Joel, Sorry to have been somewhat cryptic: I assumed the context of the posting I was nominally replying to.
By "broken", I meant that freshclam cannot retrieve daily.cvd files from the new CloudFlare IPs. In fact, I just now removed mirrors.dat, and all(?) the new CloudFlare IPs report "not synchronized", probably due to the ping.clamav.net failures (see below): WARNING: Mirror 104.16.185.138 is not synchronized. WARNING: Mirror 104.16.186.138 is not synchronized. WARNING: Mirror 104.16.187.138 is not synchronized. WARNING: Mirror 104.16.188.138 is not synchronized. WARNING: Mirror 104.16.189.138 is not synchronized. The command "host -t txt current.cvd.clamav.net" reports as follows: current.cvd.clamav.net descriptive text "0.100.0:58:24699:1530048540:1:63:47550:322" But the freshclam log reports some variant of: Querying daily.0.85.0.0.6810BD8A.ping.clamav.net Can't query daily.0.85.0.0.6810BD8A.ping.clamav.net Giving up on db.us.clamav.net... None of my local recursive DNS, my off-site Web server (in another state), or (apparently) 8.8.8.8 or 8.8.4.4 can resolve daily.0.85.0.0.6810BD8A.ping.clamav.net, but mxtoolbox.com resolves it, (via ns4.clamav.net) to: 5.9.14.57 at Hetzner Online AG (AS24940) Weird. However, it seems I *can* get at the daily.cvd file by means of direct HTTP access to "http://db.us.clamav.net/daily.cvd";, which accesses the same CloudFlare IPs that are allegedly "not synchronized". The result of all this confusion is that the last time I got a daily.cvd via freshclam was before CloudFlare: Monday 25 June 2018 at 09:06:26 Database updated (6556585 signatures) from db.us.clamav.net (IP: 200.236.31.1) I am going to have to use the direct HTTP until [whenever]? ------------------------------------ On Tue, 26 Jun 2018 20:01:09 +0000 "Joel Esler (jesler)" <jes...@cisco.com> wrote: > Define broken in your context? Doesn't have the file? (Humor me, so > I understand from your parlance) > > > > > On Jun 26, 2018, at 2:59 PM, Paul Kosinski <clamav-us...@iment.com> > > wrote: > > > > ALL of the db.xx.clamav.net (plus database.clamav.net) apparently > > point to CloudFlare, and they are ALL broken. (And have been for > > many hours.) > > > > > > On Tue, 26 Jun 2018 11:09:08 -0700 > > Dave Warren <d...@thedave.ca> wrote: > > > >> As that is a Cloudflare IP, I believe it possibly could represent > >> one or more backend mirrors as it may return different content > >> depending on the hostname provided. > >> > >> On Tue, Jun 26, 2018, at 06:41, Robin Bourne wrote: > >>> Joel, > >>> > >>> I'm now getting "WARNING: Mirror 104.16.188.138 is not > >>> synchronized." when using the CDN. Could it be related to the > >>> changes made to fix this as my definitions are 3 revisions out?> > >>> Thanks, > >>> > >>> On 25 June 2018 at 04:28, Joel Esler (jesler) > >>> <jes...@cisco.com> wrote:>> Al, > >>>> > >>>> > >>>> Thanks. We are aware. Looking into it. > >>>> > >>>> Sent from my iPhone > >>>> > >>>> > >>>>> On Jun 24, 2018, at 23:12, Al Varnell <alvarn...@mac.com> wrote: > >>>>> > >>>>> Yes, but all but one was empty. > >>>>> > >>>>> Sent from my iPad > >>>>> > >>>>> -Al- > >>>>> > >>>>>> On Jun 24, 2018, at 19:42, Paul Kosinski > >>>>>> <clamav-us...@iment.com> wrote:>> >> > >>>>>> I've gotten several daily.cvd updates in that period. They came > >>>>>> from>> >> several IP addresses associated with > >>>>>> from>> >> http://db.us.clamav.net/. > >>>>>> > >>>>>> > >>>>>> On Sun, 24 Jun 2018 18:08:59 -0700 > >>>>>> Al Varnell <alvarn...@mac.com> wrote: > >>>>>> > >>>>>>> Just wanted to point out that there has only been one > >>>>>>> signature > >>>>>>> added>> >>> to the VirusDB by daily updates in the last 32 > >>>>>>> added>> >>> hours. > >>>>>>> > >>>>>>> > >>>>>>> -Al- _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
