Send clamav-users mailing list submissions to
clamav-users@lists.clamav.netTo subscribe or unsubscribe via the World Wide Web, visit
https://lists.clamav.net/mailman/listinfo/clamav-users
or, via email, send a message with subject or body 'help' to
clamav-users-request@lists.clamav.net
You can reach the person managing the list at
clamav-users-owner@lists.clamav.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of clamav-users digest..."
When responding, please don't respond with the entire Digest. Please trim your response.
Today's Topics:
1. Re: QNAP Antivirus Updates (Paul Kosinski)
2. Re: QNAP Antivirus Updates (Liston, Daniel (DLISTON))
3. Re: QNAP Antivirus Updates (Joel Esler (jesler))
From: Paul Kosinski <clamav-users@iment.com>
Subject: Re: [clamav-users] QNAP Antivirus Updates
Date: September 21, 2021 at 12:52:57 PM CDT
To: clamav-users@lists.clamav.net
Cc: Matus UHLAR - fantomas <uhlar@fantomas.sk>
"how's this different from what Joel said?"
My reading of the following (based on normal English convention)
104.16.218.84
104.16.219.84
That’s what they are for you. Cloudflare routes you to the closest pop to your network. Your mileage may vary
is that "they" refers to the IP addresses, NOT the DNS names (which hadn't even been mentioned in my email at this point).
Thus, what I inferred from Joel's statement is that "database.clamav.net" might resolve to different IPs for other users (which would be weird, given the use of Anycast). So I tested it the best I could (without traveling a lot, or setting up VMs in different countries).
On Tue, 21 Sep 2021 13:21:20 +0200
Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
On Mon, 20 Sep 2021 17:17:34 +0000
"Joel Esler (jesler)" <jesler@cisco.com> wrote:
On Sep 20, 2021, at 13:08, Paul Kosinski via clamav-users <clamav-users@lists.clamav.net> wrote:
These two IPs are Anycast addresses, and have been unchanged for well over 2 years. (Anycast addresses don't have to change even if the physical servers change, that's their point!) They are:
104.16.218.84
104.16.219.84
That’s what they are for you. Cloudflare routes you to the closest pop to your network. Your mileage may vary
On 20.09.21 20:16, Paul Kosinski via clamav-users wrote:
I thought the IP addresses, being Anycast, were what are routed to the closest POP.
how's this different from what Joel said?
No matter, when I resolve "database.clamav.net" via various DNS servers,
using TCP to bypass the default local DNS server (as our firewall blocks
outbound UDP port 53 otherwise), I always get these same two IP addresses
as results (see below)
yes, becaue those two IP are anycast... they are router to the nearest POP.
Given that the servers at 1.1.1.1, 8.8.8.8 and 9.9.9.9 are "public", and
likely Anycast, while 71.243.0.12 is local Verizon/FIOS, I suppose that
the Authoritative server and the public (Anycast) servers could
conceivably be distributing different IP addresses depending on who is
querying. (BIND/named has become incredibly complicated these days.) But
since the two IP addresses are themselves Anycast, what would be the
point?
the point is, not to provide different IPs via anycast DNS but to provide
anycast IPs via any DNS.
In any case, does anyone, anywhere, get IP addresses other than
104.16.218.84
104.16.219.84
when resolving "database.clamav.net"?
From: "Liston, Daniel (DLISTON)" <DLISTON@arinc.com>
Subject: Re: [clamav-users] QNAP Antivirus Updates
Date: September 21, 2021 at 1:42:00 PM CDT
To: "clamav-users@lists.clamav.net" <clamav-users@lists.clamav.net>
I have already forgotten the point, but I did do some DNS
queries from our datacenters in LON, TYO, and NYC. All
reported the same results;
Non-authoritative answer:
database.clamav.net canonical name = database.clamav.net.cdn.cloudflare.net.
Name: database.clamav.net.cdn.cloudflare.net
Address: 104.16.218.84
Name: database.clamav.net.cdn.cloudflare.net
Address: 104.16.219.84
It seems it should be safe to specify these 2 IP addresses
in your firewall for the updates.
L8r
Dan
From: "Joel Esler (jesler)" <jesler@cisco.com>
Subject: Re: [clamav-users] QNAP Antivirus Updates
Date: September 21, 2021 at 2:49:27 PM CDT
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: "Liston, Daniel (DLISTON)" <DLISTON@arinc.com>
And… there’s your answer. Thank you all! I think this thread is dead.
On Sep 21, 2021, at 2:42 PM, Liston, Daniel (DLISTON) via clamav-users <clamav-users@lists.clamav.net> wrote:
I have already forgotten the point, but I did do some DNS
queries from our datacenters in LON, TYO, and NYC. All
reported the same results;
Non-authoritative answer:
database.clamav.net canonical name = database.clamav.net.cdn.cloudflare.net.
Name: database.clamav.net.cdn.cloudflare.net
Address: 104.16.218.84
Name: database.clamav.net.cdn.cloudflare.net
Address: 104.16.219.84
It seems it should be safe to specify these 2 IP addresses
in your firewall for the updates.
L8r
Dan
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml