Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

2018-07-05 Thread Joel Esler (jesler)
For the people who have this issue, can you change your mirror to "database.clamav.net" and see if this error occurs any more? -- Joel Esler Sr. Manager Open Source, Design, Web, and Education Talos Group http://www.talosintelligence.com On Jul 2, 2018, at 10:22 AM,

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

2018-07-05 Thread Joel Esler (jesler)
I have an idea which I have relayed to the ops team. When they put my idea in place, we'll see if that clears up the last remaining issue (which is the "Mirror is out of date!" warning.) > On Jul 5, 2018, at 2:06 PM, Paul Kosinski wrote: > > Mirrors should support a well-defined protocol.

Re: [clamav-users] update report

2018-07-05 Thread Micah Snyder
Sorry for the delayed response, all: The issue facing those without IPv6 compatible hardware or networks came to light earlier in the CloudFlare mirror-transition. A ticket that both alerted us to the issue and provided a fix was prvoided in a bug courtesy of Guilherme Benkenstein:

Re: [clamav-users] CVE verification

2018-07-05 Thread Micah Snyder
Hello, Apologies for the delay. I believe you also asked this question in #clamav in IRC as well. It is not 100% clear if the CVE's in question affect ClamAV because unrar diverged from the version we package with clamav as "libclamunrar" when they rewrote their C library in C++. It's

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

2018-07-05 Thread Paul Kosinski
Mirrors should support a well-defined protocol. Using an ill-defined protocol which only works with a particular tool is not, in my mind, consistent with the spirit of Open Source. I've been perfectly happy (until the recent sync failures, at least) using freshclam, which is Open Source like the

Re: [clamav-users] Is ClamAV available on the hypervisor?

2018-07-05 Thread Joel Esler (jesler)
ClamAV is not for traffic. Snort is for traffic. (www.snort.org) On Jul 5, 2018, at 12:52 PM, Paul Kosinski mailto:clamav-us...@iment.com>> wrote: "* If the question is about using ClamAV to analyze traffic then no, that is not the function of ClamAV. ClamAV analyzes

Re: [clamav-users] Is ClamAV available on the hypervisor?

2018-07-05 Thread Paul Kosinski
"* If the question is about using ClamAV to analyze traffic then no, that is not the function of ClamAV. ClamAV analyzes files, not traffic." I use HAVP to scan HTTP traffic, and it uses libclamav and thus ClamAV signatures etc. The future development of HAVP is uncertain,but it still seems to

Re: [clamav-users] Is ClamAV available on the hypervisor?

2018-07-05 Thread Reindl Harald
Am 05.07.2018 um 07:59 schrieb 조정환: > Hello, I am using ClamAV for my organization, but I am using it only on > the VM server. > > Here is the question. > >   > > 1. My supervisor asks, "Is ClamAV available on the hypervisor?" > > I can not answer the question of what other VM servers do

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

2018-07-05 Thread Reindl Harald
Am 04.07.2018 um 17:26 schrieb Paul Kosinski: > Using DNS TXT records is great when they work, but a bandwidth disaster > when they don't. > > I don't think Cloudflare per se is the problem -- I think having > different computers serving the DNS vs the big files is the problem. > Back in the

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

2018-07-05 Thread Reindl Harald
Am 03.07.2018 um 22:51 schrieb Joel Esler (jesler): >> On Jul 3, 2018, at 4:46 PM, Reindl Harald > > wrote: >> >> Am 03.07.2018 um 22:42 schrieb Joel Esler (jesler): On Jul 3, 2018, at 3:59 PM, Reindl Harald >>>

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

2018-07-05 Thread Reindl Harald
Am 03.07.2018 um 18:39 schrieb Joel Esler (jesler): >> On Jul 2, 2018, at 1:17 PM, Reindl Harald > > wrote: >> >> on a typical setup freshclam is running once or twice *daily* while a >> webserver these days can spit out the same small static txt file many >>

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

2018-07-05 Thread Reindl Harald
Am 03.07.2018 um 18:28 schrieb Paul Kosinski: > It's not a matter of using DNS TXT records, it's a matter of sourcing > them on a *different* computer than the actual files. This separation > virtually begs for synchronization problems. it is! simply because DNS knowns nothing about your

Re: [clamav-users] Is ClamAV available on the hypervisor?

2018-07-05 Thread Tilman Schmidt
These are strange questions. Am 05.07.2018 um 07:59 schrieb "조정환": > Hello, I am using ClamAV for my organization, but I am using it only on > the VM server. I assume that by "the VM server" you mean a server which is running as a virtual machine, or perhaps even several of them. If not, please

Re: [clamav-users] Is ClamAV available on the hypervisor?

2018-07-05 Thread Remi Bruggeman
Hello 조정환, What type of hypervisor are we talking about? Depending on the hypervisor ClamAV could be installed, but I would certainly not recommend this. It would be better to block remote access to it so no bad actors can get near it. Can you be a bit more specific on question2? You went to

[clamav-users] Is ClamAV available on the hypervisor?

2018-07-05 Thread 조정환
Hello, I am using ClamAV for my organization, but I am using it only on the VM server.Here is the question. 1. My supervisor asks, "Is ClamAV available on the hypervisor?"I can not answer the question of what other VM servers do when the hypervisor gets infected? 2. I was asked if there is a