Official mirror howto

See http://www.clamav.net/doc/mirrors/

VirtualHost Configuration
For Apache:
<VirtualHost 10.1.2.3> 
  ServerAdmin john@clamav.foo.com 
  DocumentRoot /home/users/clamavdb/public_html 
  ServerName database.clamav.net
  ServerAlias db.*.clamav.net
  ServerAlias clamav.foo.com
 </VirtualHost>
For Nginx:
    server {
        listen       10.1.2.3:80;
        server_name  database.clamav.net ~^db\..*\.clamav\.net clamav.foo.com;

        location / {
          root /home/users/clamavdb/public_html;
          index index.html;
        }
    }
Bandwidth limit

You are encouraged to put some bandwidth limit on your ClamAV mirror vhost.

Many mirror sysadmins running Apache HTTP Server find the Bandwidth Mod useful for this purpose. Here is an example config that will do the following:

  • Limit .cvd downloads to 40KB/s
  • Limit .cdiff downloads to 400KB/s
  • Allow max 50 simultaneous connections
  • Minimum download speed 20KB/s
<IfModule mod_bw>
  BandWidthModule On
  ForceBandWidthModule On
  LargeFileLimit .cvd 1 40000
  LargeFileLimit .cdiff 1 400000
  MaxConnection all 50
  MinBandwidth all 20000
</IfModule>

If run lighttpd und can use the following:

$HTTP["url"] =~ "\.cvd$" {
  server.max-connections = 50
  connection.kbytes-per-second = 40
}
$HTTP["url"] =~ "\.cdiff$" {
  server.max-connections = 50
  connection.kbytes-per-second = 400
}

if run Nginx can use the following(without simultaneous connections limit):

if ( $request_uri ~ "\.cvd$" ) {
       set $limit_rate 40k;
}
if ( $request_uri ~ "\.cdiff$" ) {
       set $limit_rate 400k;
}

Reducing traffic:

BlackList IP addresses of abusers:

We provide a file which lists all the IP addresses that are reported by our mirrors as abusers. The name of the file is local_blacklist_apache and it's written following Apache mod_access syntax. You can easily include it in your .htaccess to automatically blacklist abusers.

BlackList old versions of ClamAV:

We kindly ask our mirrors to support as many old versions of ClamAV as possible. However we understand that this can eat a lot of resources and not every mirror can afford it. Hereby we provide some config. examples for various web servers:

Apache HTTP Server:

SetEnvIfNoCase User-Agent "^clamav/0.6" bad_clamav 
SetEnvIfNoCase User-Agent "^clamav/0.7" bad_clamav
SetEnvIfNoCase User-Agent "^clamav/0.8" bad_clamav
SetEnvIfNoCase User-Agent "^ClamWin/0.6" bad_clamav 
SetEnvIfNoCase User-Agent "^ClamWin/0.7" bad_clamav 
SetEnvIfNoCase User-Agent "^ClamWin/0.8" bad_clamav
SetEnvIfNoCase User-Agent "^clamav/devel-0.8" bad_clamav
SetEnvIfNoCase User-Agent "^clamav/devel-2004" bad_clamav
SetEnvIfNoCase User-Agent "^clamav/devel-2005" bad_clamav
SetEnvIfNoCase User-Agent "^clamav/devel-2006" bad_clamav
SetEnvIfNoCase User-Agent "^clamav/devel-2007" bad_clamav
SetEnvIfNoCase User-Agent "^clamav/devel-2008" bad_clamav
<Location "/">
  Order allow,deny
  Allow from all
  Deny from env=bad_clamav
</Location>

lighttpd:

$HTTP["useragent"] =~ "^clam(av|Win)\/(0.[012345678]|.*devel).*$" {
  url.access-deny = ( "" )
}

Nginx:

if ( $http_user_agent ~* "^clam(av|win)\/(0\.[0-8]|devel-200[0-8]|devel-0\.[0-8]).*$" ) {
  return 404;
}

-- LucaGibelli - 2009-10-12

Topic revision: r9 - 2009-11-14 - 13:52:58 - ZhankaoWEN
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback