Luca Gibelli wrote: > Hello Todd, > >> Check to make sure that your local iptables firewall and any firewall >> between you and the DNS server does not block TCP port 53 (which is what >> the fallback proto/port is if the DNS answer is more than 512 bytes). > > we put a lot of effort in keeping the size of the RR records under 512 > bytes, because TCP queries put too much load on the authoritative DNS > servers for clamav.net .
I read that off the FAQ and changed it a couple of weeks ago. Still no luck. Thanks for the tip all the same. > >> With no other options, this smells like selinux. > > I second that. Yah... I'm a die hard RedHat fan... but I haven't had time to explore selinux, so when I build a system, I turn it off. This system was built in May, freshclam ran well from then till around the end of September. I used the rpm from rpmforge until a day or two ago. And now I'm using the rpm from ATrpms. Here's something I just noticed... I did a packet sniff (once on internal interface and once on the external interface) while running a freshclam. I did not observe any queries directed to ns1.clamav.net. During the internal sniff, I looked for dns queries as well... I didn't see any for clamav.net. What else can I check out? -- Milton Calnek BSc, A/Slt(Ret.) [EMAIL PROTECTED] 306-717-8737 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
