[sanesecurity] Re: SecuriteInfo Sigs

• From: Arthur Dent <misc.lists@xxxxxxxxxxxxxxxx>
• To: sanesecurity@xxxxxxxxxxxxx
• Date: Tue, 24 Apr 2012 22:11:43 +0100

On Tue, 2012-04-24 at 13:32 -0700, Bill Landry wrote:
> On 4/24/2012 7:54 AM, Arthur Dent wrote:
> > Hello all,
> >
> > I have been using Bill's excellent script for so long now I forgot how I
> > set it up. It *just works*. Recently however I have noticed that I have
> > been getting a lot of curl failures on the various SecuriteInfo sigs.
> >
> > Looking at my clamav-unofficial-sigs.conf I notice that I have the
> > SecuriteInfo downloads set to the (default?) of 4hourly (i.e 6 updates per
> > day).
> >
> > Wondering if there was a problem with the SecuriteInfo server I checked
> > their website. On the front page I noticed to my horror the following
> > statement:
> > "Download
> > WARNING ! DO NOT DOWNLOAD THIS FILE MORE THAN ONCE A DAY. ANY ABUSE =
> > BANNED IP ADDRESS."
> >
> > Have I been banned or is there just a problem with the feed? How can I 
> > check?
> >
> > Thanks for any help or suggestions...
> >
> > Mark
> 
> Mark, Arnaud Jacques (the creator and maintainer of the SecuriteInfo 
> signature databases) is subscribed to this list.  Long ago I exchanged 
> some emails with Arnaud and he was fine with the check interval. 
> Remember, the check interval only looks for new files, it does not 
> download anything unless a file has been updated.  The warning is about 
> constantly downloading files that have not changed, not checking and 
> doing nothing if none of the files has changed.
> 
> Besides, everyone that uses my script would be banned if that were the 
> case.  Look elsewhere for the problem.
> 
> Regards,
> 
> Bill

OK Thanks Bill, It's reassuring to know that the default period is OK.

So is anyone else having this problem? It seems to be the only feed that
I have a problem with. See this extract from the log (since log rotation
on Sunday):
# cat /var/log/clamav-unofficial-sigs.log | grep -i failed
Apr 22 09:12:13 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfobat.hdb update
Apr 22 09:12:29 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfohtml.hdb update
Apr 22 09:12:44 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfooffice.hdb update
Apr 22 15:11:34 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfohtml.hdb update
Apr 22 15:11:49 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfooffice.hdb update
Apr 22 15:12:05 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfosh.hdb update
Apr 22 21:12:02 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfo.hdb update
Apr 22 21:12:17 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfohtml.hdb update
Apr 23 03:12:00 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfodos.hdb update
Apr 23 03:12:17 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfooffice.hdb update
Apr 23 03:12:32 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfosh.hdb update
Apr 23 09:11:35 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo honeynet.hdb update
Apr 23 09:11:51 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfo.hdb update
Apr 23 09:12:06 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfohtml.hdb update
Apr 23 15:12:08 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo honeynet.hdb update
Apr 23 15:12:23 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfo.hdb update
Apr 23 15:12:38 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfohtml.hdb update
Apr 23 21:12:19 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo honeynet.hdb update
Apr 23 21:12:42 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfooffice.hdb update
Apr 24 03:12:24 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfopdf.hdb update
Apr 24 09:11:55 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfodos.hdb update
Apr 24 09:12:11 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfopdf.hdb update
Apr 24 15:12:13 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfooffice.hdb update
Apr 24 15:12:29 WARNING - Failed curl connection to clamav.securiteinfo.com - 
SKIPPED SecuriteInfo securiteinfosh.hdb update

I run the update script from cron every 3 hours (at 11 minutes past the
hour + 60 second randomisation) this means that with the 4 hour minimum
period it would only poll the SecuriteInfo sigs on every second run. As
you can see it fails on *almost* every one - but interestingly not on
every db every time.

Any ideas what I can check?

Thanks again

Mark
 

• References:
  • [sanesecurity] SecuriteInfo Sigs
    • From: Arthur Dent
  • [sanesecurity] Re: SecuriteInfo Sigs
    • From: Bill Landry

Other related posts:

• » [sanesecurity] SecuriteInfo Sigs- Arthur Dent
• » [sanesecurity] Re: SecuriteInfo Sigs- Bill Landry
• » [sanesecurity] Re: SecuriteInfo Sigs - Arthur Dent

1. Home
2. sanesecurity
3. Archive
4. 04-2012

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---