Mailing List Archive

On Apr 7, 2021, at 3:04 PM, Vladislav Kurz via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:

Dne st?eda 7. dubna 2021 19:41:34 CEST, Joel Esler (jesler) via clamav-users
napsal(a):
https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.html
<https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.htm
l>

Are you still attempting to download safebrowsing.cvd?

It has come to our attention that a few of you (about 515,000 of you, to
be more accurate), are still attempting to download the safebrowsing.cvd
file from the official ClamAV mirrors. This tells us that these
attempted downloads are an installation of FreshClam (a non-updated
FreshClam.conf or other script) that have not been updated to remove the
safebrowsing database.>

Hello,

These could be Debian users. The debian package offers to enable
safebrowsing.cvd, and there is no indication that it is discontinued. Perhaps,
if you talk to Debian Clamav maintainers, they could release an update that
disables this option without asking ?

Anyway I was one of those, and now disabling it everywhere…

Thank you, we will do.

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
https://www.talosintelligence.com | https://www.snort.org | https://www.clamav.net

>Dne st?eda 7. dubna 2021 19:41:34 CEST, Joel Esler (jesler) via
>clamav-users napsal(a):
>> > Are you still attempting to download safebrowsing.cvd?
>> >
>> > It has come to our attention that a few of you (about 515,000 of you, to
>> > be more accurate), are still attempting to download the safebrowsing.cvd
>> > file from the official ClamAV mirrors. This tells us that these
>> > attempted downloads are an installation of FreshClam (a non-updated
>> > FreshClam.conf or other script) that have not been updated to remove the
>> > safebrowsing database.>

On 07.04.21 21:04, Vladislav Kurz via clamav-users wrote:
>These could be Debian users. The debian package offers to enable
>safebrowsing.cvd, and there is no indication that it is discontinued. Perhaps,
>if you talk to Debian Clamav maintainers, they could release an update that
>disables this option without asking ?

it's disabled by default, but yes, that disabling it unconditionally would
be good

The question is, if the old safebrowsing.cld has to be removed if it exists.

>Anyway I was one of those, and now disabling it everywhere...

+1
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, that's a question!

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Dne st?eda 7. dubna 2021 19:41:34 CEST, Joel Esler (jesler) via clamav-users
napsal(a):
> > https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.html
> > <https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.htm
> > l>
> >
> > Are you still attempting to download safebrowsing.cvd?
> >
> > and continue to download the safebrowsing.cvd account for nearly 10TB of
> > traffic a month, just for that file.
> >
> > As a result, we have put in a block to make any attempts to download the
> > safebrowsing.cvd result in a 403 error.

How about just making the file empty?
Also I wonder if freshclam does not check if the file has been modified, and
skip the download if not?

--
Best regards
Vladislav Kurz




_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

* Vladislav Kurz via clamav-users <clamav-users@lists.clamav.net>:

> How about just making the file empty?

I think this causes an error in clamav/clamd

Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk

Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin

Tel. +49 30 450 570 155
ralf.hildebrandt@charite.de
https://www.charite.de

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On Apr 8, 2021, at 10:06 AM, Vladislav Kurz via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:

Dne st?eda 7. dubna 2021 19:41:34 CEST, Joel Esler (jesler) via clamav-users
napsal(a):
https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.html
<https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.htm
l>

Are you still attempting to download safebrowsing.cvd?

and continue to download the safebrowsing.cvd account for nearly 10TB of
traffic a month, just for that file.

As a result, we have put in a block to make any attempts to download the
safebrowsing.cvd result in a 403 error.

How about just making the file empty?
Also I wonder if freshclam does not check if the file has been modified, and
skip the download if not?

We’re actually working on this as we speak

Dne ?tvrtek 8. dubna 2021 16:17:24 CEST, Ralf Hildebrandt via clamav-users
napsal(a):
> * Vladislav Kurz via clamav-users <clamav-users@lists.clamav.net>:
> > How about just making the file empty?
>
> I think this causes an error in clamav/clamd

Then just make is as small as possible - e.g. leave only one signature in the
file, or something like that.

--
Best regards
Vladislav Kurz




_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On Apr 8, 2021, at 10:48 AM, Vladislav Kurz via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:

Dne ?tvrtek 8. dubna 2021 16:17:24 CEST, Ralf Hildebrandt via clamav-users
napsal(a):
* Vladislav Kurz via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>>:
How about just making the file empty?

I think this causes an error in clamav/clamd

Then just make is as small as possible - e.g. leave only one signature in the
file, or something like that.

Yup, we’ve got it. :)

Thanks

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
https://www.talosintelligence.com | https://www.snort.org | https://www.clamav.net

So it's actually kinda funny you should ask that. In 0.103.2 we deprecated the SafeBrowsing option in freshclam.conf which means it will no longer add safebrowsing to the list of desired databases.

FreshClam has two options "ExcludeDatabase" and "ExtraDatabase" for adding/removing official CVD's to the list of databases to update. In version 0.102+, FreshClam detects if you have a CVD database in your database directory that isn't in the list (eg. because you excluded it, or no longer include an "extra" database) and will remove it.

I didn't realize that deprecating the SafeBrowsing option would cause FreshClam to remove the old safebrowsing.cld file until I read your question and the thought struck me. I just tested it now. I found that in 0.103.2 if you used to have safebrowsing.cld (or safebrowsing.cvd), FreshClam will automatically remove it for you.

-Micah

> -----Original Message-----
> From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of
> Matus UHLAR - fantomas
> Sent: Thursday, April 8, 2021 5:40 AM
> To: clamav-users@lists.clamav.net
> Subject: Re: [clamav-users] ClamAV? blog: Are you still attempting to
> download safebrowsing.cvd?
>
> >Dne st?eda 7. dubna 2021 19:41:34 CEST, Joel Esler (jesler) via
> >clamav-users napsal(a):
> >> > Are you still attempting to download safebrowsing.cvd?
> >> >
> >> > It has come to our attention that a few of you (about 515,000 of
> >> > you, to be more accurate), are still attempting to download the
> >> > safebrowsing.cvd file from the official ClamAV mirrors. This
> >> > tells us that these attempted downloads are an installation of
> >> > FreshClam (a non-updated FreshClam.conf or other script) that have
> >> > not been updated to remove the safebrowsing database.>
>
> On 07.04.21 21:04, Vladislav Kurz via clamav-users wrote:
> >These could be Debian users. The debian package offers to enable
> >safebrowsing.cvd, and there is no indication that it is discontinued.
> >Perhaps, if you talk to Debian Clamav maintainers, they could release
> >an update that disables this option without asking ?
>
> it's disabled by default, but yes, that disabling it unconditionally would be
> good
>
> The question is, if the old safebrowsing.cld has to be removed if it exists.
>
> >Anyway I was one of those, and now disabling it everywhere...
>
> +1
> --
> Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> 2B|!2B, that's a question!
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml