Re: [clamav-users] Server inside DMZ - No internet access - Howto update definitions
Plus the diff files, if you are using freshclam. We much prefer that you download using freshclam, so that diff Cvds are available. Saves on bandwidth. Sent from my iPhone On Jun 19, 2018, at 07:45, SCOTT PACKARD wrote: >> Is there a way that I can copy the files from another server internal to the >> network out to the server in the DMZ? Without running freshclam to update? >> And just reload clamd? > > Seem like you could copy the files from another server that can pull them. > daily.cvd > main.cvd > bytecode.cvd (though probably not using that one) > > Mine are in /var/lib/clamav. That is set with "DatabaseDirectory". > > Regards, Scott > > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Server inside DMZ - No internet access - Howto update definitions
On Tue, Jun 19, 2018 at 03:44:03AM +, Webster, Matt (PIRSA) (matt.webs...@sa.gov.au) wrote: > Hi All, > > Currently have a RHEL server in a DMZ segment, where direct internet access > is not permitted. I have installed clamd on the host to be able to perform on > access scanning of documents uploaded through web based forms. The problem > is, what can I do to update the definitions so that the latest threat data is > being used in said scans? So the server must have some connection, otherwise the docs would not end up on that machine - so you could get the files from another mailserver on your network using rsync in an hourly cron job to do this: cd /var/lib/clamav rsync -av THEOTHERSERVER:/var/lib/clamav/ . Jobst -- | |0| | Jobst Schmalenbach, General Manager | | |0| Barrett & Sales Essentials |0|0|0| +61 3 9533 , POBox 277, Caulfield South, 3162, Australia ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Server inside DMZ - No internet access - Howto update definitions
> Is there a way that I can copy the files from another server internal to the > network out to the server in the DMZ? Without running freshclam to update? > And just reload clamd? Seem like you could copy the files from another server that can pull them. daily.cvd main.cvd bytecode.cvd (though probably not using that one) Mine are in /var/lib/clamav. That is set with "DatabaseDirectory". Regards, Scott ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Server inside DMZ - No internet access - Howto update definitions
As long as I’ve been reading similar questions here, I don't recall any solution other than the three choices for using a Private Mirror. Note that freshclam normally will initially use wget to obtain updates, resorting to http only when that fails. Sent from my iPad -Al- On Jun 18, 2018, at 20:44, Webster, Matt (PIRSA) wrote: > Hi All, > > Currently have a RHEL server in a DMZ segment, where direct internet access > is not permitted. I have installed clamd on the host to be able to perform on > access scanning of documents uploaded through web based forms. The problem > is, what can I do to update the definitions so that the latest threat data is > being used in said scans? > > I doubt that tcp/53 will be permitted out of the firewall to do the latest > DNS checks and not sure if I can gain access to be able to whitelist the .au > mirrors of: > > $ host db.au.clamav.net > db.au.clamav.net is an alias for db.au.clamav.net.cdn.cloudflare.net. > db.au.clamav.net.cdn.cloudflare.net has address 104.16.186.138 > db.au.clamav.net.cdn.cloudflare.net has address 104.16.187.138 > db.au.clamav.net.cdn.cloudflare.net has address 104.16.188.138 > db.au.clamav.net.cdn.cloudflare.net has address 104.16.189.138 > db.au.clamav.net.cdn.cloudflare.net has address 104.16.185.138 > > Is there a way that I can copy the files from another server internal to the > network out to the server in the DMZ? Without running freshclam to update? > And just reload clamd? > > I did investigate the PrivateMirror and DatabaseMirror options, but as this > is the same protocol going out as coming in with the requests, I doubt > security will permit HTTP traffic to an internal host as it does not pass the > protocol separation requirements. > > Any ideas of options? > > Cheers and thanks ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml