[clamav-users] Is ClamAV Community Threat Tracking System down?

Dennis Peterson dennispe at inetnw.com
Sat Mar 19 20:24:58 UTC 2016 

My proxy had stale cache data as shown in the last post and that is why I was 
seeing what appeared to be an active site. I should have explained better in 
that post rather than assume everyone knows what squid logs show us. The stats 
site web server is down but clamav.net DNS is providing the IP to what is now a 
ghost server somewhere in Germany that responds to a ping. That's a bad idea 
because that IP could be repurposed in alarming ways. The clamav.net NS records 
need to be updated to reflect the current configuration - that is to say 
stats.clamav.net along with the www cname should be dropped or repointed to a 
Sourcefire web server page that explains the situation. That's why I say the DNS 
is wonky.

dp

On 3/19/16 1:08 PM, Yuri Voinov wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>   
> Are you really sure this host is works?
>
> root @ cthulhu / # dig www.stats.clamav.net
>
> ; <<>> DiG 9.6-ESV-R11-P4 <<>> www.stats.clamav.net
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37863
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.stats.clamav.net.          IN      A
>
> ;; ANSWER SECTION:
> www.stats.clamav.net.   86400   IN      CNAME   vm01.stats.clamav.net.
> vm01.stats.clamav.net.  86400   IN      A       188.40.140.240
>
> ;; Query time: 547 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Sun Mar 20 02:03:03 ALMT 2016
> ;; MSG SIZE  rcvd: 73
>
> root @ cthulhu / # ping 188.40.140.240
> 188.40.140.240 is alive
> root @ cthulhu / # telnet 188.40.140.240 80
> Trying 188.40.140.240...
> telnet: Unable to connect to remote host: Connection refused
> root @ cthulhu / # telnet 188.40.140.240 443
> Trying 188.40.140.240...
> telnet: Unable to connect to remote host: Connection refused
>
> I remember it uses Open ID as authenthcation.
>
> But this host is not listening port 80 or 443 as shown above.
>
> 19.03.16 21:51, Dennis Peterson ?????:
>> The DNS configuration for www.stats.clamav.net are suspect
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>   
> iQEcBAEBCAAGBQJW7bG3AAoJENNXIZxhPexGkP0IAMW37bTc3/qi3lm4tIHxxUdY
> bNT+JnbEeQmY6XJ7XMnYrL6RxuDsGumk2VgIONg49/arc5o667/ODBxc0/mlXBLr
> W9ELIapF+wSCyUYnH3StkphjeyQyiAWZkgiEkMoZo7RPfghnnt9UbEvIoEcrpd/k
> I6jYZcTAKrruGmm/WqTGYdkziet2Ys4QDGIcjJjY997TUt7/dW6/Nz0Mcxc0qTtc
> /QaywmHEx83Ec0O0tu1YAqkZ7aVQj77IMEVp4jSJo49oGdIon/igyrAmJflSVRTE
> 7Yml/u2ReJEBTfLcYPgx4cvauaEwbxX6DB8m1gH9TvAWdCNcPzcj6npdC687fz8=
> =Vi7E
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list