On Oct 11, 2013, at 12:33 PM, Michael Mather <[email protected]> wrote: > I want freshclam to get its updates through a firewall, and I want just > a few specific IP addresses open for this purpose.
OK. Best way is probably to run freshclam on a DMZ host with limited but functional network access, and then have your secure internal hosts pull updates from that box. > Being in Canada, I propose to code the following lines in > freshclam.conf: > > DatabaseMirror 24.215.0.24 > DatabaseMirror 208.70.244.158 > > and open those addresses on the firewall. > > Q1: Is that good, or should I have more addresses? You shouldn't hardcode IPs which do not belong to you into configs. The reason for this is your Q2: > Q2: How can I anticipate either of those addresses no longer being a > mirror, so that I can make changes? One cannot, at least not without coordinating with the owner of that IP. > Q3: What to do about the line: > DNSDatabaseInfo current.cvd.clamav.net Make sure DNS is working properly? For sufficiently paranoid setups, a local caching-only DNS server acting for your internal clients is better than permitting more open DNS access. Regards, -- -Chuck _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
