Mailing List Archive

Running freshclam after the package is installed should pull any/all of the
files that are missing. That is probably the best way to do it.

--Maarten

On Mon, Jan 17, 2022 at 8:32 AM Nick Howitt via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi,
> I am trying to package ClamAV 0.103.5 for ClearOS. Normally they package
> the latest three signature files listed above with their distributable rpm
> in the same way that EPEL do so they have a working package on installation
> rather than requiring freshclam to run first. Unfortunately it looks like
> the links to the three files have been removed from
> https://www.clamav.net/downloads and I would like to get the latest
> signatures so I can update the package. How can I get hold of the files?
>
> Looking at the EPEL Sources, they download from:
> https://database.clamav.net/main.cvd
> https://database.clamav.net/daily.cvd
> https://database.clamav.net/bytecode.cvd
>
> But I am being blocked by cloudflare:
>
> Error 1015 Ray ID: 6cefeaa67bc1549a • 2022-01-17 13:26:40 UTC You are
> being rate limited
> What happened?
>
> The owner of this website (database.clamav.net) has banned you
> temporarily from accessing this website.
>
> How can I proceed as I would like to get an updated package built for
> ClearOS
>
> Thanks,
>
> Nick
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

Please tell that to EPEL as well. We want to be able to distribute a
package which, in emergency, can be transferred to a standalone (read
compromised device removed from the network) and have the rpm install
something which can directly virus scan. Without the three files, it
can't. I presume that is similar logic to EPEL.

Anyway, I've managed to get the files through a VPN so changing my IP,
but this is messy. There must be a better way to do it.

Nick

On 17/01/2022 14:01, Maarten Broekman via clamav-users wrote:
> Running freshclam after the package is installed should pull any/all of
> the files that are missing. That is probably the best way to do it.
>
> --Maarten
>
> On Mon, Jan 17, 2022 at 8:32 AM Nick Howitt via clamav-users
> <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>>
> wrote:
>
> Hi,
> I am trying to package ClamAV 0.103.5 for ClearOS. Normally they
> package the latest three signature files listed above with their
> distributable rpm in the same way that EPEL do so they have a
> working package on installation rather than requiring freshclam to
> run first. Unfortunately it looks like the links to the three files
> have been removed from https://www.clamav.net/downloads
> <https://www.clamav.net/downloads> and I would like to get the
> latest signatures so I can update the package. How can I get hold of
> the files?
>
> Looking at the EPEL Sources, they download from:
> https://database.clamav.net/main.cvd
> <https://database.clamav.net/main.cvd>
> https://database.clamav.net/daily.cvd
> <https://database.clamav.net/daily.cvd>
> https://database.clamav.net/bytecode.cvd
> <https://database.clamav.net/bytecode.cvd>
>
> But I am being blocked by cloudflare:
>
>
> Error 1015
>
> Ray ID: 6cefeaa67bc1549a • 2022-01-17 13:26:40 UTC
>
>
> You are being rate limited
>
>
> What happened?
>
> The owner of this website (database.clamav.net
> <http://database.clamav.net>) has banned you temporarily from
> accessing this website.
>
>
> How can I proceed as I would like to get an updated package built
> for ClearOS
>
> Thanks,
>
> Nick
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
> https://lists.clamav.net/mailman/listinfo/clamav-users
> <https://lists.clamav.net/mailman/listinfo/clamav-users>
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> <https://github.com/vrtadmin/clamav-faq>
>
> http://www.clamav.net/contact.html#ml
> <http://www.clamav.net/contact.html#ml>
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

This is what cvdupdate was designed for. Please use that.

—
Sent from my ? iPhone

> On Jan 17, 2022, at 09:12, Nick Howitt via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> ?Please tell that to EPEL as well. We want to be able to distribute a package which, in emergency, can be transferred to a standalone (read compromised device removed from the network) and have the rpm install something which can directly virus scan. Without the three files, it can't. I presume that is similar logic to EPEL.
>
> Anyway, I've managed to get the files through a VPN so changing my IP, but this is messy. There must be a better way to do it.
>
> Nick
>
>> On 17/01/2022 14:01, Maarten Broekman via clamav-users wrote:
>> Running freshclam after the package is installed should pull any/all of the files that are missing. That is probably the best way to do it.
>> --Maarten
>> On Mon, Jan 17, 2022 at 8:32 AM Nick Howitt via clamav-users <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>> wrote:
>> Hi,
>> I am trying to package ClamAV 0.103.5 for ClearOS. Normally they
>> package the latest three signature files listed above with their
>> distributable rpm in the same way that EPEL do so they have a
>> working package on installation rather than requiring freshclam to
>> run first. Unfortunately it looks like the links to the three files
>> have been removed from https://www.clamav.net/downloads
>> <https://www.clamav.net/downloads> and I would like to get the
>> latest signatures so I can update the package. How can I get hold of
>> the files?
>> Looking at the EPEL Sources, they download from:
>> https://database.clamav.net/main.cvd
>> <https://database.clamav.net/main.cvd>
>> https://database.clamav.net/daily.cvd
>> <https://database.clamav.net/daily.cvd>
>> https://database.clamav.net/bytecode.cvd
>> <https://database.clamav.net/bytecode.cvd>
>> But I am being blocked by cloudflare:
>> Error 1015
>> Ray ID: 6cefeaa67bc1549a • 2022-01-17 13:26:40 UTC
>> You are being rate limited
>> What happened?
>> The owner of this website (database.clamav.net
>> <http://database.clamav.net>) has banned you temporarily from
>> accessing this website.
>> How can I proceed as I would like to get an updated package built
>> for ClearOS
>> Thanks,
>> Nick
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> <https://lists.clamav.net/mailman/listinfo/clamav-users>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> <https://github.com/vrtadmin/clamav-faq>
>> http://www.clamav.net/contact.html#ml
>> <http://www.clamav.net/contact.html#ml>
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Isn't that a bit messy? It would be so much easier to be able to use
curl, wget or any browser to get the sigs so we can package them
directly - not have to install some uncommon download package and then
download them. That is making people jump through unnecessary hoops. I
am not trying use a segmented network and hosts can generally reach the
internet. I just want to be able to package the sigs in a v0.103.5 rpm
for my distro in the same way as EPEL does.

On 17/01/2022 14:17, Joel Esler wrote:
>
> This is what cvdupdate was designed for. Please use that.
>
> —
> Sent from my ? iPhone
>
>> On Jan 17, 2022, at 09:12, Nick Howitt via clamav-users <clamav-users@lists.clamav.net> wrote:
>>
>> ?Please tell that to EPEL as well. We want to be able to distribute a package which, in emergency, can be transferred to a standalone (read compromised device removed from the network) and have the rpm install something which can directly virus scan. Without the three files, it can't. I presume that is similar logic to EPEL.
>>
>> Anyway, I've managed to get the files through a VPN so changing my IP, but this is messy. There must be a better way to do it.
>>
>> Nick
>>
>>> On 17/01/2022 14:01, Maarten Broekman via clamav-users wrote:
>>> Running freshclam after the package is installed should pull any/all of the files that are missing. That is probably the best way to do it.
>>> --Maarten
>>> On Mon, Jan 17, 2022 at 8:32 AM Nick Howitt via clamav-users <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>> wrote:
>>> Hi,
>>> I am trying to package ClamAV 0.103.5 for ClearOS. Normally they
>>> package the latest three signature files listed above with their
>>> distributable rpm in the same way that EPEL do so they have a
>>> working package on installation rather than requiring freshclam to
>>> run first. Unfortunately it looks like the links to the three files
>>> have been removed from https://www.clamav.net/downloads
>>> <https://www.clamav.net/downloads> and I would like to get the
>>> latest signatures so I can update the package. How can I get hold of
>>> the files?
>>> Looking at the EPEL Sources, they download from:
>>> https://database.clamav.net/main.cvd
>>> <https://database.clamav.net/main.cvd>
>>> https://database.clamav.net/daily.cvd
>>> <https://database.clamav.net/daily.cvd>
>>> https://database.clamav.net/bytecode.cvd
>>> <https://database.clamav.net/bytecode.cvd>
>>> But I am being blocked by cloudflare:
>>> Error 1015
>>> Ray ID: 6cefeaa67bc1549a • 2022-01-17 13:26:40 UTC
>>> You are being rate limited
>>> What happened?
>>> The owner of this website (database.clamav.net
>>> <http://database.clamav.net>) has banned you temporarily from
>>> accessing this website.
>>> How can I proceed as I would like to get an updated package built
>>> for ClearOS
>>> Thanks,
>>> Nick
>>> _______________________________________________
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>> <https://lists.clamav.net/mailman/listinfo/clamav-users>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> <https://github.com/vrtadmin/clamav-faq>
>>> http://www.clamav.net/contact.html#ml
>>> <http://www.clamav.net/contact.html#ml>
>>> _______________________________________________
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> http://www.clamav.net/contact.html#ml
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 17/01/2022 14:33, Andrew C Aitchison wrote:
> On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:
>
>> Hi,
>> I am trying to package ClamAV 0.103.5 for ClearOS. Normally they
>> package the
>> latest three signature files listed above with their distributable rpm in
>> the same way that EPEL do so they have a working package on installation
>> rather than requiring freshclam to run first. Unfortunately it looks like
>> the links to the three files have been removed from
>> https://www.clamav.net/downloads and I would like to get the latest
>> signatures so I can update the package. How can I get hold of the files?
>>
>> Looking at the EPEL Sources, they download from:
>> https://database.clamav.net/main.cvd
>> https://database.clamav.net/daily.cvd
>> https://database.clamav.net/bytecode.cvd
>>
>> But I am being blocked by cloudflare:
>>
>>                                  Error 1015
>>
>> Ray ID: 6cefeaa67bc1549a • 2022-01-17 13:26:40 UTC
>>
>> YOU ARE BEING RATE LIMITED
>>
>> WHAT HAPPENED?
>>
>> The owner of this website (database.clamav.net) has banned you
>> temporarily
>> from accessing this website.
>>
>>
>> How can I proceed as I would like to get an updated package built for
>> ClearOS
>
> There has been a lot of abuse of the downloads (some sites were downloading
> multiple - thousands IIRC - copies per second and using up vast volumes of
> bandwidth).
> Freshclam and cvdupdate (
> https://github.com/Cisco-Talos/cvdupdate
> another tool from ClamAV) are tuned to minimize load on the servers
> and IIRC have special access to the downloads.
>
> Could you use cvdupdate in the package script (clamav.spec or similar) ?
> Even this backs off if it is used too frequently, so watch out for that
> when testing.
>
> You might need to use the uncompressed .cld versions (daily.cld at least)
> as these are what are actually updated by the incremental updates.
>
> Maarten suggests not including the database in the package, but
> downloading it with freshclam or cvdupdate afer installing
> (eg in a post-install script).
> daily.cld is currently over 170MB and changes daily,
> so this might be better still.
>
> I see that you are thinking of this as a rescue tool.
> Do you have a sense of how likely clamav (especially a not up to date
> version) is to actually detect a nasty ? My experience and that of
> some others on this list is that it is so far short of 50% that
> I would not take a pass from ClamAV as reliable.
>
Not quite. I have taken over the packaging of this and the justification
of packaging the sigs is partly that the tool will work and scan out of
the box, partly for the offline consideration and partly because there
will be a delay after installation where ClamAV is installed but not in
a running condition. IIRC it won't even start without a database. This
means that a yum install will need to pause and run freshclam before it
can attempt to start clamd. This has knock-on issues and, apparently, it
is always best for yum todownload what it needs with yum and not some
third party tool.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:

> Isn't that a bit messy? It would be so much easier to be able to use curl,
> wget or any browser to get the sigs so we can package them directly

Unfortunately the server load was ridiculus and that had to be stopped.
Petabyte per day IIRC. Some IPs attempted thousands of downloads per
second !

> - not
> have to install some uncommon download package and then download them. That
> is making people jump through unnecessary hoops. I am not trying use a
> segmented network and hosts can generally reach the internet. I just want to
> be able to package the sigs in a v0.103.5 rpm for my distro in the same way
> as EPEL does.

Does the EPEL build system still work ?

If cvdupdate is too obscure, you could use the freshclam program
which you have just built for your package.

> On 17/01/2022 14:17, Joel Esler wrote:
>>
>> This is what cvdupdate was designed for. Please use that.
>>
>> —
>> Sent from my ? iPhone
>>
>>> On Jan 17, 2022, at 09:12, Nick Howitt via clamav-users
>>> <clamav-users@lists.clamav.net> wrote:
>>>
>>> ?Please tell that to EPEL as well. We want to be able to distribute a
>>> package which, in emergency, can be transferred to a standalone (read
>>> compromised device removed from the network) and have the rpm install
>>> something which can directly virus scan. Without the three files, it
>>> can't. I presume that is similar logic to EPEL.
>>>
>>> Anyway, I've managed to get the files through a VPN so changing my IP, but
>>> this is messy. There must be a better way to do it.
>>>
>>> Nick
>>>
>>>> On 17/01/2022 14:01, Maarten Broekman via clamav-users wrote:
>>>> Running freshclam after the package is installed should pull any/all of
>>>> the files that are missing. That is probably the best way to do it.
>>>> --Maarten
>>>> On Mon, Jan 17, 2022 at 8:32 AM Nick Howitt via clamav-users
>>>> <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>>
>>>> wrote:
>>>> Hi,
>>>> I am trying to package ClamAV 0.103.5 for ClearOS. Normally they
>>>> package the latest three signature files listed above with their
>>>> distributable rpm in the same way that EPEL do so they have a
>>>> working package on installation rather than requiring freshclam to
>>>> run first. Unfortunately it looks like the links to the three files
>>>> have been removed from https://www.clamav.net/downloads
>>>> <https://www.clamav.net/downloads> and I would like to get the
>>>> latest signatures so I can update the package. How can I get hold of
>>>> the files?
>>>> Looking at the EPEL Sources, they download from:
>>>> https://database.clamav.net/main.cvd
>>>> <https://database.clamav.net/main.cvd>
>>>> https://database.clamav.net/daily.cvd
>>>> <https://database.clamav.net/daily.cvd>
>>>> https://database.clamav.net/bytecode.cvd
>>>> <https://database.clamav.net/bytecode.cvd>
>>>> But I am being blocked by cloudflare:
>>>> Error 1015
>>>> Ray ID: 6cefeaa67bc1549a • 2022-01-17 13:26:40 UTC
>>>> You are being rate limited
>>>> What happened?
>>>> The owner of this website (database.clamav.net
>>>> <http://database.clamav.net>) has banned you temporarily from
>>>> accessing this website.
>>>> How can I proceed as I would like to get an updated package built
>>>> for ClearOS
>>>> Thanks,
>>>> Nick
>>>> _______________________________________________
>>>> clamav-users mailing list
>>>> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
>>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>> <https://lists.clamav.net/mailman/listinfo/clamav-users>
>>>> Help us build a comprehensive ClamAV guide:
>>>> https://github.com/vrtadmin/clamav-faq
>>>> <https://github.com/vrtadmin/clamav-faq>
>>>> http://www.clamav.net/contact.html#ml
>>>> <http://www.clamav.net/contact.html#ml>
>>>> _______________________________________________
>>>> clamav-users mailing list
>>>> clamav-users@lists.clamav.net
>>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>> Help us build a comprehensive ClamAV guide:
>>>> https://github.com/vrtadmin/clamav-faq
>>>> http://www.clamav.net/contact.html#ml
>>>
>>> _______________________________________________
>>>
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

No. It would not. Wget and curl create disasters for the ClamAV team on the server side, which is why it was stopped. There are still people abusing that system, and when I was at cisco I would block people for doing it. If people would use the tools they are supposed to, that are designed to be network friendly, the problems wouldn’t exist.

—
Sent from my ? iPhone

> On Jan 17, 2022, at 09:39, Nick Howitt via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> ?Isn't that a bit messy? It would be so much easier to be able to use curl, wget or any browser to get the sigs so we can package them directly - not have to install some uncommon download package and then download them. That is making people jump through unnecessary hoops. I am not trying use a segmented network and hosts can generally reach the internet. I just want to be able to package the sigs in a v0.103.5 rpm for my distro in the same way as EPEL does.
>
>> On 17/01/2022 14:17, Joel Esler wrote:
>> This is what cvdupdate was designed for. Please use that.
>> —
>> Sent from my ? iPhone
>>>> On Jan 17, 2022, at 09:12, Nick Howitt via clamav-users <clamav-users@lists.clamav.net> wrote:
>>>
>>> ?Please tell that to EPEL as well. We want to be able to distribute a package which, in emergency, can be transferred to a standalone (read compromised device removed from the network) and have the rpm install something which can directly virus scan. Without the three files, it can't. I presume that is similar logic to EPEL.
>>>
>>> Anyway, I've managed to get the files through a VPN so changing my IP, but this is messy. There must be a better way to do it.
>>>
>>> Nick
>>>
>>>> On 17/01/2022 14:01, Maarten Broekman via clamav-users wrote:
>>>> Running freshclam after the package is installed should pull any/all of the files that are missing. That is probably the best way to do it.
>>>> --Maarten
>>>> On Mon, Jan 17, 2022 at 8:32 AM Nick Howitt via clamav-users <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>> wrote:
>>>> Hi,
>>>> I am trying to package ClamAV 0.103.5 for ClearOS. Normally they
>>>> package the latest three signature files listed above with their
>>>> distributable rpm in the same way that EPEL do so they have a
>>>> working package on installation rather than requiring freshclam to
>>>> run first. Unfortunately it looks like the links to the three files
>>>> have been removed from https://www.clamav.net/downloads
>>>> <https://www.clamav.net/downloads> and I would like to get the
>>>> latest signatures so I can update the package. How can I get hold of
>>>> the files?
>>>> Looking at the EPEL Sources, they download from:
>>>> https://database.clamav.net/main.cvd
>>>> <https://database.clamav.net/main.cvd>
>>>> https://database.clamav.net/daily.cvd
>>>> <https://database.clamav.net/daily.cvd>
>>>> https://database.clamav.net/bytecode.cvd
>>>> <https://database.clamav.net/bytecode.cvd>
>>>> But I am being blocked by cloudflare:
>>>> Error 1015
>>>> Ray ID: 6cefeaa67bc1549a • 2022-01-17 13:26:40 UTC
>>>> You are being rate limited
>>>> What happened?
>>>> The owner of this website (database.clamav.net
>>>> <http://database.clamav.net>) has banned you temporarily from
>>>> accessing this website.
>>>> How can I proceed as I would like to get an updated package built
>>>> for ClearOS
>>>> Thanks,
>>>> Nick
>>>> _______________________________________________
>>>> clamav-users mailing list
>>>> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
>>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>> <https://lists.clamav.net/mailman/listinfo/clamav-users>
>>>> Help us build a comprehensive ClamAV guide:
>>>> https://github.com/vrtadmin/clamav-faq
>>>> <https://github.com/vrtadmin/clamav-faq>
>>>> http://www.clamav.net/contact.html#ml
>>>> <http://www.clamav.net/contact.html#ml>
>>>> _______________________________________________
>>>> clamav-users mailing list
>>>> clamav-users@lists.clamav.net
>>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>> Help us build a comprehensive ClamAV guide:
>>>> https://github.com/vrtadmin/clamav-faq
>>>> http://www.clamav.net/contact.html#ml
>>>
>>> _______________________________________________
>>>
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Citeren Nick Howitt via clamav-users <clamav-users@lists.clamav.net>:

> Not quite. I have taken over the packaging of this and the
> justification of packaging the sigs is partly that the tool will
> work and scan out of the box, partly for the offline consideration
> and partly because there will be a delay after installation where
> ClamAV is installed but not in a running condition. IIRC it won't
> even start without a database. This means that a yum install will
> need to pause and run freshclam before it can attempt to start
> clamd. This has knock-on issues and, apparently, it is always best
> for yum todownload what it needs with yum and not some third party
> tool.

One thing to remember is, is that if you intend your packaging tool to
rebuild the package frequently (daily? weekly?), you'll be
indistinguishable from abusive downloaders who download the full
database over and over again (and don't use freshclam / cvdupdate
instead). This will get your IP blacklisted fairly quickly as you
empirically found out already.

One option would be to setup a local database mirror that is updated
through either freshclam or cvdupdate and let your packaging tool
download the database from there with whatever method you see fit
(wget, curl). That will prevent frequent downloading the full database
from the ClamAV servers, yet will allow you to package fresh database
files as often as you see fit.




_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On Mon, Jan 17, 2022 at 9:53 AM Andrew C Aitchison via clamav-users <
clamav-users@lists.clamav.net> wrote:

> On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:
>
> > - not
> > have to install some uncommon download package and then download them.
> That
> > is making people jump through unnecessary hoops. I am not trying use a
> > segmented network and hosts can generally reach the internet. I just
> want to
> > be able to package the sigs in a v0.103.5 rpm for my distro in the same
> way
> > as EPEL does.
>
> Does the EPEL build system still work ?
>
> If cvdupdate is too obscure, you could use the freshclam program
> which you have just built for your package.
>
>
Andrew makes a good point here. Since you've built the freshclam program at
this point, you can use it to download all the databases it would normally
download and then package those. The downside of this is, of course, that
the daily.cvd changes daily... which means the package would have outdated
virus definitions almost immediately. And, if it gets too out of date,
freshclam will end up downloading the entire file anyway. And, after 7
days, you'll see warning messages about outdated definitions when clam
starts up.

Depending on how many hosts a typical ClearOS end-user has, they would
probably want to set up a private mirror so that they don't have multiple
systems behind the same IP address trying to grab the database files (and
then getting rate-limited as a result).

Private mirror docs: https://docs.clamav.net/appendix/CvdPrivateMirror.html

--Maarten

On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:

>
>
> On 17/01/2022 14:33, Andrew C Aitchison wrote:
> Not quite. I have taken over the packaging of this and the justification of
> packaging the sigs is partly that the tool will work and scan out of the box,
> partly for the offline consideration and partly because there will be a delay
> after installation where ClamAV is installed but not in a running condition.
> IIRC it won't even start without a database. This means that a yum install
> will need to pause and run freshclam before it can attempt to start clamd.

> This has knock-on issues and, apparently, it is always best for yum
> todownload what it needs with yum and not some third party tool.

Last time I looked at the .spec file the signatures were marked
%config(noreplace)
Does that avoid the yum issues ?

I can see the sense in running
freshclam --datadir=...
(or cvdupdate) in the
%prep or %build section of clamav.spec
rather than in the %post.

Or even have two sub-packages clamav-db-large and clamav-db-small
both providing clamav-db ? -large has the files and -small has the %post
script.

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> On Jan 17, 2022, at 10:17, Maarten Broekman via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> And, after 7 days, you'll see warning messages about outdated definitions when clam starts up.

And Freshclam and cvdupdate will still download the right files.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Citeren Joel Esler via clamav-users <clamav-users@lists.clamav.net>:

>> On Jan 17, 2022, at 10:17, Maarten Broekman via clamav-users
>> <clamav-users@lists.clamav.net> wrote:
>>
>> And, after 7 days, you'll see warning messages about outdated
>> definitions when clam starts up.
>
> And Freshclam and cvdupdate will still download the right files.

This largely depends on your build system. In the openSUSE Build
Service (OBS) we start out with a 'clean' build environment for every
(re)build, so running freshclam during build, would mean it would need
to download the full database again for each build (which probably
would lead to blacklisting pretty quickly). That means, if we would
have network connectivity during build (which is not the case). We
don't consider packaging the database files useful, as these will be
outdated almost immediately and keeping them fresh by packaging them,
would mean *huge* downloads almost daily.

In cases where you need a database, just copy them over on a flash
drive. If you want to install something on a compromised system
without network connectivity, you'll need to use portable storage
anyway.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 17/01/2022 15:06, Arjen de Korte via clamav-users wrote:
>
> Citeren Nick Howitt via clamav-users <clamav-users@lists.clamav.net>:
>
>> Not quite. I have taken over the packaging of this and the
>> justification of packaging the sigs is partly that the tool will work
>> and scan out of the box, partly for the offline consideration and
>> partly because there will be a delay after installation where ClamAV
>> is installed but not in a running condition. IIRC it won't even start
>> without a database. This means that a yum install will need to pause
>> and run freshclam before it can attempt to start clamd. This has
>> knock-on issues and, apparently, it is always best for yum todownload
>> what it needs with yum and not some third party tool.
>
> One thing to remember is, is that if you intend your packaging tool to
> rebuild the package frequently (daily? weekly?), you'll be
> indistinguishable from abusive downloaders who download the full
> database over and over again (and don't use freshclam / cvdupdate
> instead). This will get your IP blacklisted fairly quickly as you
> empirically found out already.
>
> One option would be to setup a local database mirror that is updated
> through either freshclam or cvdupdate and let your packaging tool
> download the database from there with whatever method you see fit (wget,
> curl). That will prevent frequent downloading the full database from the
> ClamAV servers, yet will allow you to package fresh database files as
> often as you see fit.
We only rebuild on an upstream update. At some point after it is
installed the servers will run freshclam. Until freshclam is run you
can't start clamd, so you perhaps need a watcher to start clamd at an
appropriate time? madness!

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 17/01/2022 15:14, Maarten Broekman via clamav-users wrote:
>
>
> On Mon, Jan 17, 2022 at 9:53 AM Andrew C Aitchison via clamav-users
> <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>>
> wrote:
>
> On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:
>
> > - not
> > have to install some uncommon download package and then download
> them. That
> > is making people jump through unnecessary hoops. I am not trying
> use a
> > segmented network and hosts can generally reach the internet. I
> just want to
> > be able to package the sigs in a v0.103.5 rpm for my distro in
> the same way
> > as EPEL does.
>
> Does the EPEL build system still work ?
>
> If cvdupdate is too obscure, you could use the freshclam program
> which you have just built for your package.
>
>
> Andrew makes a good point here. Since you've built the freshclam program
> at this point, you can use it to download all the databases it would
> normally download and then package those. The downside of this is, of
> course, that the daily.cvd changes daily... which means the package
> would have outdated virus definitions almost immediately. And, if it
> gets too out of date, freshclam will end up downloading the entire file
> anyway. And, after 7 days, you'll see warning messages about outdated
> definitions when clam starts up.
>
> Depending on how many hosts a typical ClearOS end-user has, they would
> probably want to set up a private mirror so that they don't have
> multiple systems behind the same IP address trying to grab the database
> files (and then getting rate-limited as a result).
>
> Private mirror docs:
> https://docs.clamav.net/appendix/CvdPrivateMirror.html
> <https://docs.clamav.net/appendix/CvdPrivateMirror.html>
All I am saying is that EPEL package a set of sigs in the same way as I
want to for ClearOS. The EPEL build system certainly works (although we
don't use it at ClearOS) and produces packages for EL and 8 and is
preparing for EL9.

The package is only meant for the ClearOS gateway for gateway AV
functions if the gateway is running a proxy, for mail AV and for
scanning the server (largely samba shares). It is not intended for use
on LAN devices or to serve sigs to them.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 17/01/2022 15:26, Andrew C Aitchison wrote:
>
> On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:
>
>>
>>
>> On 17/01/2022 14:33, Andrew C Aitchison wrote:
>> Not quite. I have taken over the packaging of this and the
>> justification of packaging the sigs is partly that the tool will work
>> and scan out of the box, partly for the offline consideration and
>> partly because there will be a delay after installation where ClamAV
>> is installed but not in a running condition. IIRC it won't even start
>> without a database. This means that a yum install will need to pause
>> and run freshclam before it can attempt to start clamd.
>
>> This has knock-on issues and, apparently, it is always best for yum
>> todownload what it needs with yum and not some third party tool.
>
> Last time I looked at the .spec file the signatures were marked
>     %config(noreplace)
> Does that avoid the yum issues ?
>
> I can see the sense in running
>     freshclam --datadir=...
> (or cvdupdate) in the
> %prep or %build section of clamav.spec
> rather than in the %post.
>
> Or even have two sub-packages clamav-db-large and clamav-db-small
> both providing clamav-db ? -large has the files and -small has the %post
> script.
>
I give up. This is like pushing water up hill. There is no sensible way
of building the packages in one pass which allows me to package the sigs
automatically. It looks like Cisco will block you if you try to down
load anything and fighting Cisco or trying to get them to change is a
total waste of effort.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

>On 17/01/2022 15:26, Andrew C Aitchison wrote:
>>
>>On Mon, 17 Jan 2022, Nick Howitt via clamav-users wrote:
>>
>>>
>>>
>>>On 17/01/2022 14:33, Andrew C Aitchison wrote:
>>>Not quite. I have taken over the packaging of this and the
>>>justification of packaging the sigs is partly that the tool will
>>>work and scan out of the box, partly for the offline consideration
>>>and partly because there will be a delay after installation where
>>>ClamAV is installed but not in a running condition. IIRC it won't
>>>even start without a database. This means that a yum install will
>>>need to pause and run freshclam before it can attempt to start
>>>clamd.
>>
>>>This has knock-on issues and, apparently, it is always best for
>>>yum todownload what it needs with yum and not some third party
>>>tool.
>>
>>Last time I looked at the .spec file the signatures were marked
>> ????%config(noreplace)
>>Does that avoid the yum issues ?
>>
>>I can see the sense in running
>> ????freshclam --datadir=...
>>(or cvdupdate) in the
>>%prep or %build section of clamav.spec
>>rather than in the %post.
>>
>>Or even have two sub-packages clamav-db-large and clamav-db-small
>>both providing clamav-db ? -large has the files and -small has the
>>%post script.

On 17.01.22 16:30, Nick Howitt via clamav-users wrote:
>I give up. This is like pushing water up hill. There is no sensible
>way of building the packages in one pass which allows me to package
>the sigs automatically. It looks like Cisco will block you if you try
>to down load anything and fighting Cisco or trying to get them to
>change is a total waste of effort.

cisco does that because of multiple times explained reason.
you are supposed to download with freshclam or use cvdupdate.
that's the only optimisation cisco gives us. all other used to overload the
mirrors.


--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> On Jan 17, 2022, at 2:03 PM, Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
>
> On 17.01.22 16:30, Nick Howitt via clamav-users wrote:
>> I give up. This is like pushing water up hill. There is no sensible way of building the packages in one pass which allows me to package the sigs automatically. It looks like Cisco will block you if you try to down load anything and fighting Cisco or trying to get them to change is a total waste of effort.
>
> cisco does that because of multiple times explained reason.
> you are supposed to download with freshclam or use cvdupdate.
> that's the only optimisation cisco gives us. all other used to overload the
> mirrors.

This. X 1000. Cisco provides two tools to do this. Both tools work perfectly fine. There is actually no other reason to reinvent the wheel, Cisco has done it twice for you already.