Mailing List Archive

[clamav-users] Restriction of downloads
ClamAV community-

I’m very sorry that it has come to where we are at with the current restrictions around downloading of virus definitions.

If you are receiving a 403 or a 1020 error when attempting to download, please use Freshclam, and make sure that version of Freshclam is not an eol’ed version. (You must be running something higher than 0.100). If you are fully up to date, and you are still receiving one of the above error codes, you’re specifically blocked for abuse of the system, please feel free to write me with your external IP so I can guide you in the correct direction.

If you are receiving a 429 from your downloads, your downloading too fast and too much and you have hit the rate limit. If you don’t think you are, please feel free to write me with your external IP so I can guide you in the correct direction.

If you are using Qnap, I believe the issue is, you’re running an EOL version, please give Qnap feedback to update. They are about 4 years behind.

Again, I know this is a headache, but, unfortunately it has come to this. I’m constantly experimenting with allowing more downloads to the system while restricting the abusers. Unfortunately the majority of the abuse is in cloud service providers. Amazon AWS, Azure, Google cloud computing and Oracle’s hosting systems.

A few bad apples have ruined the basket and we’ve had to implement emergency measures. We are working with Cloudflare as well, and already have updates to Freshclam planned. We are preparing a blog post and an updated download script to replace the one on the site, if you are unable to use freshclam. (You should use Freshclam though, for real.)

I’ve been working on this problem for about three days straight, so please bear with me. Again, apologies for inconvenience.


Joel Esler
The guy putting in the time to try snd solve this
Sent from my ? iPhone
Re: [clamav-users] Restriction of downloads [ In reply to ]
Hi there,

On Sun, 7 Mar 2021, Joel Esler (jesler) via clamav-users wrote:

> ClamAV community-
> ... the majority of the abuse is in cloud service providers. Amazon
> AWS, Azure, Google cloud computing and Oracle’s hosting systems.
> ...

What a surprise, that looks a lot like the top of my permanent blacklist.

> I’ve been working on this problem for about three days straight, so
> please bear with me. Again, apologies for inconvenience.

No need for apologies Joel, we've all suffered more than enough from
these leeches. I personally would like to see the lot of them dropped
in the ocean.

Hit 'em hard. Hopefully it might make a small dent in their bottom lines.
It's the only thing that will make them take any notice.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Restriction of downloads [ In reply to ]
Also, for those of you that have figured out a way to bypass the restriction, and yes, I can see you, I can tell what this looks like server side. If people start abusing the system in this bypassed way, I’ll have to lock it down farther, which I don’t want to do. I am trying to find a middle ground right now, for anyone on the client side that has been paying attention to the downloads over the last couple days, you’ve seen it work then not work then work again.

Please use Freshclam.

Sent from my ? iPhone

On Mar 6, 2021, at 19:33, Joel Esler (jesler) <jesler@cisco.com> wrote:

? ClamAV community-

I’m very sorry that it has come to where we are at with the current restrictions around downloading of virus definitions.

If you are receiving a 403 or a 1020 error when attempting to download, please use Freshclam, and make sure that version of Freshclam is not an eol’ed version. (You must be running something higher than 0.100). If you are fully up to date, and you are still receiving one of the above error codes, you’re specifically blocked for abuse of the system, please feel free to write me with your external IP so I can guide you in the correct direction.

If you are receiving a 429 from your downloads, your downloading too fast and too much and you have hit the rate limit. If you don’t think you are, please feel free to write me with your external IP so I can guide you in the correct direction.

If you are using Qnap, I believe the issue is, you’re running an EOL version, please give Qnap feedback to update. They are about 4 years behind.

Again, I know this is a headache, but, unfortunately it has come to this. I’m constantly experimenting with allowing more downloads to the system while restricting the abusers. Unfortunately the majority of the abuse is in cloud service providers. Amazon AWS, Azure, Google cloud computing and Oracle’s hosting systems.

A few bad apples have ruined the basket and we’ve had to implement emergency measures. We are working with Cloudflare as well, and already have updates to Freshclam planned. We are preparing a blog post and an updated download script to replace the one on the site, if you are unable to use freshclam. (You should use Freshclam though, for real.)

I’ve been working on this problem for about three days straight, so please bear with me. Again, apologies for inconvenience.


Joel Esler
The guy putting in the time to try snd solve this
Sent from my ? iPhone
Re: [clamav-users] Restriction of downloads [ In reply to ]
I?m a simple QNAP 509 (x2) user and having read the emails I?m a bit confused on how to resolve the issue of definitions not updating automatically.

Having worked out yesterday that I could update manually I downloaded the latest cvd file and updated both my servers but then when I look today, I cant see the file download links anymore.
I can see that there is some mention of Freshclam. Happy to use this but could someone please clarify if this is something that sits on my qnap or on my pc? Can I then use this to manually download the definition files to update my qnaps manually.

Sorry if these are basic questions.

Kind Regards
Harv Azad

Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10
Re: [clamav-users] Restriction of downloads [ In reply to ]
You’ll have to work with qnap. We can’t update qnap.

Sent from my ? iPhone

On Mar 11, 2021, at 13:39, Harv Azad via clamav-users <clamav-users@lists.clamav.net> wrote:

?
I’m a simple QNAP 509 (x2) user and having read the emails I’m a bit confused on how to resolve the issue of definitions not updating automatically.

Having worked out yesterday that I could update manually I downloaded the latest cvd file and updated both my servers but then when I look today, I cant see the file download links anymore.
I can see that there is some mention of Freshclam. Happy to use this but could someone please clarify if this is something that sits on my qnap or on my pc? Can I then use this to manually download the definition files to update my qnaps manually.

Sorry if these are basic questions.

Kind Regards
Harv Azad

Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Restriction of downloads [ In reply to ]
Hi there,

On Thu, 11 Mar 2021, Harv Azad via clamav-users wrote:

> I?m a simple QNAP 509 (x2) user ...

Full disclosure: I know nothing about QNAP.

> I can see that there is some mention of Freshclam. Happy to use
> this but could someone please clarify if this is something that sits
> on my qnap or on my pc? Can I then use this to manually download
> the definition files to update my qnaps manually.

Freshclam is designed to update the ClamAV database using the minimum
of network resources. Normally it is run as a 'daemon' (which means
it runs indefinitely) and periodically sends out DNS requests to find
out if the database needs updating. DNS requests are very small and
quick to execute; if the reply to the request indicates that there is
no update needed, the daemon goes back to sleep until the next time
it's scheduled to wake up. If an update is required, it requests the
'difference' files which it needs to update the existing, out-of-date
database to the up-to-date version. The difference files tend to be
small too - very much smaller than the main and daily databases. The
daemon then creates a new database from the old one and the difference
files, optionally tests the result, replaces the old database with the
new one and optionally signals the clamd scanning daemon to reload it.
Normally it then deletes the difference files but you can tell it to
keep them if you wish. When freshclam (optionally) tests the database
which it has just updated, it will briefly use a lot of memory.

Freshclam can also be run from the command line to do one-off updates
instead of running as a daemon. It starts and does those DNS checks;
if there's nothing to do it stops and never runs again until you tell
it to with another command; otherwise it updates in the same way and
then stops.

Most people run freshclam on a PC. I've only ever run it under Linux
but I'm sure it can run under Windows too. I've seen mention that it
runs on QNAP devices but I gather that some of these devices are very
short on memory, and as the minimum ClamAV database thesedays uses in
the region of 1 Gbyte of memory it can be difficult to use it directly
on devices with relatively small amounts of memory.

It's possible for the ClamAV scanner to scan devices other than the
computer on which the scanner is running. It requires at least some
understanding of the use of network connections to do that. You can
tell the device to be scanned to connect to a TCP port on the device
which will do the scanning and send the data to be scanned over this
connection. On the scanning device you would run the clamd daemon,
which will be told to listen on a TCP port and scan anything it sees.
Because it loads the database entirely into memory, the clamd daemon
uses a lot of memory too. Then it just waits for something to scan.
There's a utility called 'clamdscan' which can be run on the device to
be scanned. This utility is relatively small and lightweight, it does
the job of taking data from the scanned device and passing it to the
clamd daemon on the scanning device over the TCP connection. If your
QNAP device is short on memory I'd suggest that you look into putting
a copy of clamdscan on it, and running clamd on something which has
plenty of memory. You should be aware that the clamd daemon will not
place any restrictions on anything connecting to its port, so if your
network is not implicitly trusted then you need to take precautions.

I hope this makes sense to you, please get back to us if you need to.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Restriction of downloads [ In reply to ]
On 11.03.21 19:38, Harv Azad via clamav-users wrote:
>I’m a simple QNAP 509 (x2) user and having read the emails I’m a bit confused on how to resolve the issue of definitions not updating automatically.

Hello,

unfortunately TS-509 Pro is EOL by QNAP, so they won't release even security
updates:

https://www.qnap.com/en/product/eol.php

Also, unfortunately, QNAP seems only put new ClamAV versions for versions in
"OS and Application Updates and Maintenance", 509 ran out of that in 2017-12.

Also, TS-509 Pro has 1GB of RAM, which is not enough for clamav
(on my system it takes over 1.5GB of RAM).

I'm not sure whether 509 has upgradable RAM (doesn't seem so), but without
it clamav is quite useless there.

>Having worked out yesterday that I could update manually I downloaded the
>latest cvd file and updated both my servers but then when I look today, I
>cant see the file download links anymore. I can see that there is some
>mention of Freshclam. Happy to use this but could someone please clarify
>if this is something that sits on my qnap or on my pc? Can I then use this
>to manually download the definition files to update my qnaps manually.

freshclam is clamav update, bundled with clamav distribution. QNAP contains
it too. Note that in your case (and mine) it's too old (0.99) and
unsupported, and doesn't support cdiffs.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Where do you want to go to die?" [Microsoft]

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Restriction of downloads [ In reply to ]
Hi,


I just found that my "antivirus essentiel" installed package provided by Synology is unable to update virus definition file since 03/06/2021 !
This package is build on ClamAV


There are lot of products no more working yet !
Qnap, Synology etc....

Under ArcaOS etc....





Before blocking updates, I think that user had to be informed about changes a few month before
This is a top severity unsecure issue.

(putting so many people out of new viruses protection ! - All do not have skills to correct Like, I do not have needed skills)


It would be nice providing a quick solution for those with any skills.
I'm fully out of protection yet (unable to implement cvdupdate ! no skills for this)



Best regards
Rémy




"Ce message et toutes ses pièces jointes sont établis à l'intention exclusive de son/ses destinataire(s) et sont confidentiels. Si vous recevez ce message par erreur, merci de le détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation de ce message et/ou de son contenu par une personne autre qu'un destinataire, et toute diffusion ou publication ultérieure du contenu de ce message, en totalité ou en partie, est interdite sauf autorisation préalable et écrite de l'émetteur"
----- Mail original -----

De: "Joel Esler (jesler) via clamav-users" <clamav-users@lists.clamav.net>
À: "ClamAV users ML" <clamav-users@lists.clamav.net>
Cc: "Joel Esler (jesler)" <jesler@cisco.com>
Envoyé: Vendredi 12 Mars 2021 00:17:21
Objet: Re: [clamav-users] Restriction of downloads

You’ll have to work with qnap. We can’t update qnap.


Sent from my ? iPhone



On Mar 11, 2021, at 13:39, Harv Azad via clamav-users <clamav-users@lists.clamav.net> wrote:




<blockquote>



I’m a simple QNAP 509 (x2) user and having read the emails I’m a bit confused on how to resolve the issue of definitions not updating automatically.

Having worked out yesterday that I could update manually I downloaded the latest cvd file and updated both my servers but then when I look today, I cant see the file download links anymore.
I can see that there is some mention of Freshclam. Happy to use this but could someone please clarify if this is something that sits on my qnap or on my pc? Can I then use this to manually download the definition files to update my qnaps manually.

Sorry if these are basic questions.

Kind Regards
Harv Azad

Sent from Mail for Windows 10

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

</blockquote>


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Restriction of downloads [ In reply to ]
Hi there,

On Sat, 13 Mar 2021, R?my DODIN via clamav-users wrote:

> I just found that my "antivirus essentiel" installed package
> provided by Synology is unable to update virus definition file since
> 03/06/2021 !

Then should you not be talking to Synology?

> ... quick solution for those with any skills.

The solution has been published for years. It's called freshclam and
it's what you should have been using, but apparently you weren't, and
there's no point acting all surprised about it now. Whether or not
you knew it, you were part of a big problem for the ClamAV team. You
should be apologizing to them, not telling them what you think they
should have done to get you to stop abusing the valuable service which
they provide to the whole planet at no charge.

> I'm fully out of protection yet ...

Please take this opportunity to calm down and think about what you're
doing. You seem to think that before this happened your system *was*
somehow magically "protected" and that now the protection is gone.
Unfortunately, for reasons which at the moment don't matter but which
we can go into in due course, it really isn't like that.

For now, quit complaining and let us have technical details about your
system so that we can help you. We aren't clairvoyant, so without the
details we can't help you very much at all. Your computer, operating
system, the main applications for the computer, the exact versions of
whatever approximation to ClamAV that you have obtained from Synology,
how your computer connects to the Internet. Read a few posts on this
mailing list to get other ideas about useful information to give us,
and think about anything else you can tell us that might be relevant.

> "Ce message et toutes ses pi?ces jointes sont ?tablis ? l'intention
> exclusive de son/ses destinataire(s) et sont confidentiels. Si vous
> recevez ce message par erreur, merci de le d?truire et d'en avertir
> imm?diatement l'exp?diteur. Toute utilisation de ce message et/ou de
> son contenu par une personne autre qu'un destinataire, et toute
> diffusion ou publication ult?rieure du contenu de ce message, en
> totalit? ou en partie, est interdite sauf autorisation pr?alable et
> ?crite de l'?metteur"

Can you turn this off? This is, after all, a mailing list.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Restriction of downloads [ In reply to ]
Would the community be willing to pay for updates?

Sent from my ? iPhone

On Mar 12, 2021, at 17:41, Rémy DODIN via clamav-users <clamav-users@lists.clamav.net> wrote:

?
Hi,

I just found that my "antivirus essentiel" installed package provided by Synology is unable to update virus definition file since 03/06/2021 !
This package is build on ClamAV

There are lot of products no more working yet !
Qnap, Synology etc....
Under ArcaOS etc....


Before blocking updates, I think that user had to be informed about changes a few month before
This is a top severity unsecure issue.
(putting so many people out of new viruses protection ! - All do not have skills to correct Like, I do not have needed skills)

It would be nice providing a quick solution for those with any skills.
I'm fully out of protection yet (unable to implement cvdupdate ! no skills for this)

Best regards
Rémy


"Ce message et toutes ses pièces jointes sont établis à l'intention exclusive de son/ses destinataire(s) et sont confidentiels. Si vous recevez ce message par erreur, merci de le détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation de ce message et/ou de son contenu par une personne autre qu'un destinataire, et toute diffusion ou publication ultérieure du contenu de ce message, en totalité ou en partie, est interdite sauf autorisation préalable et écrite de l'émetteur"
________________________________
De: "Joel Esler (jesler) via clamav-users" <clamav-users@lists.clamav.net>
À: "ClamAV users ML" <clamav-users@lists.clamav.net>
Cc: "Joel Esler (jesler)" <jesler@cisco.com>
Envoyé: Vendredi 12 Mars 2021 00:17:21
Objet: Re: [clamav-users] Restriction of downloads

You’ll have to work with qnap. We can’t update qnap.

Sent from my ? iPhone

On Mar 11, 2021, at 13:39, Harv Azad via clamav-users <clamav-users@lists.clamav.net> wrote:

?
I’m a simple QNAP 509 (x2) user and having read the emails I’m a bit confused on how to resolve the issue of definitions not updating automatically.

Having worked out yesterday that I could update manually I downloaded the latest cvd file and updated both my servers but then when I look today, I cant see the file download links anymore.
I can see that there is some mention of Freshclam. Happy to use this but could someone please clarify if this is something that sits on my qnap or on my pc? Can I then use this to manually download the definition files to update my qnaps manually.

Sorry if these are basic questions.

Kind Regards
Harv Azad

Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Restriction of downloads [ In reply to ]
----- Message from "Joel Esler (jesler) via clamav-users"
<clamav-users@lists.clamav.net> ---------
Date: Sat, 13 Mar 2021 01:49:34 +0000
From: "Joel Esler (jesler) via clamav-users"
<clamav-users@lists.clamav.net>
Reply-To: ClamAV users ML <clamav-users@lists.clamav.net>
Subject: Re: [clamav-users] Restriction of downloads
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: "Joel Esler (jesler)" <jesler@cisco.com>


> Would the community be willing to pay for updates?

The thing I can't get over is the sense of entitlement coming out of
some of the emails to this list for a service provided at no cost that
is now being reasonably restricted because of impact on the people
providing it *at no charge*, which if not resolved could potentially
remove the ability for *any* of us to use it.

Go figure... Even more bizarre is people trying to create and share
workarounds. Ah well...

From my POV Clamav has provided me with a great (free) tool for many
years at only the cost of my time to learn it, and with a great and
supportive community. If it were to move to a model wherein there was
reasonable contribution I'd sign up for it.

Purely selfishly :) perhaps a model appropriately structured for home
users like me (with < 10 users) to get updates with more for corporate
/ govt users. :-D



--
Simon Wilson
M: 0400 12 11 16


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Restriction of downloads [ In reply to ]
Hi!

You wrote:
"The solution has been published for years. It's called freshclam and
it's what you should have been using, but apparently you weren't"

False, read my previous post.
Freshclam is no more able to get updates

Most anti viral tools on the market provide a free build with free updates.
Under ArcaOS, only clamav is able to run but the developper who ported 0.9x version started to have portage issue starting with 0.99 (storage issue crashing clamd, clamav).
Any higher version was never ported and it seems that it couldn't right now.

To work, freshclam needs at least one available database access as it was until february.

Regards
Rémy




Le 13 mars 2021 01:47:15 GMT+01:00, "G.W. Haywood via clamav-users" <clamav-users@lists.clamav.net> a écrit :
>Hi there,
>
>On Sat, 13 Mar 2021, Rémy DODIN via clamav-users wrote:
>
>> I just found that my "antivirus essentiel" installed package
>> provided by Synology is unable to update virus definition file since
>> 03/06/2021 !
>
>Then should you not be talking to Synology?
>
>> ... quick solution for those with any skills.
>
>The solution has been published for years. It's called freshclam and
>it's what you should have been using, but apparently you weren't, and
>there's no point acting all surprised about it now. Whether or not
>you knew it, you were part of a big problem for the ClamAV team. You
>should be apologizing to them, not telling them what you think they
>should have done to get you to stop abusing the valuable service which
>they provide to the whole planet at no charge.
>
>> I'm fully out of protection yet ...
>
>Please take this opportunity to calm down and think about what you're
>doing. You seem to think that before this happened your system *was*
>somehow magically "protected" and that now the protection is gone.
>Unfortunately, for reasons which at the moment don't matter but which
>we can go into in due course, it really isn't like that.
>
>For now, quit complaining and let us have technical details about your
>system so that we can help you. We aren't clairvoyant, so without the
>details we can't help you very much at all. Your computer, operating
>system, the main applications for the computer, the exact versions of
>whatever approximation to ClamAV that you have obtained from Synology,
>how your computer connects to the Internet. Read a few posts on this
>mailing list to get other ideas about useful information to give us,
>and think about anything else you can tell us that might be relevant.
>
>> "Ce message et toutes ses pièces jointes sont établis à l'intention
>> exclusive de son/ses destinataire(s) et sont confidentiels. Si vous
>> recevez ce message par erreur, merci de le détruire et d'en avertir
>> immédiatement l'expéditeur. Toute utilisation de ce message et/ou de
>> son contenu par une personne autre qu'un destinataire, et toute
>> diffusion ou publication ultérieure du contenu de ce message, en
>> totalité ou en partie, est interdite sauf autorisation préalable et
>> écrite de l'émetteur"
>
>Can you turn this off? This is, after all, a mailing list.
>
>--
>
>73,
>Ged.
>
>_______________________________________________
>
>clamav-users mailing list
>clamav-users@lists.clamav.net
>https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
>Help us build a comprehensive ClamAV guide:
>https://github.com/vrtadmin/clamav-faq
>
>http://www.clamav.net/contact.html#ml

--
Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
Re: [clamav-users] Restriction of downloads [ In reply to ]
On 13.03.21 00:40, R?my DODIN via clamav-users wrote:
>I just found that my "antivirus essentiel" installed package provided by Synology is unable to update virus definition file since 03/06/2021 !

which synology device?

- according to https://www.synology.com/en-us/releaseNote/AntiVirus, 0.102.3
was published on Feb 23, more than week before measures.

- ClamAV requires over 1GB of RAM, many NASses don't have it.
synology mentions devices with less than 512MB of RAM, but on my machine it
eats 1.5GB

which ClamAV version?
0.100 is needed, which is less than 3 years old, and chance is your version
is older.

>Before blocking updates, I think that user had to be informed about changes a few month before

waiting months before protecting from DoS?

>This is a top severity unsecure issue.

overloaded network not unable to provide updates is an issue by itself.
If someone has to be cut, cut abusers (fetching databases via http clients) first and most
problematic clients (<0.100) next.

Which is what happened.


--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Restriction of downloads [ In reply to ]
Hi there,

On Sat, 13 Mar 2021, R?my via clamav-users wrote:

> ... Freshclam is no more able to get updates ...

Freshclam runs here twice per day. It works fine.

Perhaps you're using an out of date version?

I did ask, but you seem to have ignored my questions.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Restriction of downloads [ In reply to ]
On 13/03/2021 00:47, G.W. Haywood via clamav-users wrote:
>
>> I just found that my "antivirus essentiel" installed package
>> provided by Synology is unable to update virus definition file since
>> 03/06/2021 !
>
> Then should you not be talking to Synology?

Maybe Synology and QNAP, etc could run private mirrors for their devices
which they don't provide up-to-date Freshclam for...


--
Paul


--


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates at http://www.pscs.co.uk/go/subscribe

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Restriction of downloads [ In reply to ]
>>>I just found that my "antivirus essentiel" installed package
>>>provided by Synology is unable to update virus definition file since
>>>03/06/2021 !

>On 13/03/2021 00:47, G.W. Haywood via clamav-users wrote:
>>Then should you not be talking to Synology?

On 13.03.21 11:16, Paul Smith via clamav-users wrote:
>Maybe Synology and QNAP, etc could run private mirrors for their
>devices which they don't provide up-to-date Freshclam for...

QNAP runs freshclam. checked now with my 419P+:

ClamAV update process started at Sat Mar 13 12:47:36 2021
WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
ERROR: getpatch: Can't download main-55.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download main.cvd
ERROR: Can't download main.cvd from database.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in /etc/config/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons.


However, many of QNAP devices have obsolete clamav version:

[~] # freshclam -V
ClamAV 0.99.3/17260/Wed May 22 12:40:22 2013


--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Restriction of downloads [ In reply to ]
Just use that php based freshclam replacement?

Eero

On Sat 13. Mar 2021 at 13.53, Matus UHLAR - fantomas <uhlar@fantomas.sk>
wrote:

>
> >>>I just found that my "antivirus essentiel" installed package
> >>>provided by Synology is unable to update virus definition file since
> >>>03/06/2021 !
>
> >On 13/03/2021 00:47, G.W. Haywood via clamav-users wrote:
> >>Then should you not be talking to Synology?
>
> On 13.03.21 11:16, Paul Smith via clamav-users wrote:
> >Maybe Synology and QNAP, etc could run private mirrors for their
> >devices which they don't provide up-to-date Freshclam for...
>
> QNAP runs freshclam. checked now with my 419P+:
>
> ClamAV update process started at Sat Mar 13 12:47:36 2021
> WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
> ERROR: getpatch: Can't download main-55.cdiff from database.clamav.net
> WARNING: Incremental update failed, trying to download main.cvd
> ERROR: Can't download main.cvd from database.clamav.net
> Giving up on database.clamav.net...
> Update failed. Your network may be down or none of the mirrors listed in
> /etc/config/freshclam.conf is working. Check
> http://www.clamav.net/doc/mirrors-faq.html for possible reasons.
>
>
> However, many of QNAP devices have obsolete clamav version:
>
> [~] # freshclam -V
> ClamAV 0.99.3/17260/Wed May 22 12:40:22 2013
>
>
> --
> Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Microsoft dick is soft to do no harm
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] Restriction of downloads [ In reply to ]
Please don’t. You have two solutions provided from us. Please use one of them.

Sent from my ? iPhone

On Mar 13, 2021, at 06:18, Eero Volotinen <eero.volotinen@iki.fi> wrote:

?
Just use that php based freshclam replacement?

Eero

On Sat 13. Mar 2021 at 13.53, Matus UHLAR - fantomas <uhlar@fantomas.sk<mailto:uhlar@fantomas.sk>> wrote:

>>>I just found that my "antivirus essentiel" installed package
>>>provided by Synology is unable to update virus definition file since
>>>03/06/2021 !

>On 13/03/2021 00:47, G.W. Haywood via clamav-users wrote:
>>Then should you not be talking to Synology?

On 13.03.21 11:16, Paul Smith via clamav-users wrote:
>Maybe Synology and QNAP, etc could run private mirrors for their
>devices which they don't provide up-to-date Freshclam for...

QNAP runs freshclam. checked now with my 419P+:

ClamAV update process started at Sat Mar 13 12:47:36 2021
WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net<http://database.clamav.net>
ERROR: getpatch: Can't download main-55.cdiff from database.clamav.net<http://database.clamav.net>
WARNING: Incremental update failed, trying to download main.cvd
ERROR: Can't download main.cvd from database.clamav.net<http://database.clamav.net>
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in /etc/config/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons.


However, many of QNAP devices have obsolete clamav version:

[~] # freshclam -V
ClamAV 0.99.3/17260/Wed May 22 12:40:22 2013


--
Matus UHLAR - fantomas, uhlar@fantomas.sk<mailto:uhlar@fantomas.sk> ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Restriction of downloads [ In reply to ]
On 13/03/2021 11:50, Matus UHLAR - fantomas wrote:
>
> On 13.03.21 11:16, Paul Smith via clamav-users wrote:
>> Maybe Synology and QNAP, etc could run private mirrors for their
>> devices which they don't provide up-to-date Freshclam for...
>
> QNAP runs freshclam. checked now with my 419P+:
> ClamAV update process started at Sat Mar 13 12:47:36 2021
> WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
> ERROR: getpatch: Can't download main-55.cdiff from database.clamav.net

That looks like an obsolete version, which won't work with
database.clamav.net, but would work if QNAP (or anyone else) provided a
private mirror for it.


--
Paul


--


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates at http://www.pscs.co.uk/go/subscribe

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Restriction of downloads [ In reply to ]
Team—

The qnap and synology issues are a result of the EOL of <0.100. Not as a result of the abusive downloaders. Two separate issues.

Our EOL policy that has been in place is “current version with all minor patches and one back with all minor patches”. This has been our policy for about 8–10 years. Our current version is 0.103.1, which means according to our EOL policy, we should allow .103, and .102. Everything below that we should block.

It is becoming more and more necessary to enforce these cut off points because of many reasons. Load to the mirror network being one. So, .100, and .101 will continue to be supported for a bit, but soon, we’re going to have to cut those off too.

The vast majority of ClamAV users are on 0.102.4. The outliners are people that haven’t upgraded to a latest version should start upgrading to get ahead of the curve.

Sent from my ? iPhone

On Mar 13, 2021, at 05:52, Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:

?
I just found that my "antivirus essentiel" installed package
provided by Synology is unable to update virus definition file since
03/06/2021 !

On 13/03/2021 00:47, G.W. Haywood via clamav-users wrote:
Then should you not be talking to Synology?

On 13.03.21 11:16, Paul Smith via clamav-users wrote:
Maybe Synology and QNAP, etc could run private mirrors for their devices which they don't provide up-to-date Freshclam for...

QNAP runs freshclam. checked now with my 419P+:

ClamAV update process started at Sat Mar 13 12:47:36 2021
WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
ERROR: getpatch: Can't download main-55.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download main.cvd
ERROR: Can't download main.cvd from database.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in /etc/config/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons.


However, many of QNAP devices have obsolete clamav version:

[~] # freshclam -V
ClamAV 0.99.3/17260/Wed May 22 12:40:22 2013


--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Restriction of downloads [ In reply to ]
On Sat, 13 Mar 2021, Matus UHLAR - fantomas wrote:

>>>> I just found that my "antivirus essentiel" installed package
>>>> provided by Synology is unable to update virus definition file since
>>>> 03/06/2021 !
>
>> On 13/03/2021 00:47, G.W. Haywood via clamav-users wrote:
>>> Then should you not be talking to Synology?
>
> On 13.03.21 11:16, Paul Smith via clamav-users wrote:
>> Maybe Synology and QNAP, etc could run private mirrors for their devices
>> which they don't provide up-to-date Freshclam for...
>
> QNAP runs freshclam. checked now with my 419P+:
>
> ClamAV update process started at Sat Mar 13 12:47:36 2021
> WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
> ERROR: getpatch: Can't download main-55.cdiff from database.clamav.net

Current version of main.cvd is 59.
This device must have been failing to update long before the new "emergency".

> WARNING: Incremental update failed, trying to download main.cvd
> ERROR: Can't download main.cvd from database.clamav.net
> Giving up on database.clamav.net...
> Update failed. Your network may be down or none of the mirrors listed in
> /etc/config/freshclam.conf is working. Check
> http://www.clamav.net/doc/mirrors-faq.html for possible reasons.
>
>
> However, many of QNAP devices have obsolete clamav version:
>
> [~] # freshclam -V
> ClamAV 0.99.3/17260/Wed May 22 12:40:22 2013

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Restriction of downloads [ In reply to ]
My synology Clamav is at "Upgraded ClamAV engine to 0.102.3"
As it is written here and my packets are at latest update level.

https://www.synology.com/fr-fr/releaseNote/AntiVirus?model=DS713%2B



But virus signature is unabled to be refreshed as I wrote it !
It worked until last refresh from 03/06/21 and then, high CPU and storage utilisation and no refresh.
It looks like it is going into a loop trying to get virus database updates.... (If it goes into a loop, then the refresh tool may have issue ! and may be you expected abuse due to high freshclam or virus database update is into a loop due incorrect process ?


If a loop exist, who's the culprit ? (I'm not a developper and just end user with no skills)
synology ? or Clamav ?

I just run again database update option and after more than 4 minutes, it was always runing and I have to force a stop to not have it running 24/24h.
Consuming a lot of CPU, energy (not eco friendly) - It is acting like a virus trying to kill a system, strange !



Very strange



Regards
Rémy




"Ce message et toutes ses pièces jointes sont établis à l'intention exclusive de son/ses destinataire(s) et sont confidentiels. Si vous recevez ce message par erreur, merci de le détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation de ce message et/ou de son contenu par une personne autre qu'un destinataire, et toute diffusion ou publication ultérieure du contenu de ce message, en totalité ou en partie, est interdite sauf autorisation préalable et écrite de l'émetteur"
----- Mail original -----

De: "Joel Esler (jesler) via clamav-users" <clamav-users@lists.clamav.net>
À: "ClamAV users ML" <clamav-users@lists.clamav.net>
Cc: "Joel Esler (jesler)" <jesler@cisco.com>
Envoyé: Samedi 13 Mars 2021 13:47:08
Objet: Re: [clamav-users] Restriction of downloads

Team—


The qnap and synology issues are a result of the EOL of <0.100. Not as a result of the abusive downloaders. Two separate issues.


Our EOL policy that has been in place is “current version with all minor patches and one back with all minor patches”. This has been our policy for about 8–10 years. Our current version is 0.103.1, which means according to our EOL policy, we should allow .103, and .102. Everything below that we should block.


It is becoming more and more necessary to enforce these cut off points because of many reasons. Load to the mirror network being one. So, .100, and .101 will continue to be supported for a bit, but soon, we’re going to have to cut those off too.


The vast majority of ClamAV users are on 0.102.4. The outliners are people that haven’t upgraded to a latest version should start upgrading to get ahead of the curve.




Sent from my ? iPhone



On Mar 13, 2021, at 05:52, Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:




<blockquote>



<blockquote>

<blockquote>

<blockquote>
I just found that my "antivirus essentiel" installed package

</blockquote>

</blockquote>

</blockquote>

<blockquote>

<blockquote>

<blockquote>
provided by Synology is unable to update virus definition file since

</blockquote>

</blockquote>

</blockquote>

<blockquote>

<blockquote>

<blockquote>
03/06/2021 !

</blockquote>

</blockquote>

</blockquote>


<blockquote>
On 13/03/2021 00:47, G.W. Haywood via clamav-users wrote:

</blockquote>

<blockquote>

<blockquote>
Then should you not be talking to Synology?

</blockquote>

</blockquote>

On 13.03.21 11:16, Paul Smith via clamav-users wrote:

<blockquote>
Maybe Synology and QNAP, etc could run private mirrors for their devices which they don't provide up-to-date Freshclam for...

</blockquote>

QNAP runs freshclam. checked now with my 419P+:

ClamAV update process started at Sat Mar 13 12:47:36 2021
WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
ERROR: getpatch: Can't download main-55.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download main.cvd
ERROR: Can't download main.cvd from database.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in /etc/config/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons.


However, many of QNAP devices have obsolete clamav version:

[~] # freshclam -V
ClamAV 0.99.3/17260/Wed May 22 12:40:22 2013


--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

</blockquote>


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Restriction of downloads [ In reply to ]
On 14/03/2021 00:08, Rémy DODIN via clamav-users wrote:
> My synology Clamav is at   "Upgraded ClamAV engine to 0.102.3"
> As it is written here and my packets are at latest update level.
> https://www.synology.com/fr-fr/releaseNote/AntiVirus?model=DS713%2B
>
> But virus signature is unabled to be refreshed as I wrote it !
> It worked until last refresh from 03/06/21 and then, high CPU and
> storage utilisation and no refresh.
> It looks like it is going into a loop trying to get virus database
> updates....  (If it goes into a loop, then the refresh tool may have
> issue ! and may be you expected abuse due to high freshclam or virus
> database update is into a loop due incorrect process ?
>
> If a loop exist, who's the culprit ? (I'm not a developper and just end
> user with no skills)
> synology ? or Clamav ?
> I just run again database update option and after more than 4 minutes,
> it was always runing and I have to force a stop to not have it running
> 24/24h.
> Consuming a lot of CPU, energy (not eco friendly) - It is acting like a
> virus trying to kill a system, strange !
>
Synology have re-packaged ClamAV, so it is a question for Synology.

We don't know how it's been built or what has been left out (or added in).

Simple guess is that the NAS does not have enough memory. ClamAV needs
more than 1 Gigabyte.

Cheers,
Gary B-)

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Restriction of downloads [ In reply to ]
Synology.

Eero

On Sat, Mar 13, 2021 at 3:09 PM Rémy DODIN via clamav-users <
clamav-users@lists.clamav.net> wrote:

> My synology Clamav is at "Upgraded ClamAV engine to 0.102.3"
> As it is written here and my packets are at latest update level.
> https://www.synology.com/fr-fr/releaseNote/AntiVirus?model=DS713%2B
>
> But virus signature is unabled to be refreshed as I wrote it !
> It worked until last refresh from 03/06/21 and then, high CPU and storage
> utilisation and no refresh.
> It looks like it is going into a loop trying to get virus database
> updates.... (If it goes into a loop, then the refresh tool may have issue
> ! and may be you expected abuse due to high freshclam or virus database
> update is into a loop due incorrect process ?
>
> If a loop exist, who's the culprit ? (I'm not a developper and just end
> user with no skills)
> synology ? or Clamav ?
> I just run again database update option and after more than 4 minutes, it
> was always runing and I have to force a stop to not have it running 24/24h.
> Consuming a lot of CPU, energy (not eco friendly) - It is acting like a
> virus trying to kill a system, strange !
>
> Very strange
>
> Regards
> Rémy
>
>
> "Ce message et toutes ses pièces jointes sont établis à l'intention
> exclusive de son/ses destinataire(s) et sont confidentiels. Si vous recevez
> ce message par erreur, merci de le détruire et d'en avertir immédiatement
> l'expéditeur. Toute utilisation de ce message et/ou de son contenu par une
> personne autre qu'un destinataire, et toute diffusion ou publication
> ultérieure du contenu de ce message, en totalité ou en partie, est
> interdite sauf autorisation préalable et écrite de l'émetteur"
> ------------------------------
> *De: *"Joel Esler (jesler) via clamav-users" <
> clamav-users@lists.clamav.net>
> *À: *"ClamAV users ML" <clamav-users@lists.clamav.net>
> *Cc: *"Joel Esler (jesler)" <jesler@cisco.com>
> *Envoyé: *Samedi 13 Mars 2021 13:47:08
> *Objet: *Re: [clamav-users] Restriction of downloads
>
> Team—
>
> The qnap and synology issues are a result of the EOL of <0.100. Not as a
> result of the abusive downloaders. Two separate issues.
>
> Our EOL policy that has been in place is “current version with all minor
> patches and one back with all minor patches”. This has been our policy for
> about 8–10 years. Our current version is 0.103.1, which means according to
> our EOL policy, we should allow .103, and .102. *Everything below that we
> should block. *
>
> It is becoming more and more necessary to enforce these cut off points
> because of many reasons. Load to the mirror network being one. So, .100,
> and .101 will continue to be supported for a bit, but soon, we’re going to
> have to cut those off too.
>
> The vast majority of ClamAV users are on 0.102.4. The outliners are people
> that haven’t upgraded to a latest version should start upgrading to get
> ahead of the curve.
>
> Sent from my ? iPhone
>
> On Mar 13, 2021, at 05:52, Matus UHLAR - fantomas <uhlar@fantomas.sk>
> wrote:
>
> ?
>
> I just found that my "antivirus essentiel" installed package
>
> provided by Synology is unable to update virus definition file since
>
> 03/06/2021 !
>
>
> On 13/03/2021 00:47, G.W. Haywood via clamav-users wrote:
>
> Then should you not be talking to Synology?
>
>
> On 13.03.21 11:16, Paul Smith via clamav-users wrote:
>
> Maybe Synology and QNAP, etc could run private mirrors for their devices
> which they don't provide up-to-date Freshclam for...
>
>
> QNAP runs freshclam. checked now with my 419P+:
>
> ClamAV update process started at Sat Mar 13 12:47:36 2021
> WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
> ERROR: getpatch: Can't download main-55.cdiff from database.clamav.net
> WARNING: Incremental update failed, trying to download main.cvd
> ERROR: Can't download main.cvd from database.clamav.net
> Giving up on database.clamav.net...
> Update failed. Your network may be down or none of the mirrors listed in
> /etc/config/freshclam.conf is working. Check
> http://www.clamav.net/doc/mirrors-faq.html for possible reasons.
>
>
> However, many of QNAP devices have obsolete clamav version:
>
> [~] # freshclam -V
> ClamAV 0.99.3/17260/Wed May 22 12:40:22 2013
>
>
> --
> Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Microsoft dick is soft to do no harm
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] Restriction of downloads [ In reply to ]
I'll contact Synology support team.


Regards
Rémy




"Ce message et toutes ses pièces jointes sont établis à l'intention exclusive de son/ses destinataire(s) et sont confidentiels. Si vous recevez ce message par erreur, merci de le détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation de ce message et/ou de son contenu par une personne autre qu'un destinataire, et toute diffusion ou publication ultérieure du contenu de ce message, en totalité ou en partie, est interdite sauf autorisation préalable et écrite de l'émetteur"
----- Mail original -----

De: "Eero Volotinen" <eero.volotinen@iki.fi>
À: "ClamAV users ML" <clamav-users@lists.clamav.net>
Envoyé: Samedi 13 Mars 2021 14:19:22
Objet: Re: [clamav-users] Restriction of downloads


Synology.


Eero


On Sat, Mar 13, 2021 at 3:09 PM Rémy DODIN via clamav-users < clamav-users@lists.clamav.net > wrote:





My synology Clamav is at "Upgraded ClamAV engine to 0.102.3"
As it is written here and my packets are at latest update level.

https://www.synology.com/fr-fr/releaseNote/AntiVirus?model=DS713%2B



But virus signature is unabled to be refreshed as I wrote it !
It worked until last refresh from 03/06/21 and then, high CPU and storage utilisation and no refresh.
It looks like it is going into a loop trying to get virus database updates.... (If it goes into a loop, then the refresh tool may have issue ! and may be you expected abuse due to high freshclam or virus database update is into a loop due incorrect process ?


If a loop exist, who's the culprit ? (I'm not a developper and just end user with no skills)
synology ? or Clamav ?

I just run again database update option and after more than 4 minutes, it was always runing and I have to force a stop to not have it running 24/24h.
Consuming a lot of CPU, energy (not eco friendly) - It is acting like a virus trying to kill a system, strange !



Very strange



Regards
Rémy




"Ce message et toutes ses pièces jointes sont établis à l'intention exclusive de son/ses destinataire(s) et sont confidentiels. Si vous recevez ce message par erreur, merci de le détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation de ce message et/ou de son contenu par une personne autre qu'un destinataire, et toute diffusion ou publication ultérieure du contenu de ce message, en totalité ou en partie, est interdite sauf autorisation préalable et écrite de l'émetteur"


De: "Joel Esler (jesler) via clamav-users" < clamav-users@lists.clamav.net >
À: "ClamAV users ML" < clamav-users@lists.clamav.net >
Cc: "Joel Esler (jesler)" < jesler@cisco.com >
Envoyé: Samedi 13 Mars 2021 13:47:08
Objet: Re: [clamav-users] Restriction of downloads

Team—


The qnap and synology issues are a result of the EOL of <0.100. Not as a result of the abusive downloaders. Two separate issues.


Our EOL policy that has been in place is “current version with all minor patches and one back with all minor patches”. This has been our policy for about 8–10 years. Our current version is 0.103.1, which means according to our EOL policy, we should allow .103, and .102. Everything below that we should block.


It is becoming more and more necessary to enforce these cut off points because of many reasons. Load to the mirror network being one. So, .100, and .101 will continue to be supported for a bit, but soon, we’re going to have to cut those off too.


The vast majority of ClamAV users are on 0.102.4. The outliners are people that haven’t upgraded to a latest version should start upgrading to get ahead of the curve.




Sent from my ? iPhone


<blockquote>
On Mar 13, 2021, at 05:52, Matus UHLAR - fantomas < uhlar@fantomas.sk > wrote:




<blockquote>



<blockquote>

<blockquote>

<blockquote>
I just found that my "antivirus essentiel" installed package

</blockquote>

</blockquote>

</blockquote>

<blockquote>

<blockquote>

<blockquote>
provided by Synology is unable to update virus definition file since

</blockquote>

</blockquote>

</blockquote>

<blockquote>

<blockquote>

<blockquote>
03/06/2021 !

</blockquote>

</blockquote>

</blockquote>


<blockquote>
On 13/03/2021 00:47, G.W. Haywood via clamav-users wrote:

</blockquote>

<blockquote>

<blockquote>
Then should you not be talking to Synology?

</blockquote>

</blockquote>

On 13.03.21 11:16, Paul Smith via clamav-users wrote:

<blockquote>
Maybe Synology and QNAP, etc could run private mirrors for their devices which they don't provide up-to-date Freshclam for...

</blockquote>

QNAP runs freshclam. checked now with my 419P+:

ClamAV update process started at Sat Mar 13 12:47:36 2021
WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
ERROR: getpatch: Can't download main-55.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download main.cvd
ERROR: Can't download main.cvd from database.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in /etc/config/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons.


However, many of QNAP devices have obsolete clamav version:

[~] # freshclam -V
ClamAV 0.99.3/17260/Wed May 22 12:40:22 2013


--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

</blockquote>


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

</blockquote>


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

1 2  View All