FW: ClamAV abusers to be blacklisted

DNSAdmin dnsadmin at 1BIGTHINK.COM
Wed Nov 10 19:24:40 GMT 2004


Hello All,

Thanks for the info AND the EXPLANATION. I might have skipped setting this
without the explanation and the background.

Cheers,
Glenn

At 01:59 PM 11/10/2004, you wrote:

>At 01:05 PM 11/10/2004, Julian Field wrote:
>>The cron job that runs the autoupdate scripts starts by waiting for a
>>random number of minutes, in order to skew the update requests around
>>the hour a bit. And then in order to do the clamav update, the
>>clamav-autoupdate script uses freshclam, so you just need to configure
>>your freshclam correctly.
>
>Also of further note, the clamav guys are only particularly concerned with
>people requesting more than once an hour. MailScanner only checks once an
>hour, so that's not a problem anyway. The "non-multiple of 10" is a big
>nicety, but I don't think they are going to blacklist people for it, and
>mailscanner already handles that part too (Way to go Julian!)
>
>That said, even doing it once an hour, it's a lot less load on your system
>as well as theirs if you use the DNS query method. So it's probably a good
>idea for everyone involved if you check your freshclam.conf for the DNS
>setting. (Default for a clean 0.80 install, but an upgrade from 0.7x will
>probably have to manually add it)
>
>         DNSDatabaseInfo current.cvd.clamav.net
>
>Really from the sound of it, they've apparently got some people with
>unbelievably stupid configurations that are doing full connections faster
>than once a minute. Quite frankly, I'm surprised they are being nice enough
>to even mention it. I'd have just blacklisted them as hopelessly broken or
>as DoS attempts and not bothered to say anything.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
http://www.sng.ecs.soton.ac.uk/mailscanner/
Configuration by Glenn Parsons dnsadmin-at-1bigthink.com


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

    [ Part 2: "Attached Text" ]


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.788 / Virus Database: 533 - Release Date: 11/1/2004

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).



More information about the MailScanner mailing list