Let me get with our ops team.
Sent from my iPad On Sep 6, 2016, at 4:38 PM, Can Altineller <altinel...@gmail.com<mailto:altinel...@gmail.com>> wrote: Hello, I am the administrator of emeksensin.com<http://emeksensin.com>, a turkish arts and crafts web site. For some reason, we are getting requests from clamav users / or clients. I emailed the clamav developers group, years ago, like two years ago, telling them about the problem. I got no reply. I recently noticed an anomally with our internal log analysis software and I noticed that the problem still persist. I had thought this was some temporary forgot by someone at clamav but it seems that either this is not the case, or maybe someone coded a hardware with clamav perhaps? This issue has been brought up before at: http://lists.clamav.net/pipermail/clamav-users/2015-November/002020.html The weblogs look like this: emeksensin.com:80<http://emeksensin.com:80> 71.144.32.150 - - [31/Jul/2016:06:37:35 +0300] "GET /daily-22000.cdiff HTTP/1.0" 301 - "-" "clamav/0.94.1 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)" "-" emeksensin.com:80<http://emeksensin.com:80> 71.144.32.150 - - [31/Jul/2016:06:37:36 +0300] "GET /daily.cvd HTTP/1.0" 301 - "-" "clamav/0.94.1 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)" "-" emeksensin.com:80<http://emeksensin.com:80> 71.57.125.225 - - [31/Jul/2016:06:37:37 +0300] "GET /daily-22000.cdiff HTTP/1.0" 301 - "-" "ClamAV/devel-clamav-0.97-567-gb047bc0 (OS: win32, ARCH: i386, CPU: i386)" "-" emeksensin.com:80<http://emeksensin.com:80> 173.164.65.200 - - [31/Jul/2016:06:37:38 +0300] "GET /daily-22000.cdiff HTTP/1.0" 301 - "-" "ClamAV/devel-clamav-0.96 (OS: win32, ARCH: i386, CPU: i386)" "-" A normal request to the same resource looks like this: (our site returns 404) emeksensin.com:80<http://emeksensin.com:80> xxx.xxx.xxx.xxx - - [06/Sep/2016:23:22:37 +0300] "GET /main.cvd HTTP/1.1" 404 836 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/51.0.2704.79 Chrome/51.0.2704.79 Safari/537.36" " What can we do about this? If there are some people to work out on the problem, I could assist by providing tcpdumps of the packets in question, or I could program a special servlet returning an empty file or some special response or redirect. Best regards, C.A. _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml