Mailing List Archive

Hello Matt,

Thank you for your email. As a result of events documented in places here:
https://lists.clamav.net/pipermail/clamav-users/2021-March/010577.html
and
https://lists.clamav.net/pipermail/clamav-users/2021-March/010543.html

We’ve been forced to take emergency measures to protect the ClamAV environment.

Please Immediately switch to using Freshclam or https://github.com/micahsnyder/cvdupdate to update your AV definitions.

Sorry for the inconvenience, but we are currently in emergency mode and have to make several drastic changes over the last several days.

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org


On Mar 10, 2021, at 10:37 AM, Matt Forsdike via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:

NBS Public

Hi,

We are unable to use Freshclam but instead have 4 servers which download the main.cvd, daily.cvd and bytecode.cvd files daily at around 4am GMT.

Since 5 March we have been getting a 403 error. I understand that you have a serious problem to address but we are definitely not abusing the service.

Is there a possibility of getting our IP addresses unblocked. These are (subnets):

155.131.56.0/24
155.131.156.0/24

Thank you.


Matt Forsdike
Nationwide Building Society (UK)

NBS Public
The contents of this email are intended exclusively for the addressee. If you are not the addressee you must not read, use or disclose the email contents; you should notify us immediately [by clicking 'Reply'] and delete this email. Nationwide monitors emails to ensure its systems operate effectively and to minimise the risk of viruses. Whilst it has taken reasonable steps to scan this email, it does not accept liability for any virus that may be contained in it. Nationwide Building Society is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority under registration number 106078. Nationwide Building Society, registration no. 355B. Head Office: Nationwide House, Pipers Way, Swindon, Wiltshire SN38 1NW.
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Citeren Matt Forsdike via clamav-users <clamav-users@lists.clamav.net>:

> We are unable to use Freshclam but instead have 4 servers which
> download the main.cvd, daily.cvd and bytecode.cvd files daily at
> around 4am GMT.
>
> Since 5 March we have been getting a 403 error. I understand that
> you have a serious problem to address but we are definitely not
> abusing the service.

You're downloading over 2.5 GB of data daily between these four
servers, where only a few kB would suffice had you used freshclam.
That's abuse in my book.




_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 10/03/2021 15:37, Matt Forsdike via clamav-users wrote:
>
> We are unable to use Freshclam but instead have 4 servers which
> download the main.cvd, daily.cvd and bytecode.cvd files daily at
> around 4am GMT.
>
Why can you not use Freshclam?

If you want to run your own private mirrors (eg to reduce your Internet
bandwidth) then see: https://github.com/micahsnyder/cvdupdate

--
Paul
Paul Smith Computer Services
support@pscs.co.uk - 01484 855800



--


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates at http://www.pscs.co.uk/go/subscribe

On 10/03/2021 16:07, Arjen de Korte via clamav-users wrote:
> You're downloading over 2.5 GB of data daily between these four
> servers, where only a few kB would suffice had you used freshclam.
> That's abuse in my book.
>
(More like about 1GB between the 4 servers as opposed to about 60kB)

And they may be running a private mirror from those servers for their
thousands of users

But still -

People think if they're downloading to a server and then their users'
PCs download from that server, then they're saving bandwidth, but about
11,000 client computers getting a CDIFF is similar in terms of bandwidth
usage to *one* server downloading 'daily.cvd' and 'main.cvd' - plus the
internal bandwidth is *vastly* smaller if the users' computers get the
CDIFFs than if they redownload the whole daily.cvd every day across the
LAN/WAN

--
Paul
Paul Smith Computer Services
support@pscs.co.uk - 01484 855800


--


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates at http://www.pscs.co.uk/go/subscribe

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Preach.

On Mar 10, 2021, at 11:48 AM, Paul Smith via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:

People think if they're downloading to a server and then their users' PCs download from that server, then they're saving bandwidth, but about 11,000 client computers getting a CDIFF is similar in terms of bandwidth usage to *one* server downloading 'daily.cvd' and 'main.cvd' - plus the internal bandwidth is *vastly* smaller if the users' computers get the CDIFFs than if they redownload the whole daily.cvd every day across the LAN/WAN