On Tue, 2012-04-24 at 13:32 -0700, Bill Landry wrote: > On 4/24/2012 7:54 AM, Arthur Dent wrote: > > Hello all, > > > > I have been using Bill's excellent script for so long now I forgot how I > > set it up. It *just works*. Recently however I have noticed that I have > > been getting a lot of curl failures on the various SecuriteInfo sigs. > > > > Looking at my clamav-unofficial-sigs.conf I notice that I have the > > SecuriteInfo downloads set to the (default?) of 4hourly (i.e 6 updates per > > day). > > > > Wondering if there was a problem with the SecuriteInfo server I checked > > their website. On the front page I noticed to my horror the following > > statement: > > "Download > > WARNING ! DO NOT DOWNLOAD THIS FILE MORE THAN ONCE A DAY. ANY ABUSE = > > BANNED IP ADDRESS." > > > > Have I been banned or is there just a problem with the feed? How can I > > check? > > > > Thanks for any help or suggestions... > > > > Mark > > Mark, Arnaud Jacques (the creator and maintainer of the SecuriteInfo > signature databases) is subscribed to this list. Long ago I exchanged > some emails with Arnaud and he was fine with the check interval. > Remember, the check interval only looks for new files, it does not > download anything unless a file has been updated. The warning is about > constantly downloading files that have not changed, not checking and > doing nothing if none of the files has changed. > > Besides, everyone that uses my script would be banned if that were the > case. Look elsewhere for the problem. > > Regards, > > Bill OK Thanks Bill, It's reassuring to know that the default period is OK. So is anyone else having this problem? It seems to be the only feed that I have a problem with. See this extract from the log (since log rotation on Sunday): # cat /var/log/clamav-unofficial-sigs.log | grep -i failed Apr 22 09:12:13 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfobat.hdb update Apr 22 09:12:29 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfohtml.hdb update Apr 22 09:12:44 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfooffice.hdb update Apr 22 15:11:34 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfohtml.hdb update Apr 22 15:11:49 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfooffice.hdb update Apr 22 15:12:05 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfosh.hdb update Apr 22 21:12:02 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfo.hdb update Apr 22 21:12:17 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfohtml.hdb update Apr 23 03:12:00 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfodos.hdb update Apr 23 03:12:17 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfooffice.hdb update Apr 23 03:12:32 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfosh.hdb update Apr 23 09:11:35 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo honeynet.hdb update Apr 23 09:11:51 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfo.hdb update Apr 23 09:12:06 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfohtml.hdb update Apr 23 15:12:08 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo honeynet.hdb update Apr 23 15:12:23 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfo.hdb update Apr 23 15:12:38 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfohtml.hdb update Apr 23 21:12:19 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo honeynet.hdb update Apr 23 21:12:42 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfooffice.hdb update Apr 24 03:12:24 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfopdf.hdb update Apr 24 09:11:55 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfodos.hdb update Apr 24 09:12:11 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfopdf.hdb update Apr 24 15:12:13 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfooffice.hdb update Apr 24 15:12:29 WARNING - Failed curl connection to clamav.securiteinfo.com - SKIPPED SecuriteInfo securiteinfosh.hdb update I run the update script from cron every 3 hours (at 11 minutes past the hour + 60 second randomisation) this means that with the 4 hour minimum period it would only poll the SecuriteInfo sigs on every second run. As you can see it fails on *almost* every one - but interestingly not on every db every time. Any ideas what I can check? Thanks again Mark