[clamav-users] VirusDB Updates Broken?

Wed Jun 27 01:42:27 UTC 2018

Db.us<http://Db.us> should be good on both now.

Sent from my iPhone

On Jun 26, 2018, at 21:15, Al Varnell <alvarnell at mac.com<mailto:alvarnell at mac.com>> wrote:

Worked perfectly from California, but with .cdiff updates, not the entire .cvd.

Let me know if I need to check the .cvd.

-Al-

On Tue, Jun 26, 2018 at 05:40 PM, Joel Esler (jesler) wrote:
I just purged db.us<http://db.us/>’s cache.  Can you try?

Sent from my iPhone

On Jun 26, 2018, at 20:24, Paul Kosinski <clamav-users at iment.com<mailto:clamav-users at iment.com>> wrote:

Joel,

Sorry to have been somewhat cryptic: I assumed the context of the
posting I was nominally replying to.

By "broken", I meant that freshclam cannot retrieve daily.cvd files
from the new CloudFlare IPs. In fact, I just now removed mirrors.dat,
and all(?) the new CloudFlare IPs report "not synchronized", probably
due to the ping.clamav.net<http://ping.clamav.net> failures (see below):

WARNING: Mirror 104.16.185.138 is not synchronized.
WARNING: Mirror 104.16.186.138 is not synchronized.
WARNING: Mirror 104.16.187.138 is not synchronized.
WARNING: Mirror 104.16.188.138 is not synchronized.
WARNING: Mirror 104.16.189.138 is not synchronized.

The command "host -t txt current.cvd.clamav.net<http://current.cvd.clamav.net>" reports as follows:

current.cvd.clamav.net<http://current.cvd.clamav.net> descriptive text "0.100.0:58:24699:1530048540:1:63:47550:322"

But the freshclam log reports some variant of:

Querying daily.0.85.0.0.6810BD8A.ping.clamav.net
Can't query daily.0.85.0.0.6810BD8A.ping.clamav.net
Giving up on db.us.clamav.net<http://db.us.clamav.net>...

None of my local recursive DNS, my off-site Web server (in another
state), or (apparently) 8.8.8.8 or 8.8.4.4 can resolve
daily.0.85.0.0.6810BD8A.ping.clamav.net, but mxtoolbox.com<http://mxtoolbox.com> resolves it,
(via ns4.clamav.net<http://ns4.clamav.net>) to:

5.9.14.57 at Hetzner Online AG (AS24940)

Weird.

However, it seems I *can* get at the daily.cvd file by means of direct HTTP
access to "http://db.us.clamav.net/daily.cvd", which accesses the same
CloudFlare IPs that are allegedly "not synchronized".

The result of all this confusion is that the last time I got a
daily.cvd via freshclam was before CloudFlare:

Monday 25 June 2018 at 09:06:26
Database updated (6556585 signatures) from db.us.clamav.net<http://db.us.clamav.net> (IP: 200.236.31.1)

I am going to have to use the direct HTTP until [whenever]?

------------------------------------

On Tue, 26 Jun 2018 20:01:09 +0000
"Joel Esler (jesler)" <jesler at cisco.com<mailto:jesler at cisco.com>> wrote:

Define broken in your context?  Doesn't have the file?  (Humor me, so
I understand from your parlance)

On Jun 26, 2018, at 2:59 PM, Paul Kosinski <clamav-users at iment.com<mailto:clamav-users at iment.com>>
wrote:

ALL of the db.xx.clamav.net<http://db.xx.clamav.net> (plus database.clamav.net<http://database.clamav.net>) apparently
point to CloudFlare, and they are ALL broken. (And have been for
many hours.)

On Tue, 26 Jun 2018 11:09:08 -0700
Dave Warren <dw at thedave.ca<mailto:dw at thedave.ca>> wrote:

As that is a Cloudflare IP, I believe it possibly could represent
one or more backend mirrors as it may return different content
depending on the hostname provided.

On Tue, Jun 26, 2018, at 06:41, Robin Bourne wrote:
Joel,

I'm now getting "WARNING: Mirror 104.16.188.138 is not
synchronized." when using the CDN. Could it be related to the
changes made to fix this as my definitions are 3 revisions out?>
Thanks,

On 25 June 2018 at 04:28, Joel Esler (jesler)
<jesler at cisco.com<mailto:jesler at cisco.com>> wrote:>> Al,

Thanks. We are aware.  Looking into it.

Sent from my iPhone

On Jun 24, 2018, at 23:12, Al Varnell <alvarnell at mac.com<mailto:alvarnell at mac.com>> wrote:

Yes, but all but one was empty.

Sent from my iPad

-Al-

On Jun 24, 2018, at 19:42, Paul Kosinski
<clamav-users at iment.com<mailto:clamav-users at iment.com>> wrote:>>  >>
I've gotten several daily.cvd updates in that period. They came
from>>  >> several IP addresses associated with
from>>  >> http://db.us.clamav.net/.

On Sun, 24 Jun 2018 18:08:59 -0700
Al Varnell <alvarnell at mac.com<mailto:alvarnell at mac.com>> wrote:

Just wanted to point out that there has only been one
signature
added>>  >>> to the VirusDB by daily updates in the last 32
added>>  >>> hours.

-Al-

_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-Al-
--
Al Varnell
Mountain View, CA

_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20180627/4e4c0a53/attachment.htm>