Re: [exim] OT: sanesecurity.com off line

Pàgina inicial
Delete this message
Reply to this message
Autor: Duane Hill
Data:  
A: exim-users
Assumpte: Re: [exim] OT: sanesecurity.com off line
On Mon, 15 Dec 2008, Mike Cardwell wrote:

> neil wrote:
>> Hi;
>>    Apologies for the off topic post or if it is old news, but though it
>> may be of interest to people.
>> *
>> 14-12-08
>> "Sanesecurity signatures are no longer being updated or distributed* due
>> to extremely high server resource usage, which appears to be from a
>> distributed denial of service attack (DDoS)."
>> http://sanesecurity.com/clamav/

>
> Oh. :( I wondered why that was happening. Is there nobody here that can
> offer any "DoS proof" hosting for him?
>
>> They were unavailable last week, but a 404 page was being returned which
>> caused clam to b0rk. I removed the cron in the hope that it was a temp
>> issue, but it appears not.
>> You may want to check to see if clam is still working if you use these sigs.
>
> Hmm. If that caused clam to break, then the script you're using is not
> very well written. I wrote the below script to download clam sigs and
> have been using it on several systems for over a year now. It uses
> clamscan to verify that the signature file is valid before passing it to
> clamav. Also, it does a HEAD before the GET, and doesn't GET the
> signature if it's last modified time hasn't updated since the last download:
>
> https://secure.grepular.com/projects/clamav_sanesecurity-v0.1.txt


I'm using something similar here. I just did a manual run and it is
currently working:

smtpgate# ./update_sane_security --all
    MSRBL-Images.hdb appears to have changed, moving to destination
    phish.ndb appears to have changed, moving to destination
    scam.ndb appears to have changed, moving to destination


smtpgate# ls -l /var/db/clamav/
total 42248
-rw-r--r--  1 root    wheel      12827 Dec 15 15:53 MSRBL-Images.hdb
...
-rw-r--r--  1 root    wheel        211 Dec 15 13:40 phish.ndb
-rw-r--r--  1 root    wheel        211 Dec 15 13:41 scam.ndb