[clamav-users] QNAP Antivirus Updates

Joel Esler (jesler) jesler at cisco.com
Tue Sep 21 11:32:39 UTC 2021 

Cool 👍🏼👍🏼

— 
Sent from my  iPhone

> On Sep 20, 2021, at 20:17, Paul Kosinski <clamav-users at iment.com> wrote:
> 
> On Mon, 20 Sep 2021 17:17:34 +0000
> "Joel Esler (jesler)" <jesler at cisco.com> wrote:
> 
>>>> On Sep 20, 2021, at 13:08, Paul Kosinski via clamav-users <clamav-users at lists.clamav.net> wrote:
>>> 
>>> These two IPs are Anycast addresses, and have been unchanged for well over 2 years. (Anycast addresses don't have to change even if the physical servers change, that's their point!) They are:
>>> 
>>> 104.16.218.84
>>> 104.16.219.84  
>> That’s what they are for you.  Cloudflare routes you to the closest pop to your network.  Your mileage may vary
> 
> ===================
> 
> I thought the IP addresses, being Anycast, were what are routed to the closest POP.
> 
> No matter, when I resolve "database.clamav.net" via various DNS servers, using TCP to bypass the default local DNS server (as our firewall blocks outbound UDP port 53 otherwise), I always get these same two IP addresses as results (see below) 
> 
> Given that the servers at 1.1.1.1, 8.8.8.8 and 9.9.9.9 are "public", and likely Anycast, while 71.243.0.12 is local Verizon/FIOS, I suppose that the Authoritative server and the public (Anycast) servers could conceivably be distributing different IP addresses depending on who is querying. (BIND/named has become incredibly complicated these days.) But since the two IP addresses are themselves Anycast, what would be the point?
> 
> In any case, does anyone, anywhere, get IP addresses other than
> 
>  104.16.218.84
>  104.16.219.84
> 
> when resolving "database.clamav.net"?
> 
> ------------------------------------------------------------
> 
>  $ dig +tcp +all @1.1.1.1 database.clamav.net
> 
>  ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all @1.1.1.1 database.clamav.net
>  ; (1 server found)
>  ;; global options: +cmd
>  ;; Got answer:
>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5920
>  ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
> 
>  ;; QUESTION SECTION:
>  ;database.clamav.net.        IN    A
> 
>  ;; ANSWER SECTION:
>  database.clamav.net.    31    IN    CNAME    database.clamav.net.cdn.cloudflare.net.
>  database.clamav.net.cdn.cloudflare.net.    271 IN A 104.16.219.84
>  database.clamav.net.cdn.cloudflare.net.    271 IN A 104.16.218.84
> 
>  ;; Query time: 11 msec
>  ;; SERVER: 1.1.1.1#53(1.1.1.1)
>  ;; WHEN: Mon Sep 20 15:28:17 2021
>  ;; MSG SIZE  rcvd: 118
> 
>  ---------------
> 
>  $ dig +tcp +all @8.8.8.8 database.clamav.net
> 
>  ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all @8.8.8.8 database.clamav.net
>  ; (1 server found)
>  ;; global options: +cmd
>  ;; Got answer:
>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49012
>  ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
> 
>  ;; QUESTION SECTION:
>  ;database.clamav.net.        IN    A
> 
>  ;; ANSWER SECTION:
>  database.clamav.net.    19    IN    CNAME    database.clamav.net.cdn.cloudflare.net.
>  database.clamav.net.cdn.cloudflare.net.    300 IN A 104.16.218.84
>  database.clamav.net.cdn.cloudflare.net.    300 IN A 104.16.219.84
> 
>  ;; Query time: 31 msec
>  ;; SERVER: 8.8.8.8#53(8.8.8.8)
>  ;; WHEN: Mon Sep 20 15:21:13 2021
>  ;; MSG SIZE  rcvd: 118
> 
>  ---------------
> 
>  $ dig +tcp +all @9.9.9.9 database.clamav.net
> 
>  ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all @9.9.9.9 database.clamav.net
>  ; (1 server found)
>  ;; global options: +cmd
>  ;; Got answer:
>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29165
>  ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
> 
>  ;; QUESTION SECTION:
>  ;database.clamav.net.        IN    A
> 
>  ;; ANSWER SECTION:
>  database.clamav.net.    60    IN    CNAME    database.clamav.net.cdn.cloudflare.net.
>  database.clamav.net.cdn.cloudflare.net.    300 IN A 104.16.218.84
>  database.clamav.net.cdn.cloudflare.net.    300 IN A 104.16.219.84
> 
>  ;; Query time: 91 msec
>  ;; SERVER: 9.9.9.9#53(9.9.9.9)
>  ;; WHEN: Mon Sep 20 15:30:17 2021
>  ;; MSG SIZE  rcvd: 118
> 
>  ---------------
> 
>  $ dig +tcp +all @71.243.0.12 database.clamav.net
> 
>  ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all @71.243.0.12 database.clamav.net
>  ; (1 server found)
>  ;; global options: +cmd
>  ;; Got answer:
>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12056
>  ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
> 
>  ;; QUESTION SECTION:
>  ;database.clamav.net.        IN    A
> 
>  ;; ANSWER SECTION:
>  database.clamav.net.    60    IN    CNAME    database.clamav.net.cdn.cloudflare.net.
>  database.clamav.net.cdn.cloudflare.net.    144 IN A 104.16.218.84
>  database.clamav.net.cdn.cloudflare.net.    144 IN A 104.16.219.84
> 
>  ;; Query time: 16 msec
>  ;; SERVER: 71.243.0.12#53(71.243.0.12)
>  ;; WHEN: Mon Sep 20 15:21:39 2021
>  ;; MSG SIZE  rcvd: 118
> 
>

More information about the clamav-users mailing list