On Mon, 20 Sep 2021 08:18:01 +0100 (BST) "G.W. Haywood via clamav-users" <clamav-users@lists.clamav.net> wrote:
> Hi there, > > On Sun, 19 Sep 2021, Gregory Poveda via clamav-users wrote: > > > I have several QNAPs > > It might be worth searching for 'QNAP' in the list archives. At least > some of those devices will struggle to run ClamAV - or rather, ClamAV > out of the box - for lack of memory. > > > on a locked down network that have the Clamav.net antivirus package/ > > software installed. Something changed on the 16th and I have been > > unable to get updates. I have an ACL that blocks all traffic on this > > network unless I define its IPs/DNS addresses. I had set the two DNS > > addresses that I had detected back in March in the ACL, those are as > > follows: clamav.net (199.62.84.153) which appears to check if the > > database as an update and database.clamav.net (198.148.79.54) which > > has the update file. > > If you don't mind my saying so, that's a fragile setup. IPs can and > do change without notice. > > > Did the DNS names change or has the database stopped providing > > updates? > > Check the very recent thread "Virus DB updates?". ===================== Using an ACL mechanism that uses DNS names to allow outbound traffic strikes me as also a setup that is either fragile or very slow. Either it does a DNS lookup when started, so if the DNS->IP map changes while it's running, you lose. Or it does a reverse DNS (PTR) lookup for every outbound SYN to see if it's OK, and it's slow. In my case, I use iptables (on Linux) to block almost all outbound TCP from select servers, and I use two IP addresses (only) to allow ClamAV update traffic, from/to freshclam. These two IPs are Anycast addresses, and have been unchanged for well over 2 years. (Anycast addresses don't have to change even if the physical servers change, that's their point!) They are: 104.16.218.84 104.16.219.84 I don't know if they are appropriate for non-freshclam ways of obtaining the updates, e.g., updating a mirror. (And I don't know if they work world-wide.) _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
