[clamav-users] Mirror redirect to emeksensin.com
Al Varnell
alvarnell at mac.com
Tue Nov 10 22:39:18 UTC 2015
Not sure what you reason for trying to reach that mirror from your browser, but if you are experiencing a problem with it then a better method might be to use the following Terminal command to see what your history with that site has been:
/usr/local/clamXav/bin/freshclam --list-mirrors
In my case I get:
> -------------------------------------
> Mirror #7
> IP: 78.46.84.244
> Successes: 0
> Failures: 5
> Last access: Fri Nov 6 18:04:32 2015
> Ignore: Yes
> -------------------------------------
which does appear to confirm problems with that server and it’s been temporarily marked “Ignore” for me. I would have to guess that it’s no longer a valid clamav.net mirror server.
ClamAV used to have a site where you could check the integrity of all mirror sites by country, but that page was taken down with a promise to replace it with something more useful, but that doesn’t seem to have happened. I found it very useful in such cases as it told me immediately if a server was down or out-of-date so I could then contact their network administrator directly about it.
-Al-
On Tue, Nov 10, 2015 at 02:14 PM, Derek Smith wrote:
>
> I should have included it in my first message. The IP for emeksensin.com is 78.46.82.212
> Sorry for the dump of data below. It is just a GET to database.clamav.net that is redirected and then the 404 response from emeksensin.com.
>
> Here is the redirect:
> {
> dest_ip: 78.46.84.244
> dest_port: 80
> event_type: http
> flow_id: 139820056902992
> http: { [-]
> hostname: database.clamav.net
> http_method: GET
> http_user_agent: Wget/1.14 (linux-gnu)
> length: 0
> protocol: HTTP/1.1
> redirect: http://emeksensin.com/safebrowsing.cvd
> status: 301
> tx_id: 0
> url: /safebrowsing.cvd
> }
> in_iface: eth2
> proto: TCP
> src_ip: _X_
> src_port: 60435
> timestamp: 2015-11-06T09:08:59.585958-0600
> vlan: 101
> }
>
> A request is then made to emeksensin:
> { [-]
> dest_ip: 78.46.82.212
> dest_port: 80
> event_type: http
> flow_id: 139820052238112
> http: { [-]
> hostname: emeksensin.com
> http_content_type: text/html
> http_method: GET
> http_user_agent: Wget/1.14 (linux-gnu)
> length: 846
> protocol: HTTP/1.1
> status: 404
> tx_id: 0
> url: /safebrowsing.cvd
> }
> in_iface: eth2
> proto: TCP
> src_ip:_X_
> src_port: 40262
> timestamp: 2015-11-06T09:08:59.932296-0600
> vlan: 101
> }
>
> And the response from emeksensin. Looking at the pcap it is just a 404 page with Turkish writing saying something about the page not being found.
> {
> dest_ip: _X_
> dest_port: 40262
> event_type: fileinfo
> fileinfo: {
> filename: /safebrowsing.cvd
> magic: HTML document text
> size: 836
> state: CLOSED
> stored: false
> tx_id: 0
> }
> flow_id: 139820052238112
> http: {
> hostname: emeksensin.com
> http_user_agent: Wget/1.14 (linux-gnu)
> url: /safebrowsing.cvd
> }
> in_iface: eth2
> proto: TCP
> src_ip: 78.46.82.212
> src_port: 80
> timestamp: 2015-11-06T09:09:00.070391-0600
> vlan: 101
> }
>
> Thank you,
> smithd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2366 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20151110/9cd88946/attachment.bin>
More information about the clamav-users
mailing list