[clamav-users] DNS Caching Problem AGAIN with current.cvd.clamav.net?
Al Varnell
alvarnell at mac.com
Tue May 16 21:34:52 UTC 2017
I am not understanding your point here. Where are you seeing an indication that the database had been updated at the time you wrote? The first indication of an update was an email announcing daily 23390 at 8:30am PDT, about four hours after you posted and almost 30 hours after the previous daily update. That would seem to indicate a problem or delay with updates, rather than a DNS Caching issue.
-Al-
--
Al Varnell
Mountain View, CA
On May 16, 2017, at 4:33 AM, Andy Schmidt <Andy_Schmidt at HM-Software.com> wrote:
>
> The same problem had been "fixed" a few weeks ago:
>
> http://network-tools.com/nslook/Default.asp?domain=current.cvd.clamav.net
> <http://network-tools.com/nslook/Default.asp?domain=current.cvd.clamav.net&t
> ype=16&server=67.222.132.213&class=1&port=53&timeout=5000&go.x=12&go.y=7>
> &type=16&server=67.222.132.213&class=1&port=53&timeout=5000&go.x=12&go.y=7
>
> current.cvd.clamav.net reports:
>
> "0.99.2:57:23389:1494930680:1:63:45940:300"
>
> not just with my local DNS - but even the above public lookup.
> Consequently, virus databases are 25+ hours OUTDATED and FreshClam won't
> pick up recent ones!
>
> clamscan -V :
> ClamAV 0.99.2/23389/Mon May 15 04:57:48 2017
>
> freshclam log :
> Tue May 16 06:29:19 2017 -> --------------------------------------
> Tue May 16 06:59:19 2017 -> ClamAV update process started at Tue May 16
> 06:59:19 2017
> Tue May 16 06:59:19 2017 -> main.cvd is up to date (version: 57, sigs:
> 4218790, f-level: 60, builder: amishhammer)
> Tue May 16 06:59:19 2017 -> daily.cld is up to date (version: 23389, sigs:
> 2071687, f-level: 63, builder: neo)
> Tue May 16 06:59:19 2017 -> safebrowsing.cld is up to date (version: 45940,
> sigs: 2889021, f-level: 63, builder: google)
> Tue May 16 06:59:19 2017 -> bytecode.cld is up to date (version: 300, sigs:
> 57, f-level: 63, builder: neo)
> Tue May 16 06:59:19 2017 -> --------------------------------------
>
> So - either there is problem with their DNS server - or there is an
> open/persistent/recurrent problem with whatever process is suppose to
> automatically UPDATE their "current.cvd" TXT record.
> Either way, there appears to be NO simple monitoring app in place that
> simply matches the DNS TXT record to the "real" database level?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20170516/be8e486f/attachment.bin>
More information about the clamav-users
mailing list