On Aug 21, 2018, at 12:32 PM, G.W. Haywood <cla...@jubileegroup.co.uk<mailto:cla...@jubileegroup.co.uk>> wrote:
Hi there, On Tue, 21 Aug 2018, Joel Esler wrote: The amount of people using ClamAV version 0.90 and below is surprising as well. That's not really surprising to me. Most of them probably don't even know that they're running it, and those who do could easily be lying as it's trivial to forge a User-Agent string. Especially given what's happened in the past to users of old versions, if there is any surprise it's that you're still serving files to them. In my view it would be perfectly reasonable to block them. It might even save you some money. We have blocked people that are 0.80 and below, to see if anyone brings it up (to which, I think this list would violently react with something akin to "You are running 13 year old AV?"). No one has, publicly or privately. We'll probably proceed with a blog post stating that we're blocking everyone below the version that introduced diff'ing (0.93.3). Also rate limiting people that are attempting to download the main.cvd every 1 minute has helped. The good news is, the top ten successful download versions (by User-Agent) are within the last 4 or 5 releases. (0.99.4 is our largest deployed version, followed by 0.100.1, for those of you that are curious) -- Joel Esler Sr. Manager Community, Branding, and Open Source Talos Group http://www.talosintelligence.com
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml