FW: ClamAV abusers to be blacklisted

[Matt Kettler]

At 01:05 PM 11/10/2004, Julian Field wrote:
>The cron job that runs the autoupdate scripts starts by waiting for a
>random number of minutes, in order to skew the update requests around
>the hour a bit. And then in order to do the clamav update, the
>clamav-autoupdate script uses freshclam, so you just need to configure
>your freshclam correctly.

Also of further note, the clamav guys are only particularly concerned with
people requesting more than once an hour. MailScanner only checks once an
hour, so that's not a problem anyway. The "non-multiple of 10" is a big
nicety, but I don't think they are going to blacklist people for it, and
mailscanner already handles that part too (Way to go Julian!)

That said, even doing it once an hour, it's a lot less load on your system
as well as theirs if you use the DNS query method. So it's probably a good
idea for everyone involved if you check your freshclam.conf for the DNS
setting. (Default for a clean 0.80 install, but an upgrade from 0.7x will
probably have to manually add it)

         DNSDatabaseInfo current.cvd.clamav.net

Really from the sound of it, they've apparently got some people with
unbelievably stupid configurations that are doing full connections faster
than once a minute. Quite frankly, I'm surprised they are being nice enough
to even mention it. I'd have just blacklisted them as hopelessly broken or
as DoS attempts and not bothered to say anything.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).