-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Feb 08, 2006 at 10:35:01PM +0000, Brian Morrison wrote:

>> Dig doesn't seem to have any trouble getting a record, 
>> date/time on my server is correct.
>> % dig current.cvd.clamav.net txt
>> ;; ANSWER SECTION:
>> current.cvd.clamav.net. 
>> 592     IN      TXT     "0.88:35:1278:1139243341:1"
>My main machine's DNS got this, but my secondary was showing version
>1280 and a later epoch that was less than 1800 seconds old. As
>freshclam runs on the first box it was complaining.
>In the end I had to force a cache flush, so I'm wondering if maybe
>something got confused within BIND, wouldn't be too surprised!

Let's not rule out the possibility of dns cache poisoning.  If you're
not running a recent version of whatever dns server you are using, it
could be susceptible to this, and it could be someone experimenting with
attempting to fool your freshclam process into thinking that it's
current (by feeding bogus information to your nameservers).  I know of
nobody claiming to have seen such a thing, but it is _possible_ and so
therefore it should at least be looked at. 
- -- 
Regards...              Todd
I've visited conferences where the wireless LAN was deemed "secure" by
the organisation because they had outlawed sniffers.    --Neils Bakker
Linux kernel 2.6.12-15mdksmp   2 users,  load average: 0.09, 0.11, 0.09\n
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD6ncDY2VBGxIDMLwRAnJYAJ9EX/wLSBmCEOtzoDdrseDbpUED1ACfdPiW
MvIMdWum7VfO/saEZtaRQHg=
=N+lq
-----END PGP SIGNATURE-----
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html

Reply via email to