clamd?

 

I did investigate the PrivateMirror and DatabaseMirror options, but as this is the same protocol going out as coming in with the requests, I doubt security will permit HTTP traffic to an internal host as it does not pass the protocol separation requirements.

 

Any ideas of options?

 

Cheers and thanks