Hi Jim,
Some background about "ping.clamav.net":
Freshclam has a feature to do a DNS query for domain names of the form:
<databasename>.<clam functionality level>.<success?>.<host is on
WIndows>.<hex IPv4 address of mirror>.ping.clamav.net
It is of course not a real host in our domain, but instead the query gets
logged and that provides an extremely low cost method for getting basic
telemetry on the performance of mirror infrastructure. The metadata in
question hasn't held too much value to our team for a long time, especially now
that we're using CloudFlare instead of using a network of 3rd party mirrors.
Regarding the error you're seeing:
I think the "Can't query" error is new and indicates some infrastructure change
or potential issue with the server that had been the sink for the DNS lookups
(ns4.clamav.net (?)). Joel Esler said he'd look into it. In the meantime,
it's fine to be seeing those errors -- since they're basically saying that it
failed to report telemetry that we no longer record or review. The ability to
use freshclam to keep up to date should remain unimpeded.
On a related note, the next feature release of ClamAV has a significant update
to freshclam. A part of that is removing this "ping.clamav.net" DNS query
feature.
-Micah
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
On 7/31/19, 9:15 AM, "clamav-users on behalf of Jim Popovitch via
clamav-users" <clamav-users-boun...@lists.clamav.net on behalf of
clamav-users@lists.clamav.net> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> Jul 31 09:24:16 cav freshclam[3977]: Can't query
daily.25527.102.1.0.6810DA54.ping.clamav.net
To me, "Can't" implies an inability to do something, generally this
would therefore require action by someone else or something else.
"I can't move this large rock" -> Hire a backhoe
"I can't breath!" -> Medical intervention
"I can't sleep" -> Draft emails like this one....
Given the freshclam msg up above, what is the meaning of "Can't
query..."? Is there a problem needing investigation or intervention
(e.g., should that query normally succeed?), or is this is just a way of
saying there is a new update? If the latter, perhaps there is some
better terminology.
- -Jim P.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAl1BlCsACgkQPcxbabkK
GJ+HKhAAmNTpRUVz/YdpXNxvubnI01vb+323l5/ZSGRwrPFqpovvvdKk3vCDvNaw
VzraHEd3noQ0XJL2TLGIMt5ITI2qkw0afNWo0pIb/qxmcM+9gJMRpWq4ivFBkais
VKuWBh4QES0irJOz9koWweErElyr8wsr4lQG7+f87TyajFAdPsZnPSaZGef+JCTx
nkUjBVwHYpCRP31Rms1y/snNFxRRseWppUJeUHfBIvSXJN5Y2bsLTPhN71WLi081
jAjctgGq0uvml4XPpqoY3/hMl/KFcaf63O3FP7HMFrhHKCctDgg844s0GKF91sLN
nFAFoJTVtxmiXNY3u20RGKleJS5D/DiNnTCirgLrElPfeWeI+HZtZi+NVKIZWvtY
Y9w9IjjP/H+IfC36graritkvJfFOQUYL74pcE/CQYOYBlt33hdFzipNlkgntL0Aa
2HrLVOOq/QEwLKggeVL4zdYS8Qzh/Lj3ykHaFlMl4+z0wEr5gvaHgYDnlgkqCeDV
nHHYGthM3CMUYWErSMzJMh6cORsX5tws/Iu8KAJ1GAmPCpitdzQ2cW4KOh+Ji0Vr
K9KOB9ofqqUsAapB0uVRC/gMon2PX+afan39C15BYqnhckRtGiG+y6MzpjvOzbbz
J6C2swxZN9VAH0v2VdAXY67dsSfBxML4OqHFlR9X4mKLu5vdhs4=
=cBMy
-----END PGP SIGNATURE-----
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
