[clamav-users] VirusDB Updates Broken?
Al Varnell
alvarnell at mac.com
Wed Jun 27 01:14:45 UTC 2018
Worked perfectly from California, but with .cdiff updates, not the entire .cvd.
Let me know if I need to check the .cvd.
-Al-
On Tue, Jun 26, 2018 at 05:40 PM, Joel Esler (jesler) wrote:
> I just purged db.us <http://db.us/>’s cache. Can you try?
>
> Sent from my iPhone
>
>> On Jun 26, 2018, at 20:24, Paul Kosinski <clamav-users at iment.com <mailto:clamav-users at iment.com>> wrote:
>>
>> Joel,
>>
>> Sorry to have been somewhat cryptic: I assumed the context of the
>> posting I was nominally replying to.
>>
>> By "broken", I meant that freshclam cannot retrieve daily.cvd files
>> from the new CloudFlare IPs. In fact, I just now removed mirrors.dat,
>> and all(?) the new CloudFlare IPs report "not synchronized", probably
>> due to the ping.clamav.net <http://ping.clamav.net/> failures (see below):
>>
>> WARNING: Mirror 104.16.185.138 is not synchronized.
>> WARNING: Mirror 104.16.186.138 is not synchronized.
>> WARNING: Mirror 104.16.187.138 is not synchronized.
>> WARNING: Mirror 104.16.188.138 is not synchronized.
>> WARNING: Mirror 104.16.189.138 is not synchronized.
>>
>> The command "host -t txt current.cvd.clamav.net <http://current.cvd.clamav.net/>" reports as follows:
>>
>> current.cvd.clamav.net <http://current.cvd.clamav.net/> descriptive text "0.100.0:58:24699:1530048540:1:63:47550:322"
>>
>> But the freshclam log reports some variant of:
>>
>> Querying daily.0.85.0.0.6810BD8A.ping.clamav.net
>> Can't query daily.0.85.0.0.6810BD8A.ping.clamav.net
>> Giving up on db.us.clamav.net <http://db.us.clamav.net/>...
>>
>> None of my local recursive DNS, my off-site Web server (in another
>> state), or (apparently) 8.8.8.8 or 8.8.4.4 can resolve
>> daily.0.85.0.0.6810BD8A.ping.clamav.net, but mxtoolbox.com <http://mxtoolbox.com/> resolves it,
>> (via ns4.clamav.net <http://ns4.clamav.net/>) to:
>>
>> 5.9.14.57 at Hetzner Online AG (AS24940)
>>
>> Weird.
>>
>> However, it seems I *can* get at the daily.cvd file by means of direct HTTP
>> access to "http://db.us.clamav.net/daily.cvd <http://db.us.clamav.net/daily.cvd>", which accesses the same
>> CloudFlare IPs that are allegedly "not synchronized".
>>
>> The result of all this confusion is that the last time I got a
>> daily.cvd via freshclam was before CloudFlare:
>>
>> Monday 25 June 2018 at 09:06:26
>> Database updated (6556585 signatures) from db.us.clamav.net <http://db.us.clamav.net/> (IP: 200.236.31.1)
>>
>> I am going to have to use the direct HTTP until [whenever]?
>>
>>
>> ------------------------------------
>>
>> On Tue, 26 Jun 2018 20:01:09 +0000
>> "Joel Esler (jesler)" <jesler at cisco.com <mailto:jesler at cisco.com>> wrote:
>>
>>> Define broken in your context? Doesn't have the file? (Humor me, so
>>> I understand from your parlance)
>>>
>>>
>>>
>>>> On Jun 26, 2018, at 2:59 PM, Paul Kosinski <clamav-users at iment.com <mailto:clamav-users at iment.com>>
>>>> wrote:
>>>>
>>>> ALL of the db.xx.clamav.net <http://db.xx.clamav.net/> (plus database.clamav.net <http://database.clamav.net/>) apparently
>>>> point to CloudFlare, and they are ALL broken. (And have been for
>>>> many hours.)
>>>>
>>>>
>>>> On Tue, 26 Jun 2018 11:09:08 -0700
>>>> Dave Warren <dw at thedave.ca <mailto:dw at thedave.ca>> wrote:
>>>>
>>>>> As that is a Cloudflare IP, I believe it possibly could represent
>>>>> one or more backend mirrors as it may return different content
>>>>> depending on the hostname provided.
>>>>>
>>>>>> On Tue, Jun 26, 2018, at 06:41, Robin Bourne wrote:
>>>>>> Joel,
>>>>>>
>>>>>> I'm now getting "WARNING: Mirror 104.16.188.138 is not
>>>>>> synchronized." when using the CDN. Could it be related to the
>>>>>> changes made to fix this as my definitions are 3 revisions out?>
>>>>>> Thanks,
>>>>>>
>>>>>> On 25 June 2018 at 04:28, Joel Esler (jesler)
>>>>>> <jesler at cisco.com <mailto:jesler at cisco.com>> wrote:>> Al,
>>>>>>>
>>>>>>>
>>>>>>> Thanks. We are aware. Looking into it.
>>>>>>>
>>>>>>> Sent from my iPhone
>>>>>>>
>>>>>>>
>>>>>>>> On Jun 24, 2018, at 23:12, Al Varnell <alvarnell at mac.com <mailto:alvarnell at mac.com>> wrote:
>>>>>>>>
>>>>>>>> Yes, but all but one was empty.
>>>>>>>>
>>>>>>>> Sent from my iPad
>>>>>>>>
>>>>>>>> -Al-
>>>>>>>>
>>>>>>>>> On Jun 24, 2018, at 19:42, Paul Kosinski
>>>>>>>>> <clamav-users at iment.com <mailto:clamav-users at iment.com>> wrote:>> >>
>>>>>>>>> I've gotten several daily.cvd updates in that period. They came
>>>>>>>>> from>> >> several IP addresses associated with
>>>>>>>>> from>> >> http://db.us.clamav.net/ <http://db.us.clamav.net/>.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Sun, 24 Jun 2018 18:08:59 -0700
>>>>>>>>> Al Varnell <alvarnell at mac.com <mailto:alvarnell at mac.com>> wrote:
>>>>>>>>>
>>>>>>>>>> Just wanted to point out that there has only been one
>>>>>>>>>> signature
>>>>>>>>>> added>> >>> to the VirusDB by daily updates in the last 32
>>>>>>>>>> added>> >>> hours.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> -Al-
>>
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq <https://github.com/vrtadmin/clamav-faq>
>
> http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml>
-Al-
--
Al Varnell
Mountain View, CA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20180626/79d12d5b/attachment.htm>
More information about the clamav-users
mailing list