Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Untangle Ninja juank's Avatar
    Join Date
    Aug 2007
    Location
    Athens
    Posts
    1,474

    Default SANE Security down...

    SANESECURITY is DOWn...

    ---------
    12/14/08: Sanesecurity signatures are no longer being updated or distributed due to extremely high server resource usage, which appears to be from a distributed denial of service attack (DDoS). I've moved server hosts twice (which takes time) and both times have resulted in the site being suspened.

    As many of you know, I produce the signatures and run the site, in my spare time and with Christmas approaching Iím finding my spare time is currently limited. Hopefully this wonít be the end of the signatures and Iím hoping that they may return in the New Year.

    May I take this opportunity to thank everyone who has helped this project, either by
    providing samples, bandwidth, download scripts or donating.

    Thanks and sorry to let you all down.

    Steve
    Sanesecurity
    http://www.sanesecurity.com/
    ---------------------

    Now I understand why I'm seeing this in my logs...

    Code:
    Dec 17 11:23:25 ut untangle-clamav-config[10564]: Error executing command <<</usr/bin/curl -R -z /var/lib/clamav/scam.ndb.gz -s -o /tmp/untangle-clamav-config.XXhyGGPH/scam.ndb.gz -f -v --referer ;auto --location http://www.sanesecurity.com/clamav/scamsigs/scam.ndb.gz>>>, exit status: 7, output: <<<* About to connect() to www.sanesecurity.com port 80\n*   Trying 91.103.216.238... * Connection refused\n* couldn't connect to host\n* Closing connection #0>>>
    Dec 17 11:23:25 ut untangle-clamav-config[10570]: CURL had a problem getting '/tmp/untangle-clamav-config.XXhyGGPH/scam.ndb.gz' from 'http://www.sanesecurity.com/clamav/scamsigs/scam.ndb.gz', exit status: 7
    Dec 17 11:23:25 ut untangle-clamav-config[10600]: Error executing command <<</usr/bin/curl -R -z /var/lib/clamav/phish.ndb.gz -s -o /tmp/untangle-clamav-config.XXhyGGPH/phish.ndb.gz -f -v --referer ;auto --location http://www.sanesecurity.com/clamav/phishsigs/phish.ndb.gz>>>, exit status: 7, output: <<<* About to connect() to www.sanesecurity.com port 80\n*   Trying 91.103.216.238... * Connection refused\n* couldn't connect to host\n* Closing connection #0>>>
    Dec 17 11:23:25 ut untangle-clamav-config[10606]: CURL had a problem getting '/tmp/untangle-clamav-config.XXhyGGPH/phish.ndb.gz' from 'http://www.sanesecurity.com/clamav/phishsigs/phish.ndb.gz', exit status: 7
    Dec 17 11:23:25 ut untangle-clamav-config[10635]: Error executing command <<</usr/bin/curl -R -z /var/lib/clamav/junk.ndb.gz -s -o /tmp/untangle-clamav-config.XXhyGGPH/junk.ndb.gz -f -v --referer ;auto --location http://www.sanesecurity.com/clamav/junksigs/junk.ndb.gz>>>, exit status: 7, output: <<<* About to connect() to www.sanesecurity.com port 80\n*   Trying 91.103.216.238... * Connection refused\n* couldn't connect to host\n* Closing connection #0>>>
    Dec 17 11:23:25 ut untangle-clamav-config[10641]: CURL had a problem getting '/tmp/untangle-clamav-config.XXhyGGPH/junk.ndb.gz' from 'http://www.sanesecurity.com/clamav/junksigs/junk.ndb.gz', exit status: 7
    Dec 17 11:23:25 ut untangle-clamav-config[10669]: Error executing command <<</usr/bin/curl -R -z /var/lib/clamav/rogue.hdb.gz -s -o /tmp/untangle-clamav-config.XXhyGGPH/rogue.hdb.gz -f -v --referer ;auto --location http://www.sanesecurity.com/clamav/roguesigs/rogue.hdb.gz>>>, exit status: 7, output: <<<* About to connect() to www.sanesecurity.com port 80\n*   Trying 91.103.216.238... * Connection refused\n* couldn't connect to host\n* Closing connection #0>>>
    Dec 17 11:23:25 ut untangle-clamav-config[10675]: CURL had a problem getting '/tmp/untangle-clamav-config.XXhyGGPH/rogue.hdb.gz' from 'http://www.sanesecurity.com/clamav/roguesigs/rogue.hdb.gz', exit status: 7

    So... Untangle guys ... is time to update the untangle-clamav-config script and find an alternative...

    I'll personally miss Steve's work on these rules! They were great!
    --------------------------------
    Juan Machado
    --------------------------------

  2. #2
    Master Untangler
    Join Date
    Aug 2008
    Posts
    970

    Default

    No more ClamAV udpates? First of all, if I read what you say correctly, you deserve a big THANK YOU.

    On another note, Untangle was having a 3rd party keep ClamAV updated on my Untangle boxes? This doesn't sound good.

    Can we get an official answer? Also, what now?

  3. #3
    Untangle Ninja juank's Avatar
    Join Date
    Aug 2007
    Location
    Athens
    Posts
    1,474

    Default

    What are you talking about ?

    Yes, untangle will keep getting CLAMAV updates. Untangle used extra rules for ClamAV from SANESECURITY, one of the BEST places to get confirmed/excellent/perfect extra rules for CLAMAV.


    I was one of the contributors that work on the SANE integration with CLAMAV-UT.
    --------------------------------
    Juan Machado
    --------------------------------

  4. #4
    Master Untangler
    Join Date
    Aug 2008
    Posts
    970

    Default

    Again, thank you for all your contributions. Also, I am coming up to speed and thus all my ? in my post. I think I get it now. ClamAV will continue to function, just not with your SANESECUIRTY rules.

    Thanks again.

  5. #5
    Untangle Ninja juank's Avatar
    Join Date
    Aug 2007
    Location
    Athens
    Posts
    1,474

    Default

    You are correct, hopefully we can find an alternative for SANE... You have no idea how much stuff we blocked with SANE.
    --------------------------------
    Juan Machado
    --------------------------------

  6. #6
    Master Untangler tbelote's Avatar
    Join Date
    Oct 2007
    Posts
    320

    Default

    It looks like SANE Security will now be distributing signatures via an email list. I just signed up for mailing list and will be updating the untangle mirror when I get updates. Version 6.0.2 now uses the Untangle mirror.
    Thomas Belote
    Untangle

  7. #7
    Untangle Ninja juank's Avatar
    Join Date
    Aug 2007
    Location
    Athens
    Posts
    1,474

    Default

    Thanks Thomas. So you guys now have a mirror for the signature? Can you guys help him with the heavy load? I don't know if you know, but it's DOWN again....

    UPDATE: 28/12/08
    Domain was again suspended by my host due to high cpu useage, so I've had to block all download requests, as there are still over 43,000 download per hour for the signaures. Sorry if this breaks peoples clamd process, but my hands are tied.
    --------------------------------
    Juan Machado
    --------------------------------

  8. #8
    Untangle Ninja hescominsoon's Avatar
    Join Date
    Sep 2007
    Posts
    1,708

    Default

    Can somebody put me in touch with him? I may have a hosting solution for sanesecurity but i need to talk to him directly.

  9. #9
    Master Untangler JEllingson's Avatar
    Join Date
    Jan 2008
    Location
    Warner Robins, GA
    Posts
    348

    Default

    I'll have SANESECURITY added to the next revision of the J&J Script. It wasn't hard to add back in. They are using RSYNC now to release the signatures.

    I'll need to either ask the developers, or look into it myself that UT will actually respond appropriately to a hit on a SANESECURITY rule.

  10. #10
    Newbie
    Join Date
    Aug 2008
    Posts
    7

    Default

    throw this in a text file and chmod +x it and run it? or run it as a sh command?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2