[clamav-users] VirusDB Updates Broken?

Joel Esler (jesler) jesler at cisco.com
Wed Jun 27 00:40:10 UTC 2018 

I just purged db.us’s cache.  Can you try?

Sent from my iPhone

> On Jun 26, 2018, at 20:24, Paul Kosinski <clamav-users at iment.com> wrote:
> 
> Joel,
> 
> Sorry to have been somewhat cryptic: I assumed the context of the
> posting I was nominally replying to.
> 
> By "broken", I meant that freshclam cannot retrieve daily.cvd files
> from the new CloudFlare IPs. In fact, I just now removed mirrors.dat,
> and all(?) the new CloudFlare IPs report "not synchronized", probably
> due to the ping.clamav.net failures (see below):
> 
>  WARNING: Mirror 104.16.185.138 is not synchronized.
>  WARNING: Mirror 104.16.186.138 is not synchronized.
>  WARNING: Mirror 104.16.187.138 is not synchronized.
>  WARNING: Mirror 104.16.188.138 is not synchronized.
>  WARNING: Mirror 104.16.189.138 is not synchronized.
> 
> The command "host -t txt current.cvd.clamav.net" reports as follows:
> 
>  current.cvd.clamav.net descriptive text "0.100.0:58:24699:1530048540:1:63:47550:322"
> 
> But the freshclam log reports some variant of:
> 
>  Querying daily.0.85.0.0.6810BD8A.ping.clamav.net
>  Can't query daily.0.85.0.0.6810BD8A.ping.clamav.net
>  Giving up on db.us.clamav.net...
> 
> None of my local recursive DNS, my off-site Web server (in another
> state), or (apparently) 8.8.8.8 or 8.8.4.4 can resolve
> daily.0.85.0.0.6810BD8A.ping.clamav.net, but mxtoolbox.com resolves it,
> (via ns4.clamav.net) to:
> 
>  5.9.14.57 at Hetzner Online AG (AS24940)
> 
> Weird.
> 
> However, it seems I *can* get at the daily.cvd file by means of direct HTTP
> access to "http://db.us.clamav.net/daily.cvd", which accesses the same
> CloudFlare IPs that are allegedly "not synchronized".
> 
> The result of all this confusion is that the last time I got a
> daily.cvd via freshclam was before CloudFlare:
> 
>  Monday 25 June 2018 at 09:06:26
>  Database updated (6556585 signatures) from db.us.clamav.net (IP: 200.236.31.1)
> 
> I am going to have to use the direct HTTP until [whenever]?
> 
> 
> ------------------------------------
> 
> On Tue, 26 Jun 2018 20:01:09 +0000
> "Joel Esler (jesler)" <jesler at cisco.com> wrote:
> 
>> Define broken in your context?  Doesn't have the file?  (Humor me, so
>> I understand from your parlance)
>> 
>> 
>> 
>>> On Jun 26, 2018, at 2:59 PM, Paul Kosinski <clamav-users at iment.com>
>>> wrote:
>>> 
>>> ALL of the db.xx.clamav.net (plus database.clamav.net) apparently
>>> point to CloudFlare, and they are ALL broken. (And have been for
>>> many hours.)
>>> 
>>> 
>>> On Tue, 26 Jun 2018 11:09:08 -0700
>>> Dave Warren <dw at thedave.ca> wrote:
>>> 
>>>> As that is a Cloudflare IP, I believe it possibly could represent
>>>> one or more backend mirrors as it may return different content
>>>> depending on the hostname provided.
>>>> 
>>>>> On Tue, Jun 26, 2018, at 06:41, Robin Bourne wrote:
>>>>> Joel, 
>>>>> 
>>>>> I'm now getting "WARNING: Mirror 104.16.188.138 is not
>>>>> synchronized." when using the CDN. Could it be related to the
>>>>> changes made to fix this as my definitions are 3 revisions out?> 
>>>>> Thanks, 
>>>>> 
>>>>> On 25 June 2018 at 04:28, Joel Esler (jesler)
>>>>> <jesler at cisco.com> wrote:>> Al,
>>>>>> 
>>>>>> 
>>>>>> Thanks. We are aware.  Looking into it.  
>>>>>> 
>>>>>> Sent from my iPhone
>>>>>> 
>>>>>> 
>>>>>>> On Jun 24, 2018, at 23:12, Al Varnell <alvarnell at mac.com> wrote:
>>>>>>> 
>>>>>>> Yes, but all but one was empty.
>>>>>>> 
>>>>>>> Sent from my iPad
>>>>>>> 
>>>>>>> -Al-
>>>>>>> 
>>>>>>>> On Jun 24, 2018, at 19:42, Paul Kosinski
>>>>>>>> <clamav-users at iment.com> wrote:>>  >> 
>>>>>>>> I've gotten several daily.cvd updates in that period. They came
>>>>>>>> from>>  >> several IP addresses associated with
>>>>>>>> from>>  >> http://db.us.clamav.net/.
>>>>>>>> 
>>>>>>>> 
>>>>>>>> On Sun, 24 Jun 2018 18:08:59 -0700
>>>>>>>> Al Varnell <alvarnell at mac.com> wrote:
>>>>>>>> 
>>>>>>>>> Just wanted to point out that there has only been one
>>>>>>>>> signature
>>>>>>>>> added>>  >>> to the VirusDB by daily updates in the last 32
>>>>>>>>> added>>  >>> hours.
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> -Al-
> 
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list