search

Cisco-Talos / cvdupdate

ClamAV Private Database Mirror Updater Tool
Apache License 2.0
93 stars 35 forks source link

cvdupdate doesn't work without DNS #30

Closed PaulSD closed 2 years ago

PaulSD commented 3 years ago

My environment uses a proxy for access to the internet, and internet DNS lookups are not permitted except from the proxy itself. (When an HTTP/HTTPS proxy is used, the proxy performs the necessary DNS lookups, and the client does not perform any DNS lookups. So, for most use cases, clients that are behind a proxy don't technically need to be able to perform DNS lookups themselves.)

Looking through the code and history, I see that cvdupdate intentionally doesn't work without DNS, since DNS is being used to reduce the CloudFlare request count: #19 Unfortunately, that makes it incompatible with my environment.

Could an exception be made for environments that do not support DNS? Could dns.txt be posted on database.clamav.net so that cvdupdate could pull down the version numbers with a single HTTP request (as an alternative way to help reduce the CloudFlare request count when DNS is unavailable)?

finchy commented 3 years ago

It is intentionally coded this way. Cvdupdate is meant to fetch from the cdn and re-serve the files to your internal clients.

PaulSD commented 3 years ago

Right, I understand that. But in my environment, cvdupdate needs to run on a server that is behind the proxy and is unable to perform DNS lookups (although it can pull from the CDN via HTTP/HTTPS through the proxy).

Prior to #22, cvdupdate seemed to be able to work without performing DNS lookups. However, after #22 it is no longer able to. I'm asking if an exception can be made or an alternative can be implemented to make this work again without DNS.

finchy commented 3 years ago

Understood. Sorry. Cvdupdate is expressly designed to work with DNS to prevent an unnecessary http connection. Reducing load on the http server.

— Sent from my  iPhone

On Jul 22, 2021, at 19:59, Paul Donohue @.***> wrote:



Right, I understand that. But in my environment, cvdupdate needs to run on a server that is behind the proxy and is unable to perform DNS lookups (although it can pull from the CDN via HTTP through the proxy).

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/Cisco-Talos/cvdupdate/issues/30#issuecomment-885310793, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAPPBRMGRF5KGOP5RIDCQJDTZCWGNANCNFSM5A27U54A.