[clamav-users] clamav-users Digest, Vol 202, Issue 17

Gregory Poveda gregory.poveda at gmail.com
Thu Sep 23 01:19:16 UTC 2021 

Good Evening, 

I’m not sure what changed, but I was able to confirm it is working today. Nothing changed on my firewall, ACL, or QNAP config since my initial email. It does appear the IP did change on the database.clamav.net. Below is a snapshot of the ACL that dynamically updates based on the DNS address. Thanks for the help and confirming others had this issue. 



Thanks,
Gregory Poveda
OIT - Network Infrastructure
VBH M1D
Cell: (865) 250-0290
Office: (256) 824-7656
gap0005 at uah.edu

> On Sep 22, 2021, at 7:00 AM, clamav-users-request at lists.clamav.net wrote:
> 
> Send clamav-users mailing list submissions to
> 	clamav-users at lists.clamav.net
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.clamav.net/mailman/listinfo/clamav-users
> or, via email, send a message with subject or body 'help' to
> 	clamav-users-request at lists.clamav.net
> 
> You can reach the person managing the list at
> 	clamav-users-owner at lists.clamav.net
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of clamav-users digest..."
> When responding, please don't respond with the entire Digest.  Please trim your response.
> Today's Topics:
> 
>   1. Re: QNAP Antivirus Updates (Paul Kosinski)
>   2. Re: QNAP Antivirus Updates (Liston, Daniel (DLISTON))
>   3. Re: QNAP Antivirus Updates (Joel Esler (jesler))
> 
> From: Paul Kosinski <clamav-users at iment.com>
> Subject: Re: [clamav-users] QNAP Antivirus Updates
> Date: September 21, 2021 at 12:52:57 PM CDT
> To: clamav-users at lists.clamav.net
> Cc: Matus UHLAR - fantomas <uhlar at fantomas.sk>
> 
> 
> "how's this different from what Joel said?"
> 
> My reading of the following (based on normal English convention)
> 
>>> 104.16.218.84
>>> 104.16.219.84  
>> That’s what they are for you.  Cloudflare routes you to the closest pop to your network.  Your mileage may vary  
> 
> is that "they" refers to the IP addresses, NOT the DNS names (which hadn't even been mentioned in my email at this point).
> 
> Thus, what I inferred from Joel's statement is that "database.clamav.net" might resolve to different IPs for other users (which would be weird, given the use of Anycast). So I tested it the best I could (without traveling a lot, or setting up VMs in different countries).
> 
> 
> On Tue, 21 Sep 2021 13:21:20 +0200
> Matus UHLAR - fantomas <uhlar at fantomas.sk> wrote:
> 
>>> On Mon, 20 Sep 2021 17:17:34 +0000
>>> "Joel Esler (jesler)" <jesler at cisco.com> wrote:
>>> 
>>>>> On Sep 20, 2021, at 13:08, Paul Kosinski via clamav-users <clamav-users at lists.clamav.net> wrote:
>>>>> 
>>>>> These two IPs are Anycast addresses, and have been unchanged for well over 2 years. (Anycast addresses don't have to change even if the physical servers change, that's their point!) They are:
>>>>> 
>>>>> 104.16.218.84
>>>>> 104.16.219.84  
>>>> That’s what they are for you.  Cloudflare routes you to the closest pop to your network.  Your mileage may vary  
>> 
>> On 20.09.21 20:16, Paul Kosinski via clamav-users wrote:
>>> I thought the IP addresses, being Anycast, were what are routed to the closest POP.  
>> 
>> how's this different from what Joel said?
>> 
>>> No matter, when I resolve "database.clamav.net" via various DNS servers,
>>> using TCP to bypass the default local DNS server (as our firewall blocks
>>> outbound UDP port 53 otherwise), I always get these same two IP addresses
>>> as results (see below)  
>> 
>> yes, becaue those two IP are anycast... they are router to the nearest POP.
>> 
>>> Given that the servers at 1.1.1.1, 8.8.8.8 and 9.9.9.9 are "public", and
>>> likely Anycast, while 71.243.0.12 is local Verizon/FIOS, I suppose that
>>> the Authoritative server and the public (Anycast) servers could
>>> conceivably be distributing different IP addresses depending on who is
>>> querying.  (BIND/named has become incredibly complicated these days.) But
>>> since the two IP addresses are themselves Anycast, what would be the
>>> point?  
>> 
>> the point is, not to provide different IPs via anycast DNS but to provide
>> anycast IPs via any DNS.
>> 
>>> In any case, does anyone, anywhere, get IP addresses other than
>>> 
>>> 104.16.218.84
>>> 104.16.219.84
>>> 
>>> when resolving "database.clamav.net"?  
>> 
> 
> 
> 
> 
> From: "Liston, Daniel (DLISTON)" <DLISTON at arinc.com>
> Subject: Re: [clamav-users] QNAP Antivirus Updates
> Date: September 21, 2021 at 1:42:00 PM CDT
> To: "clamav-users at lists.clamav.net" <clamav-users at lists.clamav.net>
> 
> 
> I have already forgotten the point, but I did do some DNS 
> queries from our datacenters in LON, TYO, and NYC.  All 
> reported the same results;
> 
> Non-authoritative answer:
> database.clamav.net     canonical name = database.clamav.net.cdn.cloudflare.net.
> Name:   database.clamav.net.cdn.cloudflare.net
> Address: 104.16.218.84
> Name:   database.clamav.net.cdn.cloudflare.net
> Address: 104.16.219.84
> 
> It seems it should be safe to specify these 2 IP addresses
> in your firewall for the updates.
> 
> 
> L8r
> Dan
> 
> 
> 
> 
> From: "Joel Esler (jesler)" <jesler at cisco.com>
> Subject: Re: [clamav-users] QNAP Antivirus Updates
> Date: September 21, 2021 at 2:49:27 PM CDT
> To: ClamAV users ML <clamav-users at lists.clamav.net>
> Cc: "Liston, Daniel (DLISTON)" <DLISTON at arinc.com>
> 
> 
> And… there’s your answer.  Thank you all!  I think this thread is dead.
> 
>> On Sep 21, 2021, at 2:42 PM, Liston, Daniel (DLISTON) via clamav-users <clamav-users at lists.clamav.net> wrote:
>> 
>> I have already forgotten the point, but I did do some DNS 
>> queries from our datacenters in LON, TYO, and NYC.  All 
>> reported the same results;
>> 
>> Non-authoritative answer:
>> database.clamav.net     canonical name = database.clamav.net.cdn.cloudflare.net.
>> Name:   database.clamav.net.cdn.cloudflare.net
>> Address: 104.16.218.84
>> Name:   database.clamav.net.cdn.cloudflare.net
>> Address: 104.16.219.84
>> 
>> It seems it should be safe to specify these 2 IP addresses
>> in your firewall for the updates.
>> 
>> 
>> L8r
>> Dan
>> 
>> _______________________________________________
>> 
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> 
> 
> 
> _______________________________________________
> 
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210922/af2f7b52/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2021-09-22 at 8.13.53 PM.png
Type: image/png
Size: 30748 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210922/af2f7b52/attachment.png>

More information about the clamav-users mailing list