[clamav-users] Is ClamAV Community Threat Tracking System down?
Dennis Peterson
dennispe at inetnw.com
Sat Mar 19 20:39:14 UTC 2016
It no longer exists by design but the IP is still on an active system just to
confuse things.
dp
On 3/19/16 1:27 PM, Yuri Voinov wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Well, so?
>
> ClamAV Community Threat Tracking System is down?
>
> The answer is yes or no?
>
> 20.03.16 2:24, Dennis Peterson ?????:
>> My proxy had stale cache data as shown in the last post and that is why I was seeing what appeared to
> be an active site. I should have explained better in that post rather
> than assume everyone knows what squid logs show us. The stats site web
> server is down but clamav.net DNS is providing the IP to what is now a
> ghost server somewhere in Germany that responds to a ping. That's a bad
> idea because that IP could be repurposed in alarming ways. The
> clamav.net NS records need to be updated to reflect the current
> configuration - that is to say stats.clamav.net along with the www cname
> should be dropped or repointed to a Sourcefire web server page that
> explains the situation. That's why I say the DNS is wonky.
>> dp
>>
>> On 3/19/16 1:08 PM, Yuri Voinov wrote:
>> root @ cthulhu / # dig www.stats.clamav.net
>>
>> ; <<>> DiG 9.6-ESV-R11-P4 <<>> www.stats.clamav.net
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37863
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;www.stats.clamav.net. IN A
>>
>> ;; ANSWER SECTION:
>> www.stats.clamav.net. 86400 IN CNAME vm01.stats.clamav.net.
>> vm01.stats.clamav.net. 86400 IN A 188.40.140.240
>>
>> ;; Query time: 547 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Sun Mar 20 02:03:03 ALMT 2016
>> ;; MSG SIZE rcvd: 73
>>
>> root @ cthulhu / # ping 188.40.140.240
>> 188.40.140.240 is alive
>> root @ cthulhu / # telnet 188.40.140.240 80
>> Trying 188.40.140.240...
>> telnet: Unable to connect to remote host: Connection refused
>> root @ cthulhu / # telnet 188.40.140.240 443
>> Trying 188.40.140.240...
>> telnet: Unable to connect to remote host: Connection refused
>>
>> I remember it uses Open ID as authenthcation.
>>
>> But this host is not listening port 80 or 443 as shown above.
>>
>> 19.03.16 21:51, Dennis Peterson ?????:
>>>>> The DNS configuration for www.stats.clamav.net are suspect
>>> _______________________________________________
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJW7bYwAAoJENNXIZxhPexGN4wH/AprgR+vBAneOsfGctmeCOkn
> 7nWw9gamyzKkVDCEzRJ6lvRiBajlRmRjvZ5Ma3BZCK3pePBbYvy6pydIrkqK7U0V
> oJ0agg0khGf5PZxhMCGO/7dy/jWagRcdSw+rXIto76yv8jsoFbTZEI60y93HalxT
> SfKlcCtT7DguIosrh4QgA0rbN7At7xLgcndYV4OHgjFRqKyLsfBbVdtMX0hZLfMa
> vvtqNsQ5y/RD6hUwOAnym0R8A1I6MtkFCBbEnrT5gRjgaLsv5eeV++p4o7jt+LTs
> IQbqWMTOE3P/uVdvDWk4r0/kppTWrd18LxqbmZE7iFs4V4GPREKq074bY+n2x0E=
> =4L3E
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list