FW: ClamAV abusers to be blacklisted
Julian Field
mailscanner at ecs.soton.ac.uk
Wed Nov 10 18:05:27 GMT 2004
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
The cron job that runs the autoupdate scripts starts by waiting for a
random number of minutes, in order to skew the update requests around
the hour a bit. And then in order to do the clamav update, the
clamav-autoupdate script uses freshclam, so you just need to configure
your freshclam correctly.
Nathan Johanson wrote:
>Thought I would attach a post from the SA mailing list. Just curious if
>MailScanner's autoupdate script for ClamAV takes this into
>consideration?
>
>-Nathan
>
><==SNIP==>
>
>Just a heads-up for the ClamAV users on the list:
>
><http://sourceforge.net/forum/forum.php?thread_id=1174326&forum_id=42049
>2>
>
>People who are hammering the database servers too frequently risk being
>blacklisted. The latest freshclam supports a DNS-based check that's much
>
>nicer to the servers, so use that if you can.
>
>Posted By: nervoso
>Date: 2004-11-05 12:25
>Summary: Fix your freshclam setup or get blacklisted
>We are seeing a lot of useless traffic on our mirror servers.
>It looks like there are many broken freshclam clients still running.
>
>Once again, we urge you to upgrade to ClamAV 0.80 and take advantage of
>the new DNSDatabaseInfo option, which allows to check for a new version
>of the database with a single DNS query. Verify that your freshclam.conf
>contains:
>
>DNSDatabaseInfo current.cvd.clamav.net
>
>Check out the doc for more info.
>
>Unless you are using DNSDatabaseInfo, please keep the check frequency
>below once per hour.
>
>1) if you run freshclam from crontab, check that you have an entry like
>the following:
>
>N * * * * /usr/local/bin/freshclam --quiet
>
>where N is a random integer between 3 and 57 and is not a multiple of
>10.
>
>Do NOT use anything like this:
>
>* * * * * /usr/local/bin/freshclam --quiet
>*/N * * * * /usr/local/bin/freshclam --quiet
>
>2) if you run freshclam from crontab, make sure that you are
>_not_ using the -d flag (see the manpage for more info).
>
>Abusing clients will be added to a black list and won't be able to
>download our database anymore.
>
>
--
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
More information about the MailScanner
mailing list