Re: [clamav-users] ClamAV® blog: Are you still attempting to download safebrowsing.cvd?

[Micah Snyder (micasnyd) via clamav-users]

So it's actually kinda funny you should ask that.  In 0.103.2 we deprecated the 
SafeBrowsing option in freshclam.conf which means it will no longer add 
safebrowsing to the list of desired databases.  

FreshClam has two options "ExcludeDatabase" and "ExtraDatabase" for 
adding/removing official CVD's to the list of databases to update. In version 
0.102+, FreshClam detects if you have a CVD database in your database directory 
that isn't in the list (eg. because you excluded it, or no longer include an 
"extra" database) and will remove it.  

I didn't realize that deprecating the SafeBrowsing option would cause FreshClam 
to remove the old safebrowsing.cld file until I read your question and the 
thought struck me.  I just tested it now.  I found that in 0.103.2 if you used 
to have safebrowsing.cld (or safebrowsing.cvd), FreshClam will automatically 
remove it for you. 

-Micah

> -Original Message-
> From: clamav-users  On Behalf Of
> Matus UHLAR - fantomas
> Sent: Thursday, April 8, 2021 5:40 AM
> To: clamav-users@lists.clamav.net
> Subject: Re: [clamav-users] ClamAV® blog: Are you still attempting to
> download safebrowsing.cvd?
> 
> >Dne středa 7.  dubna 2021 19:41:34 CEST, Joel Esler (jesler) via
> >clamav-users napsal(a):
> >> > Are you still attempting to download safebrowsing.cvd?
> >> >
> >> >  It has come to our attention that a few of you (about 515,000 of
> >> > you, to  be more accurate), are still attempting to download the
> >> > safebrowsing.cvd  file from the official ClamAV mirrors.  This
> >> > tells us that these  attempted downloads are an installation of
> >> > FreshClam (a non-updated  FreshClam.conf or other script) that have
> >> > not been updated to remove the  safebrowsing database.>
> 
> On 07.04.21 21:04, Vladislav Kurz via clamav-users wrote:
> >These could be Debian users. The debian package offers to enable
> >safebrowsing.cvd, and there is no indication that it is discontinued.
> >Perhaps, if you talk to Debian Clamav maintainers, they could release
> >an update that disables this option without asking ?
> 
> it's disabled by default, but yes, that disabling it unconditionally would be
> good
> 
> The question is, if the old safebrowsing.cld has to be removed if it exists.
> 
> >Anyway I was one of those, and now disabling it everywhere...
> 
> +1
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> 2B|!2B, that's a question!
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: Are you still attempting to download safebrowsing.cvd?

[Joel Esler (jesler) via clamav-users]

On Apr 8, 2021, at 10:06 AM, Vladislav Kurz via clamav-users 
mailto:clamav-users@lists.clamav.net>> wrote:

Dne středa 7. dubna 2021 19:41:34 CEST, Joel Esler (jesler) via clamav-users
napsal(a):
https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.html


Are you still attempting to download safebrowsing.cvd?

and continue to download the safebrowsing.cvd account for nearly 10TB of
traffic a month, just for that file.

As a result, we have put in a block to make any attempts to download the
safebrowsing.cvd result in a 403 error.

How about just making the file empty?
Also I wonder if freshclam does not check if the file has been modified, and
skip the download if not?

We’re actually working on this as we speak


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: Are you still attempting to download safebrowsing.cvd?

[Vladislav Kurz via clamav-users]

Dne středa 7. dubna 2021 19:41:34 CEST, Joel Esler (jesler) via clamav-users 
napsal(a):
> > https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.html
> >  > l>
> > 
> > Are you still attempting to download safebrowsing.cvd?
> > 
> > and continue to download the safebrowsing.cvd account for nearly 10TB of
> > traffic a month, just for that file.
> > 
> > As a result, we have put in a block to make any attempts to download the
> > safebrowsing.cvd result in a 403 error.

How about just making the file empty? 
Also I wonder if freshclam does not check if the file has been modified, and 
skip the download if not?

-- 
Best regards
Vladislav Kurz




___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: Are you still attempting to download safebrowsing.cvd?

[Matus UHLAR - fantomas]

Dne středa 7.  dubna 2021 19:41:34 CEST, Joel Esler (jesler) via
clamav-users napsal(a):

> Are you still attempting to download safebrowsing.cvd?
>
>  It has come to our attention that a few of you (about 515,000 of you, to
>  be more accurate), are still attempting to download the safebrowsing.cvd
>  file from the official ClamAV mirrors.  This tells us that these
>  attempted downloads are an installation of FreshClam (a non-updated
>  FreshClam.conf or other script) that have not been updated to remove the
>  safebrowsing database.>


On 07.04.21 21:04, Vladislav Kurz via clamav-users wrote:

These could be Debian users. The debian package offers to enable
safebrowsing.cvd, and there is no indication that it is discontinued. Perhaps,
if you talk to Debian Clamav maintainers, they could release an update that
disables this option without asking ?


it's disabled by default, but yes, that disabling it unconditionally would
be good

The question is, if the old safebrowsing.cld has to be removed if it exists.


Anyway I was one of those, and now disabling it everywhere...


+1
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, that's a question!

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: Are you still attempting to download safebrowsing.cvd?

[Joel Esler (jesler) via clamav-users]

On Apr 7, 2021, at 3:04 PM, Vladislav Kurz via clamav-users 
mailto:clamav-users@lists.clamav.net>> wrote:

Dne středa 7. dubna 2021 19:41:34 CEST, Joel Esler (jesler) via clamav-users
napsal(a):
https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.html


Are you still attempting to download safebrowsing.cvd?

It has come to our attention that a few of you (about 515,000 of you, to
be more accurate), are still attempting to download the safebrowsing.cvd
file from the official ClamAV mirrors.  This tells us that these
attempted downloads are an installation of FreshClam (a non-updated
FreshClam.conf or other script) that have not been updated to remove the
safebrowsing database.>

Hello,

These could be Debian users. The debian package offers to enable
safebrowsing.cvd, and there is no indication that it is discontinued. Perhaps,
if you talk to Debian Clamav maintainers, they could release an update that
disables this option without asking ?

Anyway I was one of those, and now disabling it everywhere…

Thank you, we will do.

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
https://www.talosintelligence.com | https://www.snort.org | 
https://www.clamav.net

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: Are you still attempting to download safebrowsing.cvd?

[Vladislav Kurz via clamav-users]

Dne středa 7. dubna 2021 19:41:34 CEST, Joel Esler (jesler) via clamav-users 
napsal(a):
> > https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.html
> >  > l>
> > 
> > Are you still attempting to download safebrowsing.cvd?
> > 
> >  It has come to our attention that a few of you (about 515,000 of you, to
> >  be more accurate), are still attempting to download the safebrowsing.cvd
> >  file from the official ClamAV mirrors.  This tells us that these
> >  attempted downloads are an installation of FreshClam (a non-updated
> >  FreshClam.conf or other script) that have not been updated to remove the
> >  safebrowsing database.> 

Hello,

These could be Debian users. The debian package offers to enable 
safebrowsing.cvd, and there is no indication that it is discontinued. Perhaps, 
if you talk to Debian Clamav maintainers, they could release an update that 
disables this option without asking ?

Anyway I was one of those, and now disabling it everywhere...

-- 
Best Regards
Vladislav Kurz




___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] ClamAV® blog: Are you still attempting to download safebrowsing.cvd?

[Joel Esler (jesler) via clamav-users]

> 
> https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.html 
> 
> 
> Are you still attempting to download safebrowsing.cvd?
> 
>  It has come to our attention that a few of you (about 515,000 of you, to be 
> more accurate), are still attempting to download the safebrowsing.cvd file 
> from the official ClamAV mirrors.  This tells us that these attempted 
> downloads are an installation of FreshClam (a non-updated FreshClam.conf or 
> other script) that have not been updated to remove the safebrowsing database.
> 
> We discontinued the distribution of the SafeBrowsing database in November of 
> 2019, as indicated in our blog post 
>  back 
> in June, however these installations of ClamAV that have no updated and 
> continue to download the safebrowsing.cvd account for nearly 10TB of traffic 
> a month, just for that file.
> 
> As a result, we have put in a block to make any attempts to download the 
> safebrowsing.cvd result in a 403 error.
> 
> Please take a look at your FreshClam.conf file, in our upcoming version of 
> ClamAV (0.103.2 and beyond), we have removed all of the code that attempts to 
> download the safebrowsing db from our servers, (so you should update) 
> however, for those of you can't update right away, please find this line:
> 
> SafeBrowsing yes
> 
> In your Freshclam.conf file, and commenting it out like this:
> 
> #SafeBrowsing yes
> 
> Thank you for your support of ClamAV!


signature.asc
Description: Message signed with OpenPGP

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml