[clamav-users] VirusDB Updates Broken?
Paul Kosinski
clamav-users at iment.com
Wed Jun 27 01:13:42 UTC 2018
My freshclam run a few minutes after my detailed mail worked, and
pulled in a lot of new signatures.
Don't know if the db.us cache purging was the magic or not -- my
earlier tests with db.ca, db.jp etc. all failed -- but now it works.
Great!
On Wed, 27 Jun 2018 00:40:10 +0000
"Joel Esler (jesler)" <jesler at cisco.com> wrote:
> I just purged db.us’s cache. Can you try?
>
> Sent from my iPhone
>
> > On Jun 26, 2018, at 20:24, Paul Kosinski <clamav-users at iment.com>
> > wrote:
> >
> > Joel,
> >
> > Sorry to have been somewhat cryptic: I assumed the context of the
> > posting I was nominally replying to.
> >
> > By "broken", I meant that freshclam cannot retrieve daily.cvd files
> > from the new CloudFlare IPs. In fact, I just now removed
> > mirrors.dat, and all(?) the new CloudFlare IPs report "not
> > synchronized", probably due to the ping.clamav.net failures (see
> > below):
> >
> > WARNING: Mirror 104.16.185.138 is not synchronized.
> > WARNING: Mirror 104.16.186.138 is not synchronized.
> > WARNING: Mirror 104.16.187.138 is not synchronized.
> > WARNING: Mirror 104.16.188.138 is not synchronized.
> > WARNING: Mirror 104.16.189.138 is not synchronized.
> >
> > The command "host -t txt current.cvd.clamav.net" reports as follows:
> >
> > current.cvd.clamav.net descriptive text
> > "0.100.0:58:24699:1530048540:1:63:47550:322"
> >
> > But the freshclam log reports some variant of:
> >
> > Querying daily.0.85.0.0.6810BD8A.ping.clamav.net
> > Can't query daily.0.85.0.0.6810BD8A.ping.clamav.net
> > Giving up on db.us.clamav.net...
> >
> > None of my local recursive DNS, my off-site Web server (in another
> > state), or (apparently) 8.8.8.8 or 8.8.4.4 can resolve
> > daily.0.85.0.0.6810BD8A.ping.clamav.net, but mxtoolbox.com resolves
> > it, (via ns4.clamav.net) to:
> >
> > 5.9.14.57 at Hetzner Online AG (AS24940)
> >
> > Weird.
> >
> > However, it seems I *can* get at the daily.cvd file by means of
> > direct HTTP access to "http://db.us.clamav.net/daily.cvd", which
> > accesses the same CloudFlare IPs that are allegedly "not
> > synchronized".
> >
> > The result of all this confusion is that the last time I got a
> > daily.cvd via freshclam was before CloudFlare:
> >
> > Monday 25 June 2018 at 09:06:26
> > Database updated (6556585 signatures) from db.us.clamav.net (IP:
> > 200.236.31.1)
> >
> > I am going to have to use the direct HTTP until [whenever]?
More information about the clamav-users
mailing list