FW: ClamAV abusers to be blacklisted

Julian Field mailscanner at ecs.soton.ac.uk
Wed Nov 10 18:05:27 GMT 2004

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

The cron job that runs the autoupdate scripts starts by waiting for a
random number of minutes, in order to skew the update requests around
the hour a bit. And then in order to do the clamav update, the
clamav-autoupdate script uses freshclam, so you just need to configure
your freshclam correctly.

Nathan Johanson wrote:

>Thought I would attach a post from the SA mailing list. Just curious if
>MailScanner's autoupdate script for ClamAV takes this into
>Just a heads-up for the ClamAV users on the list:
>People who are hammering the database servers too frequently risk being
>blacklisted. The latest freshclam supports a DNS-based check that's much
>nicer to the servers, so use that if you can.
>Posted By: nervoso
>Date: 2004-11-05 12:25
>Summary: Fix your freshclam setup or get blacklisted
>We are seeing a lot of useless traffic on our mirror servers.
>It looks like there are many broken freshclam clients still running.
>Once again, we urge you to upgrade to ClamAV 0.80 and take advantage of
>the new DNSDatabaseInfo option, which allows to check for a new version
>of the database with a single DNS query. Verify that your freshclam.conf
>DNSDatabaseInfo current.cvd.clamav.net
>Check out the doc for more info.
>Unless you are using DNSDatabaseInfo, please keep the check frequency
>below once per hour.
>1) if you run freshclam from crontab, check that you have an entry like
>the following:
>N * * * * /usr/local/bin/freshclam --quiet
>where N is a random integer between 3 and 57 and is not a multiple of
>Do NOT use anything like this:
>* * * * * /usr/local/bin/freshclam --quiet
>*/N * * * * /usr/local/bin/freshclam --quiet
>2) if you run freshclam from crontab, make sure that you are
>_not_ using the -d flag (see the manpage for more info).
>Abusing clients will be added to a black list and won't be able to
>download our database anymore.

Julian Field
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

More information about the MailScanner mailing list