I believe the network guru for Sourcefire/ClamAV® is still Ryan Steinmetz <[email protected]>.
On Oct 11, 2013, at 12:33 PM, Michael Mather <[email protected]> wrote: > I want freshclam to get its updates through a firewall, and I want just > a few specific IP addresses open for this purpose. > > Being in Canada, I propose to code the following lines in > freshclam.conf: > > DatabaseMirror 24.215.0.24 > DatabaseMirror 208.70.244.158 > > and open those addresses on the firewall. > > Q1: Is that good, or should I have more addresses? Looks like you are missing at least a couple: $ host db.ca.clamav.net db.ca.clamav.net has address 208.70.244.158 db.ca.clamav.net has address 24.215.0.24 db.ca.clamav.net has address 128.177.8.248 db.ca.clamav.net has address 200.236.31.1 Not sure how it works in Canada, but in the US the list is in constant rotation with six out of seventeen IP's being used at any one time, some being off-shore since there isn't enough capacity from US mirrors. > Q2: How can I anticipate either of those addresses no longer being a > mirror, so that I can make changes? I think you'd need an in with the mirror administrator. I've never seen any traffic on what goes on behind the scenes with the 119 sites in 44 regions other than <http://www.clamav.net/mirrors.html> and even that isn't always completely up-to-date. > Q3: What to do about the line: > DNSDatabaseInfo current.cvd.clamav.net Open port 53/tcp. -Al- -- Al Varnell Mountain View, CA _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
