On Mon, 15 Dec 2008, Mike Cardwell wrote:
> neil wrote:
>> Hi;
>> Apologies for the off topic post or if it is old news, but though it
>> may be of interest to people.
>> *
>> 14-12-08
>> "Sanesecurity signatures are no longer being updated or distributed* due
>> to extremely high server resource usage, which appears to be from a
>> distributed denial of service attack (DDoS)."
>> http://sanesecurity.com/clamav/
>
> Oh. :( I wondered why that was happening. Is there nobody here that can
> offer any "DoS proof" hosting for him?
>
>> They were unavailable last week, but a 404 page was being returned which
>> caused clam to b0rk. I removed the cron in the hope that it was a temp
>> issue, but it appears not.
>> You may want to check to see if clam is still working if you use these sigs.
>
> Hmm. If that caused clam to break, then the script you're using is not
> very well written. I wrote the below script to download clam sigs and
> have been using it on several systems for over a year now. It uses
> clamscan to verify that the signature file is valid before passing it to
> clamav. Also, it does a HEAD before the GET, and doesn't GET the
> signature if it's last modified time hasn't updated since the last download:
>
> https://secure.grepular.com/projects/clamav_sanesecurity-v0.1.txt
I'm using something similar here. I just did a manual run and it is
currently working:
smtpgate# ./update_sane_security --all
MSRBL-Images.hdb appears to have changed, moving to destination
phish.ndb appears to have changed, moving to destination
scam.ndb appears to have changed, moving to destination
smtpgate# ls -l /var/db/clamav/
total 42248
-rw-r--r-- 1 root wheel 12827 Dec 15 15:53 MSRBL-Images.hdb
...
-rw-r--r-- 1 root wheel 211 Dec 15 13:40 phish.ndb
-rw-r--r-- 1 root wheel 211 Dec 15 13:41 scam.ndb
