-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Feb 08, 2006 at 10:35:01PM +0000, Brian Morrison wrote:
>> Dig doesn't seem to have any trouble getting a record, >> date/time on my server is correct. >> % dig current.cvd.clamav.net txt >> ;; ANSWER SECTION: >> current.cvd.clamav.net. >> 592 IN TXT "0.88:35:1278:1139243341:1" >My main machine's DNS got this, but my secondary was showing version >1280 and a later epoch that was less than 1800 seconds old. As >freshclam runs on the first box it was complaining. >In the end I had to force a cache flush, so I'm wondering if maybe >something got confused within BIND, wouldn't be too surprised! Let's not rule out the possibility of dns cache poisoning. If you're not running a recent version of whatever dns server you are using, it could be susceptible to this, and it could be someone experimenting with attempting to fool your freshclam process into thinking that it's current (by feeding bogus information to your nameservers). I know of nobody claiming to have seen such a thing, but it is _possible_ and so therefore it should at least be looked at. - -- Regards... Todd I've visited conferences where the wireless LAN was deemed "secure" by the organisation because they had outlawed sniffers. --Neils Bakker Linux kernel 2.6.12-15mdksmp 2 users, load average: 0.09, 0.11, 0.09\n -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD6ncDY2VBGxIDMLwRAnJYAJ9EX/wLSBmCEOtzoDdrseDbpUED1ACfdPiW MvIMdWum7VfO/saEZtaRQHg= =N+lq -----END PGP SIGNATURE----- _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
