On 10/03/2021 22:29, Joel Esler (jesler) via clamav-users wrote:
100 CDIFFs or so behind, and they download it nearly 2k times in a
row? Why? This is not a partial download either. It’s the full
file. Stuck cron?
Who in the past 24 hours has created 22.17M file downloads /all by
themselves/ from a single IP. (The main.cvd btw)
You *may* be forgetting NAT.
Eg, it's possible the first one is a network of a few thousand computers
going through a NAT firewall where each of them has had an old daily.cvd
copied onto them in an internal release cycle or something, so each of
the computers on that network is trying to download a backlog of CDIFFs.
(Or maybe another problem stopping the updates has been discovered and
fixed, or something)
I'm not saying it is, but it may be. If you are only analysing by IP
address, NAT will innocently cause strange results.
--
Paul
--
Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53
Sign up for news & updates at http://www.pscs.co.uk/go/subscribe
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml