[clamav-users] Errors connecting to mirrors

Orion Poplawski orion at nwra.com
Fri Mar 30 15:48:43 UTC 2018 

It does not appear to be ignoring the TTL, but the TTL appears to be 60.
freshclam seems to wait for 5 seconds between attempts so the 3 attempts to
download will fall within the TTL of the DNS results.

Sample squidclient mgr:ipcache entry:

 Hostname                        Flg lstref    TTL  N(b)
 db.us.clamav.net                         5     55  9( 0)
              72.21.91.8-OK

I think this doesn't affect freshclam normally because it sends a DNS request
for each attempt, and the nameserver appears to rotate the names for each request.

Just to pass it on - balance_on_multiple_ip appears not to be functional in
squid anymore: https://bugs.squid-cache.org/show_bug.cgi?id=4691 and for a
fairly good reason I suppose, but does work against freshclam.

At this point I'd like to increase the 5 second delay between download
attempts (to allow the DNS cache to expire) but that appears to be hard coded.


And still having persistent problems with 72.21.91.8 as reported here:
https://bugzilla.clamav.net/show_bug.cgi?id=12068


On 03/28/2018 05:50 PM, Dennis Peterson wrote:
> If your proxy ignores the TTL for the mirrors then quite likely things will
> grind to a halt for you. All the mirrors are in round-robin dns pools.
> 
> dp
> 
> On 3/27/18 4:32 PM, Orion Poplawski wrote:
>> On 03/27/2018 05:21 PM, Al Varnell wrote:
>>> Using the same IP each time with failure will also cause mirrors.dat to
>>> temporarily block that IP's use for some period of time. That will require
>>> you to trash mirrors.dat and allow it to be rebuilt at the next check.
>>>
>>> -Al-
>> I don't think mirrors.dat comes into play here as the proxy is doing the dns
>> lookup, not freshclam.
>>
>>> On Tue, Mar 27, 2018 at 03:40 PM, Orion Poplawski wrote:
>>>> On 03/27/2018 03:13 PM, Orion Poplawski wrote:
>>>>> Thanks for the response.
>>>>>
>>>>> I ended up switching freshclam to use our proxy servers and increasing the
>>>>> ConnectTimeout to 60 seconds.  This has helped a bit, but I still get the
>>>>> occasional issue.  Latest was trying to get daily-24426.cdiff from
>>>>> 72.21.91.8
>>>>> around Tue Mar 27 13:31:14 2018 PDT.  These are annoying because they
>>>>> generate
>>>>> emails.
>>>> This was exacerbated by squid continuing to use the same IP address for the
>>>> connection each time freshclam retried the download.  I'm trying enabling
>>>> http://www.squid-cache.org/Doc/config/balance_on_multiple_ip/
>>>> <http://www.squid-cache.org/Doc/config/balance_on_multiple_ip/> to see if
>>>> that
>>>> helps.
>>>
>>>
>>>
>>> _______________________________________________
>>> clamav-users mailing list
>>> clamav-users at lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>
> 
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


-- 
Orion Poplawski
Manager of NWRA Technical Systems          720-772-5637
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion at nwra.com
Boulder, CO 80301                 https://www.nwra.com/

More information about the clamav-users mailing list