Re: [clamav-users] Yet Another US Mirror Issue-Solved

[Tomasz Kojm]

On Sat, 17 Sep 2011 10:25:50 -0400 Dan dantear...@gmail.com wrote:
 At 1:33 PM +0200 9/16/2011, Tomasz Kojm wrote:
 On Thu, 15 Sep 2011 12:28:50 -0400 Dan dantear...@gmail.com wrote:
   At 10:43 AM +0200 9/15/2011, Tomasz Kojm wrote:
   OK, now please post the output of 'freshclam --list-mirrors'
  
   Mirror #9
  IP: 88.198.67.125
  Successes: 13
  Failures: 0
  Last access: Fri Aug 26 10:45:31 2011
  Ignore: No
  -
  Mirror #10
   IP: 65.19.179.67
  Successes: 24
  Failures: 5
  Last access: Tue Sep 13 10:45:48 2011
  Ignore: Yes
  
  Can't connect to port 80 of host database.clamav.net (IP:
  88.198.67.125) is not considered a failure?  Is there something that I
  can add to freshclam.conf to make it so?

 A connection problem was considered a failure in the past but it was
 making more harm than good. In most cases the problem lies at the
 user's end (keep in mind we have ~2M different IPs downloading the
 database every day) and according to our tests and user reports with
 the current settings freshclam can more effectively deal with network
 errors.
 
 So... there is nothing that an end-user can set that will make the
 connection error be considered a failure?  I would need to go hack at
 the source code?

I've enabled short-time blacklisting of mirrors on connection errors in
clamav-devel, please give it a try (use the git version):

http://www.clamav.net/lang/en/download/sources/

 Does that Ignore: Yes entry automatically expire at some point or is
 that mirror now dead forever?

They will expire automatically. The mirrors ignored for a short time
should return to the pool after 30 minutes (or 6 hours in clamav-devel
after recent changes), and those ignored for a long term (due to severe
or repeating issues) should get cleared after 3 days.

Regards,

-- 
   oo. Tomasz Kojm tk...@clamav.net
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Mon Sep 19 13:50:14 CEST 2011
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue-Solved

[Dan]

At 1:33 PM +0200 9/16/2011, Tomasz Kojm wrote:

On Thu, 15 Sep 2011 12:28:50 -0400 Dan dantear...@gmail.com wrote:
  At 10:43 AM +0200 9/15/2011, Tomasz Kojm wrote:
  OK, now please post the output of 'freshclam --list-mirrors'
 
  Mirror #9

 IP: 88.198.67.125
 Successes: 13
 Failures: 0
 Last access: Fri Aug 26 10:45:31 2011
 Ignore: No
 -
 Mirror #10

  IP: 65.19.179.67

 Successes: 24
 Failures: 5
 Last access: Tue Sep 13 10:45:48 2011
 Ignore: Yes

 

 Can't connect to port 80 of host database.clamav.net (IP:
 88.198.67.125) is not considered a failure?  Is there something that I
 can add to freshclam.conf to make it so?


A connection problem was considered a failure in the past but it was 
making more harm than good. In most cases the problem lies at the 
user's end (keep in mind we have ~2M different IPs downloading the 
database every day) and according to our tests and user reports with 
the current settings freshclam can more effectively deal with 
network errors.


So... there is nothing that an end-user can set that will make the 
connection error be considered a failure?  I would need to go hack at 
the source code?


Does that Ignore: Yes entry automatically expire at some point or 
is that mirror now dead forever?


I see that all but one of the mirrors marked as Ignore: Yes work 
fine (well, at least they respond to http://ip, which .125 does not). 
Is there a command I can throw at Clam that will reset that flag? 
Doesn't look like mirrors.dat is directly editable.


How many connection failures are required before a mirror is taken 
out of rotation?


Thu Sep 15 22:05:35 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Fri Sep 16 08:03:05 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Fri Sep 16 10:03:06 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Fri Sep 16 11:03:08 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Fri Sep 16 14:03:09 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Fri Sep 16 14:42:04 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Fri Sep 16 16:03:09 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Fri Sep 16 17:03:07 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Fri Sep 16 18:03:07 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Fri Sep 16 19:03:09 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Fri Sep 16 20:03:09 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Fri Sep 16 21:03:06 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Fri Sep 16 22:03:06 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Sat Sep 17 01:03:06 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Sat Sep 17 02:03:09 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Sat Sep 17 03:03:09 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Sat Sep 17 04:03:09 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Sat Sep 17 05:03:08 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Sat Sep 17 06:03:08 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Sat Sep 17 07:03:08 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Sat Sep 17 08:03:06 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)
Sat Sep 17 10:03:07 2011 - Can't connect to port 80 of host 
db.US.clamav.net (IP: 88.198.67.125)


That's a total of 0 successes over the past few days for that mirror.

Thanks,
- Dan.
--
- Psychoceramic Emeritus; South Jersey, USA, Earth.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue-Solved

[Tomasz Kojm]

On Thu, 15 Sep 2011 12:38:40 -0700 Al Varnell alvarn...@mac.com wrote:

[...]

 Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
 Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
 Database updated (1038850 signatures) from db.US.clamav.net (IP:
 88.198.67.125)
 Database updated (1038850 signatures) from 88.198.67.125 (IP: 88.198.67.125)
 Database updated (1039253 signatures) from db.US.clamav.net (IP:
 88.198.67.125)
 
 For all but 1 of the 21 of the Can't connects it immediately checked and
 connected and updated from another mirror, but the next update went right
 back to .125 in all but 2 cases.   One Can't connect was followed by a
 second Can't connect.

OK, so that's the expected behavior.

-- 
   oo. Tomasz Kojm tk...@clamav.net
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Fri Sep 16 09:29:08 CEST 2011
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue-Solved

[Tomasz Kojm]

On Thu, 15 Sep 2011 12:28:27 -0400 Dan dantear...@gmail.com wrote:
 At 10:42 PM -0700 9/14/2011, Al Varnell wrote:
 Against all odds I've had three updates in the last 24 and two of them
 have
 been from old .125
 
 Not so lucky; here every freshclam run that has touched .125 includes a
 failure still.  My latest:
 
 ClamAV update process started at Thu Sep 15 12:16:56 2011
 Using IPv6 aware code
 Querying current.cvd.clamav.net
 TTL: 900
 Software version from DNS: 0.97.2
 main.cvd version from DNS: 53
 main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder:
 sven)
 daily.cvd version from DNS: 13620
 daily.cld is up to date (version: 13620, sigs: 193015, f-level: 60,
 builder: acab)
 safebrowsing.cvd version from DNS: 32299
 Retrieving http://database.clamav.net/safebrowsing-32299.cdiff
 Ignoring mirror 65.19.179.67 (due to previous errors)
 nonblock_connect: connect timing out (30 secs)
 Can't connect to port 80 of host database.clamav.net (IP: 88.198.67.125)
 Ignoring mirror 65.19.179.67 (due to previous errors)
 Trying host database.clamav.net (207.57.106.31)...
 Trying to download http://database.clamav.net/safebrowsing-32299.cdiff
 (IP: 207.57.106.31)
 Downloading safebrowsing-32299.cdiff [100%]
 cdiff_apply: Parsed 56039 lines and executed 55991 commands
 Loading signatures from safebrowsing.cld
 Properly loaded 723320 signatures from new safebrowsing.cld
 safebrowsing.cld updated (version: 32299, sigs: 723320, f-level: 60,
 builder: google)
 Querying safebrowsing.32299.61.1.0.207.57.106.31.ping.clamav.net
 bytecode.cvd version from DNS: 144
 bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60,
 builder: edwin)
 Database updated (1762590 signatures) from database.clamav.net (IP:
 207.57.106.31)

This looks good, it properly switched to another mirror and successfully
updated the database.

-- 
   oo. Tomasz Kojm tk...@clamav.net
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Fri Sep 16 13:14:17 CEST 2011
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue-Solved

[Tomasz Kojm]

On Thu, 15 Sep 2011 12:28:50 -0400 Dan dantear...@gmail.com wrote:
 At 10:43 AM +0200 9/15/2011, Tomasz Kojm wrote:
 OK, now please post the output of 'freshclam --list-mirrors'
 
 Mirror #9
 IP: 88.198.67.125
 Successes: 13
 Failures: 0
 Last access: Fri Aug 26 10:45:31 2011
 Ignore: No
 -
 Mirror #10
 IP: 65.19.179.67
 Successes: 24
 Failures: 5
 Last access: Tue Sep 13 10:45:48 2011
 Ignore: Yes
 
 
 Can't connect to port 80 of host database.clamav.net (IP:
 88.198.67.125) is not considered a failure?  Is there something that I
 can add to freshclam.conf to make it so?

A connection problem was considered a failure in the past but it was
making more harm than good. In most cases the problem lies at the user's
end (keep in mind we have ~2M different IPs downloading the database
every day) and according to our tests and user reports with the current
settings freshclam can more effectively deal with network errors.

Regards,

-- 
   oo. Tomasz Kojm tk...@clamav.net
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Fri Sep 16 13:23:52 CEST 2011
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue-Solved

[Tomasz Kojm]

On Wed, 14 Sep 2011 22:42:53 -0700 Al Varnell alvarn...@mac.com wrote:

 Against all odds I've had three updates in the last 24 and two of them have
 been from old .125, so I reserve the right to revisit the other part of the
 issue in a few days after I have some statistics on how often it gets used
 on the first attempt.

Hey Al,

please run 'freshclam -v' and look for this line:

Using IPv6 aware code

If it's not there, then most likely freshclam is using the older
networking code, which does not randomize IP addresses on its own but
only relies on the DNS.

Regards,

-- 
   oo. Tomasz Kojm tk...@clamav.net
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Thu Sep 15 10:17:13 CEST 2011
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue-Solved

[Al Varnell]

On 9/15/11 1:30 AM, Tomasz Kojm tk...@clamav.net wrote:

 Hey Al,
 
 please run 'freshclam -v' and look for this line:
 
 Using IPv6 aware code
 
 If it's not there, then most likely freshclam is using the older
 networking code, which does not randomize IP addresses on its own but
 only relies on the DNS.
 
Here it is:
Current working dir is /usr/local/clamXav/share/clamav
Max retries == 3
ClamAV update process started at Thu Sep 15 01:37:17 2011
Using IPv6 aware code 
Querying current.cvd.clamav.net
TTL: 224
Software version from DNS: 0.97.2
main.cvd version from DNS: 53
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder:
sven)
daily.cvd version from DNS: 13619
Retrieving http://db.US.clamav.net/daily-13618.cdiff
Trying to download http://db.US.clamav.net/daily-13618.cdiff (IP:
207.57.106.31)
Downloading daily-13618.cdiff [100%]
cdiff_apply: Parsed 17 lines and executed 17 commands
Retrieving http://db.US.clamav.net/daily-13619.cdiff
Trying to download http://db.US.clamav.net/daily-13619.cdiff (IP:
207.57.106.31)
Downloading daily-13619.cdiff [100%]
cdiff_apply: Parsed 16 lines and executed 16 commands
Loading signatures from daily.cld
Properly loaded 193008 signatures from new daily.cld
daily.cld updated (version: 13619, sigs: 193008, f-level: 60, builder:
jesler)
Querying daily.13619.62.1.0.207.57.106.31.ping.clamav.net
bytecode.cvd version from DNS: 144
bytecode.cvd is up to date (version: 144, sigs: 41, f-level: 60, builder:
edwin)
Database updated (1039263 signatures) from db.US.clamav.net (IP:
207.57.106.31)

Looks to be OK.


-Al-
 
-- 
Al Varnell
Mountain View, CA


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue-Solved

[Tomasz Kojm]

On Thu, 15 Sep 2011 01:41:29 -0700 Al Varnell alvarn...@mac.com wrote:

 Looks to be OK.

OK, now please post the output of 'freshclam --list-mirrors'

-- 
   oo. Tomasz Kojm tk...@clamav.net
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Thu Sep 15 10:41:30 CEST 2011
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue-Solved

[Al Varnell]

On 9/15/11 1:43 AM, Tomasz Kojm tk...@clamav.net wrote:

 OK, now please post the output of 'freshclam --list-mirrors'

Janets-iMac-G5:~ jvarnell$ sudo /usr/local/clamXav/bin/freshclam
--list-mirrors
Mirror #1
IP: 194.8.197.22
Successes: 12
Failures: 0
Last access: Tue Sep 13 15:45:14 2011
Ignore: No
-
Mirror #2
IP: 69.12.162.28
Successes: 4
Failures: 1
Last access: Thu Sep  8 07:45:14 2011
Ignore: No
-
Mirror #3
IP: 150.214.142.197
Successes: 6
Failures: 0
Last access: Wed Aug 24 07:45:08 2011
Ignore: No
-
Mirror #4
IP: 69.163.100.14
Successes: 13
Failures: 0
Last access: Tue Sep 13 19:40:16 2011
Ignore: No
-
Mirror #5
IP: 200.236.31.1
Successes: 8
Failures: 0
Last access: Thu Aug 25 15:45:11 2011
Ignore: No
-
Mirror #6
IP: 155.98.64.87
Successes: 14
Failures: 0
Last access: Wed Sep  7 15:45:09 2011
Ignore: No
-
Mirror #7
IP: 208.72.56.53
Successes: 7
Failures: 0
Last access: Sun Sep 11 07:45:04 2011
Ignore: No
-
Mirror #8
IP: 194.186.47.19
Successes: 6
Failures: 0
Last access: Fri Sep  9 15:45:19 2011
Ignore: No
-
Mirror #9
IP: 194.47.250.218
Successes: 31
Failures: 0
Last access: Sat Sep 10 15:47:31 2011
Ignore: No
-
Mirror #10
IP: 168.143.19.95
Successes: 13
Failures: 0
Last access: Mon Sep  5 07:45:07 2011
Ignore: No
-
Mirror #11
IP: 88.198.67.125
Successes: 10
Failures: 0
Last access: Wed Sep 14 15:46:40 2011
Ignore: No
-
Mirror #12
IP: 207.57.106.31
Successes: 6
Failures: 0
Last access: Thu Sep 15 01:37:23 2011
Ignore: No
-
Mirror #13
IP: 65.19.179.67
Successes: 8
Failures: 0
Last access: Sun Sep 11 15:47:38 2011
Ignore: No
-
Mirror #14
IP: 64.246.134.219
Successes: 8
Failures: 0
Last access: Tue Sep 13 07:45:07 2011
Ignore: No
-
Mirror #15
IP: 204.109.62.22
Successes: 5
Failures: 0
Last access: Thu Sep  8 15:45:17 2011
Ignore: No

Note: Mirror #11 had Successes: 1 until yesterday.


-Al-
 
-- 
Al Varnell
Mountain View, CA



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue-Solved

[Tomasz Kojm]

On Thu, 15 Sep 2011 02:11:16 -0700 Al Varnell alvarn...@mac.com wrote:

[...]
 -
 Mirror #11
 IP: 88.198.67.125
 Successes: 10
 Failures: 0
 Last access: Wed Sep 14 15:46:40 2011
 Ignore: No
 -
 Mirror #12
 IP: 207.57.106.31
 Successes: 6
 Failures: 0
 Last access: Thu Sep 15 01:37:23 2011
 Ignore: No
 -
 Mirror #13
 IP: 65.19.179.67
 Successes: 8
 Failures: 0
 Last access: Sun Sep 11 15:47:38 2011
 Ignore: No
 -
 Mirror #14
 IP: 64.246.134.219
 Successes: 8
 Failures: 0
 Last access: Tue Sep 13 07:45:07 2011
 Ignore: No
 -
 Mirror #15
 IP: 204.109.62.22
 Successes: 5
 Failures: 0
 Last access: Thu Sep  8 15:45:17 2011
 Ignore: No
 
 Note: Mirror #11 had Successes: 1 until yesterday.

And that's the reason freshclam was choosing it as the first mirror all
the time. Freshclam tries to balance the load by preferring mirrors with
the lowest number of downloads. Then, when it fails to connect to such a
mirror, it should disable this load balancing and simply pick up a
random mirror in the next attempt. Could you check your logs to see if
that actually happened?

-- 
   oo. Tomasz Kojm tk...@clamav.net
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Thu Sep 15 14:07:40 CEST 2011
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Bowie Bailey]

On 9/14/2011 3:29 AM, sys...@ra-schaal.de wrote:

 i´ll have at look. but i´m moving until september to a new server with
 much bandwith (20 TB/month) and a better performance.

 maybe i can setup the mirror on this system on weekend.

 if you can´t connect to 88.198.67.125, you should fall back to
 46.4.61.241. it seems, that freshclam won´t use the second ip.

 nslookup clamav.akxnet.de
 Server: 127.0.0.1
 Address:127.0.0.1#53

 Name:   clamav.akxnet.de
 Address: 88.198.67.125
 Name:   clamav.akxnet.de
 Address: 46.4.61.241


 if freshclam on one of my other servers tries connect to 88, i also
 can´t connect sometimes. but in this case freshclam just use the second
 ip (ie second server).

 i made some changes to the firewall. if it works be now, please mail me
 as soon as possible.


That seems to have fixed the problem for me.  I have seen three
successful updates and no failures from your server since yesterday.

Thanks.

-- 
Bowie
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue-Solved

[Dan]

At 10:43 AM +0200 9/15/2011, Tomasz Kojm wrote:

OK, now please post the output of 'freshclam --list-mirrors'


Mirror #9
IP: 88.198.67.125
Successes: 13
Failures: 0
Last access: Fri Aug 26 10:45:31 2011
Ignore: No
-
Mirror #10
IP: 65.19.179.67
Successes: 24
Failures: 5
Last access: Tue Sep 13 10:45:48 2011
Ignore: Yes


Can't connect to port 80 of host database.clamav.net (IP: 
88.198.67.125) is not considered a failure?  Is there something that 
I can add to freshclam.conf to make it so?


- Dan.
--
- Psychoceramic Emeritus; South Jersey, USA, Earth.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue-Solved

[Dan]

At 10:42 PM -0700 9/14/2011, Al Varnell wrote:

Against all odds I've had three updates in the last 24 and two of them have
been from old .125


Not so lucky; here every freshclam run that has touched .125 includes 
a failure still.  My latest:


ClamAV update process started at Thu Sep 15 12:16:56 2011
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 900
Software version from DNS: 0.97.2
main.cvd version from DNS: 53
main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
daily.cvd version from DNS: 13620
daily.cld is up to date (version: 13620, sigs: 193015, f-level: 60, 
builder: acab)

safebrowsing.cvd version from DNS: 32299
Retrieving http://database.clamav.net/safebrowsing-32299.cdiff
Ignoring mirror 65.19.179.67 (due to previous errors)
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 88.198.67.125)
Ignoring mirror 65.19.179.67 (due to previous errors)
Trying host database.clamav.net (207.57.106.31)...
Trying to download 
http://database.clamav.net/safebrowsing-32299.cdiff (IP: 
207.57.106.31)

Downloading safebrowsing-32299.cdiff [100%]
cdiff_apply: Parsed 56039 lines and executed 55991 commands
Loading signatures from safebrowsing.cld
Properly loaded 723320 signatures from new safebrowsing.cld
safebrowsing.cld updated (version: 32299, sigs: 723320, f-level: 60, 
builder: google)

Querying safebrowsing.32299.61.1.0.207.57.106.31.ping.clamav.net
bytecode.cvd version from DNS: 144
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60, 
builder: edwin)
Database updated (1762590 signatures) from database.clamav.net (IP: 
207.57.106.31)


- Dan.
--
- Psychoceramic Emeritus; South Jersey, USA, Earth.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue-Solved

[Al Varnell]

On 9/15/11 5:19 AM, Tomasz Kojm tk...@clamav.net wrote:

 And that's the reason freshclam was choosing it as the first mirror all
 the time. Freshclam tries to balance the load by preferring mirrors with
 the lowest number of downloads. Then, when it fails to connect to such a
 mirror, it should disable this load balancing and simply pick up a
 random mirror in the next attempt. Could you check your logs to see if
 that actually happened?

Here are the results of trying .125 over the same period, (Aug 29 to Sep
14).  There were 42 attempted updates, 12 were already up-to-dates and 21 of
30 updates started with a 88.198.67.125 failure.

Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Can't connect to port 80 of host 88.198.67.125 (IP: 88.198.67.125)
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Database updated (1038850 signatures) from db.US.clamav.net (IP:
88.198.67.125)
Database updated (1038850 signatures) from 88.198.67.125 (IP: 88.198.67.125)
Database updated (1039253 signatures) from db.US.clamav.net (IP:
88.198.67.125)

For all but 1 of the 21 of the Can't connects it immediately checked and
connected and updated from another mirror, but the next update went right
back to .125 in all but 2 cases.   One Can't connect was followed by a
second Can't connect.


-Al-
 
-- 
Al Varnell
Mountain View, CA



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Dennis Peterson]

On 9/13/11 10:51 PM, Jim Preston wrote:
Apple has chosen to go the Microsoft route of

our users are too stupid to be allowed to do their own customization and as
such we OS X users have to suffer as we do with the choices made in Redmond.



I'm a Mac user for my personal workstation and I don't feel any such from the 
top notion. OS X itself is adequately self sufficient (for now) to allow us to 
skirt the nutters at Apple. Is it happens that OS X becomes more IOS centric 
then yes, thinkers are doomed. I do believe that Apple is heading away from the 
general purpose computer towards an Apple Store centric OS that must necessarily 
go ka-ching each time you wish something clever would run on your Mac.


Some clues: VMware Fusion (hypervisor for Mac) will soon be an App-store only 
product. Same with Pixelmator (closest thing to photoshop for the Mac) and so 
for several others. And now we're way off topic, but it is true too for Windows 
users that all that we have grown up on is quickly ratcheting down to a single 
glass interface between us and our applications, and it is based on the iTunes 
model. I don't play gatekeeper well, so bumbye, general purpose computer Mac OS, 
hello Linux. SourceForge is my salvation. I hope.


dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Jim Preston]

On 09/13/2011 02:28 PM, Bryan Burke wrote:



...with zero successful connections to that IP.  The connectivity failure is 
entirely reproducible by hand:

% telnet 88.198.67.125 80
Trying 88.198.67.125...
telnet: connect to address 88.198.67.125: Connection refused
telnet: Unable to connect to remote host

I should say that when I did this, I got the same, but the connection seemed to 
be timing
out, not being refused (despite what telnet says). Was it the same for you?

I ask because that would indicate either that the web server on that IP is 
down, or that
some firewall is silently dropping packets.

This is a good question. I had a problem with my ISP in that I could not 
access my work servers from home. My ISP stated that they were not 
filtering my work IPs and a traceroute seemed to confirm this. It seemed 
that some router along the way determined it did not like traffic with 
my originating IP and my office's terminating IP.  Like many users, my 
IP address is not static but  very rarely changes. Forcing an IP 
address change (method more OT then the rest of my post) from my ISP 
made all the traffic get through. I bring this up only because the 
symptoms are similar, some traffic like ICMP would make it fine while 
other traffic like HTTP and SSH were being blocked along the route.



--
Jim Preston
jimli...@commspeed.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Al Varnell]

On Sep 13, 2011, at 10:51 PM, Jim Preston jimli...@commspeed.net wrote:

 Well here I have to take exception. You have every option to choose mirrors 
 that suit your liking better. If the US servers are not meeting your needs, 
 pick a different region. If the US round-robin are using mirrors half way 
 around the world, then. there is no detraction to picking default mirrors 
 that are half way around the world but choosing something other then US as 
 the location. The fact that ClamXav HAS chosen to  make it inconvenient for 
 users to change update frequency or setting of db mirrors is NOT a clamav 
 fault. The mechanism exists in freschclam but the port to OS X has chosen to 
 ignore this very important feature. Would you like me to write a user 
 interface application so OS X users can do this very simple preference 
 setting? And don't get me started on some of the stupid approaches Apple has 
 taken to a very simple to manage OS like FreeBSD. Although I choose express 
 no opinion on the MACH kernel versus other kernels, the MACH kernel choice,  
 is not issu
 e that has detracted from the ability to easily set preferences. Apple has 
chosen to go the Microsoft route of our users are too stupid to be allowed to 
do their own customization and as such we OS X users have to suffer as we do 
with the choices made in Redmond.

Thanks for the offer Jim.  I realized after I hit send that I gave an emotional 
answer that I knew wasn't technically correct.

As I think you know I try to represent the average ClamXav user here.  In the 
forum I try very hard not to recommend solutions the average user won't be able 
to easily implement.  If it's something that can be built into ClamXav I put it 
on Mark's suggested improvements list.  Otherwise I may try it out myself, but 
rarely recommend tailoring clamav unless the user has special needs.  As such, 
it's important that I maintain the baseline on my computer, otherwise I can't 
be as helpful to others.  Believe it or not, I could care less whether my setup 
works for me or not as long as it performs the way it does for everybody else.


Sent from Janet's iPad

-Al-
-- 
Al Varnell
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[sys...@ra-schaal.de]

Am 13.09.2011 20:49, schrieb Bowie Bailey:
 On 9/13/2011 1:18 PM, sys...@ra-schaal.de wrote:
 Am 13.09.2011 18:01, schrieb Al Varnell:
 On Sep 13, 2011, at 8:15 AM, Dan dantear...@gmail.com wrote:

 Yet more failure on 88.198.67.125, this morning.  This one is a double.
 I was going to wait a few more days to mention this, but since you bring it 
 up...

 I have seen this twice a day almost every day since 29 Aug.  The only times 
 I didn't see this was when the database was reported to be up-to-date.  
 During that same period, I was _never_ able to successfully connect to it.  
 This can't be just my bad luck.
 just your bad luck

 2011/09/05 - 297638 connects
 2011/09/06 - 265677 connects
 2011/09/07 - 265228 connects
 2011/09/08 - 210367 connects
 2011/09/09 - 230462 connects
 2011/09/10 - 142702 connects
 2011/09/11 - 120486 connects
 2011/09/12 - 207272 connects
 2011/09/13 - 129521 connetcs until now - 1916 CET

 as mentioned a few days befor, YOU have a very slow connection to my
 system.
 
 Not just him.  I don't hit your mirror every time, but the last time I
 was able to successfully update from it was Aug 28, which matches what
 Al reported.  Since then, I have seen 23 errors:
 
 Can't connect to port 80 of host db.us.clamav.net (IP: 88.198.67.125)
 
 Trying it manually today, I can ping the server, but cannot connect to
 port 80.
 
 Seems like something changed on Aug 28 or 29 which is causing connection
 problems for some people.
 
i´ll have at look. but i´m moving until september to a new server with
much bandwith (20 TB/month) and a better performance.

maybe i can setup the mirror on this system on weekend.

if you can´t connect to 88.198.67.125, you should fall back to
46.4.61.241. it seems, that freshclam won´t use the second ip.

nslookup clamav.akxnet.de
Server: 127.0.0.1
Address:127.0.0.1#53

Name:   clamav.akxnet.de
Address: 88.198.67.125
Name:   clamav.akxnet.de
Address: 46.4.61.241


if freshclam on one of my other servers tries connect to 88, i also
can´t connect sometimes. but in this case freshclam just use the second
ip (ie second server).

i made some changes to the firewall. if it works be now, please mail me
as soon as possible.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Al Varnell]

On 9/14/11 12:29 AM, sys...@ra-schaal.de sys...@ra-schaal.de wrote:

 i made some changes to the firewall. if it works be now, please mail me
 as soon as possible.
 
I was able to connect via my browser.  I forced an update by pulling out my
bytecode.cld and it successfully downloaded it from your mirror.  So
whatever you did to the firewall seems to have solved at least that part of
the problem.  Now if I can just get freshclam to pick another mirror once in
a while our problems should be over.
 

-Al-
 
-- 
Al Varnell
Mountain View, CA



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Noel Jones]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 9/14/2011 2:29 AM, sys...@ra-schaal.de wrote:
 i made some changes to the firewall. if it works be now, please
 mail me as soon as possible.


I started getting successful updates from 88.198.67.125 a couple
hours after you posted this, and port 80 no longer shows closed
from here.

Thanks!


  -- Noel Jones
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOcKGiAAoJEJGRUHb5Oh6gLoMH/RnRPHpNfxpm8PTlkqh5sAtJ
6U9//hlV2Qinyq9zPjAX4RGUfMwXYWlTX3QnguWIsVkhEtfPC+kkdjq2S8KVNnpa
VOQ1n0Ci5KaXifYK916jGjNKJ/AX6pAHcr6+I5jlzB5MO0IIfWTh7thPgaUfgIeK
49xd9gaMgwa+wW9VH96Qn18VYOLVbKdiRtUFBLdKdCzZt74HDdLw88e7nyWZJy0e
NieuRTCsu0ib66ashU2uSgzoUpdDf84i874sQVGNFdNS6HRj4NyhgbeTTlSPsQ7j
rcMXudLnwCHU/8rbQhWn2l+aT4idYrlWjyknZUVdBh16fqDmc/QF/kJYI/UVx7k=
=qNDc
-END PGP SIGNATURE-
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Christopher X. Candreva]

On Wed, 14 Sep 2011, Dan wrote:

 At 7:44 AM -0500 9/14/2011, Noel Jones wrote:
  On 9/14/2011 2:29 AM, sys...@ra-schaal.de wrote:
i made some changes to the firewall. if it works be now, please
mail me as soon as possible.
  
  I started getting successful updates from 88.198.67.125 a couple
  hours after you posted this, and port 80 no longer shows closed
  from here.
 
 Still not workin from here:

http://www.downforeveryoneorjustme.com/88.198.67.125

Says it's up.

==
Chris Candreva  -- ch...@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Bryan Burke]

 Does your dig use the host table? Mine does not. Same with nslookup.
 I can't imagine why they would, in fact.

Yea, I had to use getent hosts db.us.clamav.net to make sure the /etc/hosts 
entry was
working.

-- 
Bryan Burke
IT Administrator
Department of Electrical Engineering and Computer Science
University of Tennessee, Knoxville
bbu...@eecs.utk.edu
(865) 974-4694
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Dan]

At 7:44 AM -0500 9/14/2011, Noel Jones wrote:

On 9/14/2011 2:29 AM, sys...@ra-schaal.de wrote:

 i made some changes to the firewall. if it works be now, please

  mail me as soon as possible.

I started getting successful updates from 88.198.67.125 a couple
hours after you posted this, and port 80 no longer shows closed
from here.


Still not workin from here:

ClamAV update process started at Wed Sep 14 09:43:49 2011
main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 88.198.67.125)
Trying host database.clamav.net (207.57.106.31)...
Downloading daily-13609.cdiff [100%]
Downloading daily-13610.cdiff [100%]
Downloading daily-13611.cdiff [100%]
Downloading daily-13612.cdiff [100%]
Downloading daily-13613.cdiff [100%]
Downloading daily-13614.cdiff [100%]
daily.cld updated (version: 13614, sigs: 192601, f-level: 60, builder: ccordes)
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60, 
builder: edwin)
Database updated (1038856 signatures) from database.clamav.net (IP: 
207.57.106.31)

Clamd successfully notified about the update.

- Dan.
--
- Psychoceramic Emeritus; South Jersey, USA, Earth.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Steve Basford]

 On Wed, 14 Sep 2011, Dan wrote:

 http://www.downforeveryoneorjustme.com/88.198.67.125

 Says it's up.

Received responses: 53 Ok 5 Fail

http://host-tracker.com/check_res_ajx/8730391-0/

Cheers,

Steve
Sanesecurity

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Nathan Gibbs]

On 9/13/2011 10:29 PM, Al Varnell wrote:

 I was trying to say that using this command:
 
 freshclam --stdout --quiet --no-warnings
 --log=/usr/local/clamXav/share/clamav/freshclam.log
 
 I can determine the IP address of a successful update in the last line, e.g.
 
 Database updated (1038839 signatures) from db.US.clamav.net (IP:
 194.8.197.22)
 
 If the database is already up-to-date then there is no attempt to access a
 mirror, so it would not be possible to provide an IP.
 

OOPS, my misunderstanding.
:-)

I didn't think there was really an issue, but figured I'd ask.
freshclam logs what IP address it is about to try, reading what follows
the try will usually tell you if it worked or not.

-- 
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com




signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Dan]

At 12:36 PM -0400 9/13/2011, Bryan Burke wrote:

  Noone has suggested maximum.  The issue is that the mirrors are so

 overloaded that it's often taking freshclam an excessive amount of
 time to do its thing, because of the time-outs / connection
 failures. No big deal if it's the update run in the background.  But
 if it's on-demand update preceding a user-driven scan, it's making
 the user sit there, twiddling its thumbs, for up to a minute or two.


Are we really having this protracted discussion, because we don't 
want someone to have to sit for up to a minute or two?


This problem seems overstated. I mean, are we talking about 
on-demand scans perhaps a dozen or more times per day, every day? 
i.e. is this adding up to hours of lost time every week? If so, is 
it really such a problem to have a database that is *at most* 2 
hours out-of-date (the default)? Do you need to do an update before 
*every* on-demand scan?  And why can't that be solved (if it is, in 
fact, an issue) by increasing the check frequency to, say, every 
hour?


Is it appropriate to ever do a scan against an outdated database? 
I've been told time and again never to do that!


When a user launches their anti-virus app, they're going to want to 
check to see that their definitions are up-to-date.  (I would argue 
that any app that doesn't force the update check by default is poorly 
designed).  If that step takes a minute, instead of a few seconds, 
then the app becomes painful to use -- making them less likely to do 
scans in the future.  Not good.  Wanna make it worse?  Put the user 
on a time-metered network connection!


As for overstated... People that are both busy and security conscious 
tend to run quite a few scans per day.  If each one halts their work 
for minutes...  Or even if 1000 users have to wait that one minute 
just twice a day... then thats many hours wasted.  And how many 
ClamAV users are there?   (By user, in this context, I mean human 
at a desktop or laptop).


*at most* 2 hours.  Are you saying that freshclam should *always* 
be run in the background every hour or two *by everyone*, not just on 
servers?  Can the current mirror infrastructure handle that?


Currently, as a user app, ClamXav only runs freshclam in the 
background once per day, if the user enables such, but I'm sure we 
could get the author (Mark) to enhance its scheduling preferences. 
No big deal, IF that's the right thing to do.  But even then... 
shouldn't every on-demand scan first do an update anyway???  (Running 
the update once per day isn't my fav design choice.  Back in the day, 
when there were virtually no malwares for Mac OS X, I didn't have a 
problem with that.  But these days, I think it needs to be fixed. 
Not an issue for this forum tho).


At 3:49 PM -0400 9/13/2011, Bryan Burke wrote:

  I don't know the frequency, but it was enough of a problem for him to

 complain...three times before I brought it up here.


So is this issue specifically with ClamXav?


No.  This is an issue specifically with *** freshclam *** and the 
reliability of *** ClamAV's Mirrors ***.  I've seen the problem most 
often with ClamXav because me and mine use Macs.  But I've received 
complaints about Clam from several of my clients recently - they use 
Clam on both their Macs and Windows machines.  The update lag + the 
recent 2x not-updating-DNS has started the whole maybe it's time to 
evaluate other AV products cycle.


Al wrote:

Sending my browser to db.US.clamav.net gives me
 Safari can't open the page http://db.us.big.clamav.net/; because 
Safari can't

 connect to the server db.us.big.clamav.net.


No matter how many times I try it.


Ditto.  Last night and this morning.  The other mirrors respond 
quickly, but .125 - never.


Just ran this:
http://host-tracker.com/check_res_ajx/8730640-0/
and adding the results from this, previously in the thread:
http://host-tracker.com/check_res_ajx/8730391-0/

It shows the average response time was under 3/4 of a second.  Going 
down the lists, I see only a few sites took more than one second!  So 
perhaps a time-out of 3 to 4 seconds would be more reasonable?  30s 
seems like painful overkill.



At 6:15 PM -0400 9/13/2011, Bryan Burke wrote:
If not, then at this point, I'm guessing there's enough data here 
for the team to make a
decision one way or the other concerning this host. Even if removed, 
it can always be

re-added when the cause of this issue is tracked down and fixed.

At least concerning this issue, is there anything more to be done?


1) Fix freshclam so it doesn't stall for so long.

2) Fix freshclam so it doesn't ever use the same inaccessible mirror 
again, especially during the same run.


3) Get the unavailable mirror OUT of the rotation.

- Dan.
--
- Psychoceramic Emeritus; South Jersey, USA, Earth.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Dennis Peterson]

On 9/14/11 12:29 AM, sys...@ra-schaal.de wrote:


if you can´t connect to 88.198.67.125, you should fall back to
46.4.61.241. it seems, that freshclam won´t use the second ip.

nslookup clamav.akxnet.de
Server: 127.0.0.1
Address:127.0.0.1#53

Name:   clamav.akxnet.de
Address: 88.198.67.125
Name:   clamav.akxnet.de
Address: 46.4.61.241



Why would it? The client resolver has already identified 88.198.67.125 as the 
appropriate end point IP and won't ask again. If you are trying to use DNS at 
your end as a load balancer it isn't going to work. The expectation is that a 
reliable service is running only at the IP in the authorative DNS server at 
clamav.net and that IP is 88.198.67.125. Your depending on 46.4.61.241 as a 
fallback server is bad architecture.


dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Dan]

At 12:36 PM -0400 9/13/2011, Bryan Burke wrote:

  Noone has suggested maximum.  The issue is that the mirrors are so

 overloaded that it's often taking freshclam an excessive amount of
 time to do its thing, because of the time-outs / connection
 failures. No big deal if it's the update run in the background.  But
 if it's on-demand update preceding a user-driven scan, it's making
 the user sit there, twiddling its thumbs, for up to a minute or two.


Are we really having this protracted discussion, because we don't 
want someone to have to sit for up to a minute or two?


This problem seems overstated. I mean, are we talking about 
on-demand scans perhaps a dozen or more times per day, every day? 
i.e. is this adding up to hours of lost time every week? If so, is 
it really such a problem to have a database that is *at most* 2 
hours out-of-date (the default)? Do you need to do an update before 
*every* on-demand scan?  And why can't that be solved (if it is, in 
fact, an issue) by increasing the check frequency to, say, every 
hour?


Is it appropriate to ever do a scan against an outdated database? 
I've been told time and again never to do that!


When a user launches their anti-virus app, they're going to want to 
check to see that their definitions are up-to-date.  (I would argue 
that any app that doesn't force the update check by default is poorly 
designed).  If that step takes a minute, instead of a few seconds, 
then the app becomes painful to use -- making them less likely to do 
scans in the future.  Not good.  Wanna make it worse?  Put the user 
on a time-metered network connection!


As for overstated... People that are both busy and security conscious 
tend to run quite a few scans per day.  If each one halts their work 
for minutes...  Or even if 1000 users have to wait that one minute 
just twice a day... then that's many hours wasted.  And how many 
ClamAV users are there?   (By user, in this context, I mean human 
at a desktop or laptop).


*at most* 2 hours.  Are you saying that freshclam should *always* 
be run in the background every hour or two *by everyone*, not just on 
servers?  Can the current mirror infrastructure handle that?


Currently, as a user app, ClamXav only runs freshclam in the 
background once per day, if the user enables such, but I'm sure we 
could get the author (Mark) to enhance its scheduling preferences. 
No big deal, IF that's the right thing to do.  But even then... 
shouldn't every on-demand scan first do an update anyway???  (Running 
the update once per day isn't my fav design choice.  Back in the day, 
when there were virtually no malwares for Mac OS X, I didn't have a 
problem with that.  But these days, I think it needs to be fixed. 
Not an issue for this forum tho).


At 3:49 PM -0400 9/13/2011, Bryan Burke wrote:

  I don't know the frequency, but it was enough of a problem for him to

 complain...three times before I brought it up here.


So is this issue specifically with ClamXav?


No.  This is an issue specifically with *** freshclam *** and the 
reliability of *** ClamAV's Mirrors ***.  I've seen the problem most 
often with ClamXav because me and mine use Macs.  But I've received 
complaints about Clam from several of my clients recently - they use 
Clam on both their Macs and Windows machines.  The update lag + the 
recent 2x not-updating-DNS has started the whole maybe it's time to 
evaluate other AV products cycle.


Al wrote:

Sending my browser to db.US.clamav.net gives me
  Safari can't open the page  because Safari can't
  connect to the server db.us.big.clamav.net.

No matter how many times I try it.


Ditto.  Last night and this morning.  The other mirrors respond 
quickly, but .125 - never.


Just ran this:
http://host-tracker.com/check_res_ajx/8730640-0/
and adding the results from this, previously in the thread:
http://host-tracker.com/check_res_ajx/8730391-0/

It shows the average response time was under 3/4 of a second.  Going 
down the lists, I see only a few sites took more than one second!  So 
perhaps a time-out of 3 to 4 seconds would be more reasonable?  30s 
seems like painful overkill.



At 6:15 PM -0400 9/13/2011, Bryan Burke wrote:
If not, then at this point, I'm guessing there's enough data here 
for the team to make a
decision one way or the other concerning this host. Even if removed, 
it can always be

re-added when the cause of this issue is tracked down and fixed.

At least concerning this issue, is there anything more to be done?


1) Fix freshclam so it doesn't stall for so long.

2) Fix freshclam so it doesn't ever use the same inaccessible mirror 
again, especially during the same run.


3) Get the unavailable mirror OUT of the rotation.

- Dan.
--
- Psychoceramic Emeritus; South Jersey, USA, Earth.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[sys...@ra-schaal.de]

Am 14.09.2011 18:15, schrieb Dennis Peterson:

 expectation is that a reliable service is running only at the IP in the
 authorative DNS server at clamav.net and that IP is 88.198.67.125. Your
 depending on 46.4.61.241 as a fallback server is bad architecture.

I told them a few months ago, and a few weeks ago, and for some
reasons they didn´t add the second ip to the us-roundrobin on
clamav.net. It´s only listed for russian-roundrobin.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[clamav-users] Yet Another US Mirror Issue-Solved

[Al Varnell]

It's been almost twenty-four hours since the Firewall was fixed, so I
thought I'd take this opportunity to thank everybody involved, both for
backing me up when there was much doubt and for offering useful suggestions
and obviously to Florian for solving at his part of the issue.  Hopefully US
users (and probably others) will be a bit more productive because of it.

Against all odds I've had three updates in the last 24 and two of them have
been from old .125, so I reserve the right to revisit the other part of the
issue in a few days after I have some statistics on how often it gets used
on the first attempt.


-Al-
 
-- 
Al Varnell
Mountain View, CA



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Jim Preston]

On 09/14/2011 09:20 AM, Dan wrote:

At 12:36 PM -0400 9/13/2011, Bryan Burke wrote:

 Noone has suggested maximum.  The issue is that the mirrors are so

 overloaded that it's often taking freshclam an excessive amount of
 time to do its thing, because of the time-outs / connection
 failures. No big deal if it's the update run in the background.  But
 if it's on-demand update preceding a user-driven scan, it's making
 the user sit there, twiddling its thumbs, for up to a minute or two.
I do not recommend my users do their own scans. My recommendation is for 
scans to be scheduled to run during downtime such as at night or weekends.


Are we really having this protracted discussion, because we don't 
want someone to have to sit for up to a minute or two?


This problem seems overstated. I mean, are we talking about on-demand 
scans perhaps a dozen or more times per day, every day? i.e. is this 
adding up to hours of lost time every week? If so, is it really such 
a problem to have a database that is *at most* 2 hours out-of-date 
(the default)? Do you need to do an update before *every* on-demand 
scan?  And why can't that be solved (if it is, in fact, an issue) by 
increasing the check frequency to, say, every hour?


Is it appropriate to ever do a scan against an outdated database? I've 
been told time and again never to do that!
This depends on whether it is an on-demand scan. If I have my AV set 
to do on-demand scanning (which I do have enabled for Windows because of 
the over whelming preference of virus writers to target Windows) then I 
ABSOLUTELY do not want the signatures to be updated everytime a scan is 
done. My Internet connection and the update servers would be overwhelmed 
by such aggressive updating I would think it would be considered an attack.


On the other hand, if I suspect I have downloaded an infected file 
whether it be from the Internet, removable media, or LAN, then yes, I 
normally would want to be sure I had the latest signatures. Now this 
often involves a download to some other computer and a manual copy to 
the suspect computer as the first thing I do when I truly suspect I have 
managed to infect a system is to isolate it so it does not try and 
infect the rest of my network or worse start sending out replications 
tarnishing my reputation.


In the case of routine scheduled scans of file systems, yes, I do not 
preferentially care if the signatures are several hours old. These scans 
are to see if there is a file that was not noted as infected earlier 
and is a preventative scan. If something suspicious turns up, then the 
previous paragraph applies.


When a user launches their anti-virus app, they're going to want to 
check to see that their definitions are up-to-date.  (I would argue 
that any app that doesn't force the update check by default is poorly 
designed).  If that step takes a minute, instead of a few seconds, 
then the app becomes painful to use -- making them less likely to do 
scans in the future.  Not good.  Wanna make it worse?  Put the user on 
a time-metered network connection!


As for overstated... People that are both busy and security conscious 
tend to run quite a few scans per day.  If each one halts their work 
for minutes...  Or even if 1000 users have to wait that one minute 
just twice a day... then that's many hours wasted.  And how many 
ClamAV users are there?   (By user, in this context, I mean human at 
a desktop or laptop).


*at most* 2 hours.  Are you saying that freshclam should *always* be 
run in the background every hour or two *by everyone*, not just on 
servers?  Can the current mirror infrastructure handle that?
The answer on this is yes, every user should be updating their 
signatures every 2 hours which is why it is the freshclam default. If it 
is a work environment, then they should consider a local proxy server 
for the signatures to help reduce load on the mirrors. The mirrors 
should be scaled (and I believe they are) to handle a majority of the 
users to be directly downloading their own signatures. If they are 
security conscious then they should run them every hour.


Currently, as a user app, ClamXav only runs freshclam in the 
background once per day, if the user enables such, but I'm sure we 
could get the author (Mark) to enhance its scheduling preferences. No 
big deal, IF that's the right thing to do.  But even then... shouldn't 
every on-demand scan first do an update anyway???  (Running the update 
once per day isn't my fav design choice.  Back in the day, when there 
were virtually no malwares for Mac OS X, I didn't have a problem with 
that.  But these days, I think it needs to be fixed. Not an issue for 
this forum tho).
Yes, ClamXav should have an easy to set preference to set the schedule. 
ClamXav is the first AV I have ever used where the user could not easily 
set the update schedule.


The biggest danger is zero hour infections and running updates once a 
day is practically as bad as not bothering to 

Re: [clamav-users] Yet Another US Mirror Issue

[Dan]

Yet more failure on 88.198.67.125, this morning.  This one is a double.

Shouldn't Freshclam be smart enough to avoid the same failing server 
at least within the same run?



ClamAV update process started at Tue Sep 13 10:45:01 2011
main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
connect_error: getsockopt(SO_ERROR): fd=6 error=61: Connection refused
Can't connect to port 80 of host database.clamav.net (IP: 88.198.67.125)
Trying host database.clamav.net (65.19.179.67)...
Downloading daily-13603.cdiff [100%]
Downloading daily-13604.cdiff [100%]
nonblock_recv: recv timing out (30 secs)
connect_error: getsockopt(SO_ERROR): fd=6 error=61: Connection refused
Can't connect to port 80 of host database.clamav.net (IP: 88.198.67.125)
Trying host database.clamav.net (207.57.106.31)...
Downloading daily-13605.cdiff [100%]
Downloading daily-13606.cdiff [100%]
Downloading daily-13607.cdiff [100%]
Downloading daily-13608.cdiff [100%]
daily.cld updated (version: 13608, sigs: 192488, f-level: 60, builder: neo)
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60, 
builder: edwin)
Database updated (1038743 signatures) from database.clamav.net (IP: 
207.57.106.31)

Clamd successfully notified about the update.

- Dan.
--
- Psychoceramic Emeritus; South Jersey, USA, Earth.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Al Varnell]

On Sep 13, 2011, at 8:15 AM, Dan dantear...@gmail.com wrote:

 Yet more failure on 88.198.67.125, this morning.  This one is a double.

I was going to wait a few more days to mention this, but since you bring it 
up...

I have seen this twice a day almost every day since 29 Aug.  The only times I 
didn't see this was when the database was reported to be up-to-date.  During 
that same period, I was _never_ able to successfully connect to it.  This can't 
be just my bad luck.

Also, why was this mirror the first one checked from 2-10 Sep?  I thought there 
was supposed to be more randomness in the list.  This morning was the first 
time a different server appeared first this month.


Sent from Janet's iPad

-Al-
-- 
Al Varnell
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Bryan Burke]

 Noone has suggested maximum.  The issue is that the mirrors are so
 overloaded that it's often taking freshclam an excessive amount of
 time to do its thing, because of the time-outs / connection
 failures. No big deal if it's the update run in the background.  But
 if it's on-demand update preceding a user-driven scan, it's making
 the user sit there, twiddling its thumbs, for up to a minute or two.

Are we really having this protracted discussion, because we don't want someone 
to have to
sit for up to a minute or two?

This problem seems overstated. I mean, are we talking about on-demand scans 
perhaps a
dozen or more times per day, every day? i.e. is this adding up to hours of lost 
time every
week? If so, is it really such a problem to have a database that is *at most* 2 
hours
out-of-date (the default)? Do you need to do an update before *every* on-demand 
scan? And
why can't that be solved (if it is, in fact, an issue) by increasing the check 
frequency
to, say, every hour?

I'm not trying to stifle the idea of distributing the databases via torrent, 
but some of
this discussion seems to be trying to solve a fabricated issue.

As for the torrent, I think we can stop the discussion given the following:

  1. The ClamAV team has said they will not support torrents.
  2. The question about the local directory has been addressed.
  3. Torrents can be easily created by anyone.

Is there really anything more to discuss, except perhaps some more details of 
the local
directory answer?

-- 
Bryan Burke
IT Administrator
Department of Electrical Engineering and Computer Science
University of Tennessee, Knoxville
bbu...@eecs.utk.edu
(865) 974-4694
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[sys...@ra-schaal.de]

Am 13.09.2011 18:01, schrieb Al Varnell:
 On Sep 13, 2011, at 8:15 AM, Dan dantear...@gmail.com wrote:
 
 Yet more failure on 88.198.67.125, this morning.  This one is a double.
 
 I was going to wait a few more days to mention this, but since you bring it 
 up...
 
 I have seen this twice a day almost every day since 29 Aug.  The only times I 
 didn't see this was when the database was reported to be up-to-date.  During 
 that same period, I was _never_ able to successfully connect to it.  This 
 can't be just my bad luck.

just your bad luck

2011/09/05 - 297638 connects
2011/09/06 - 265677 connects
2011/09/07 - 265228 connects
2011/09/08 - 210367 connects
2011/09/09 - 230462 connects
2011/09/10 - 142702 connects
2011/09/11 - 120486 connects
2011/09/12 - 207272 connects
2011/09/13 - 129521 connetcs until now - 1916 CET

as mentioned a few days befor, YOU have a very slow connection to my
system.


just use another mirror instead of crying all the time about your bad setup.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Bowie Bailey]

On 9/13/2011 1:18 PM, sys...@ra-schaal.de wrote:
 Am 13.09.2011 18:01, schrieb Al Varnell:
 On Sep 13, 2011, at 8:15 AM, Dan dantear...@gmail.com wrote:

 Yet more failure on 88.198.67.125, this morning.  This one is a double.
 I was going to wait a few more days to mention this, but since you bring it 
 up...

 I have seen this twice a day almost every day since 29 Aug.  The only times 
 I didn't see this was when the database was reported to be up-to-date.  
 During that same period, I was _never_ able to successfully connect to it.  
 This can't be just my bad luck.
 just your bad luck

 2011/09/05 - 297638 connects
 2011/09/06 - 265677 connects
 2011/09/07 - 265228 connects
 2011/09/08 - 210367 connects
 2011/09/09 - 230462 connects
 2011/09/10 - 142702 connects
 2011/09/11 - 120486 connects
 2011/09/12 - 207272 connects
 2011/09/13 - 129521 connetcs until now - 1916 CET

 as mentioned a few days befor, YOU have a very slow connection to my
 system.

Not just him.  I don't hit your mirror every time, but the last time I
was able to successfully update from it was Aug 28, which matches what
Al reported.  Since then, I have seen 23 errors:

Can't connect to port 80 of host db.us.clamav.net (IP: 88.198.67.125)

Trying it manually today, I can ping the server, but cannot connect to
port 80.

Seems like something changed on Aug 28 or 29 which is causing connection
problems for some people.

-- 
Bowie
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Al Varnell]

On 9/13/11 9:36 AM, Bryan Burke bbu...@eecs.utk.edu wrote:

 Noone has suggested maximum.  The issue is that the mirrors are so
 overloaded that it's often taking freshclam an excessive amount of
 time to do its thing, because of the time-outs / connection
 failures. No big deal if it's the update run in the background.  But
 if it's on-demand update preceding a user-driven scan, it's making
 the user sit there, twiddling its thumbs, for up to a minute or two.
 
 Are we really having this protracted discussion, because we don't want someone
 to have to sit for up to a minute or two?
 
That was the original intent, but we seem to have hit a couple of other
nerves.

 This problem seems overstated. I mean, are we talking about on-demand scans
 perhaps a dozen or more times per day, every day? i.e. is this adding up to
 hours of lost time every week? If so, is it really such a problem to have a
 database that is *at most* 2 hours out-of-date (the default)? Do you need to
 do an update before *every* on-demand scan?
 
I don't know the frequency, but it was enough of a problem for him to
complain...three times before I brought it up here.

 And why can't that be solved (if it is, in fact, an issue) by increasing the
 check frequency to, say, every hour?
 
That's not a user option with ClamXav, although I realize it could be done
by hacking the LaunchAgent (formerly cron) event.  I will probably recommend
to Mark that he include multiple updates as a user preference one of these
days, but there are a couple of other features I'd like to see first.

...
 Is there really anything more to discuss, except perhaps some more details
 of the local directory answer?
 
As I mentioned earlier today, I believe the issue with this particular
mirror is bigger than what has been stated.  I understand the need to limit
access but why do we have a mirror:

- Supporting users half way around the world
- Which always seems to be the first one checked
- And has never successfully connected for over two weeks

If it was just one of these I could accept it, but there has to be something
else going on with it.  My guess is that if the network was working as
designed the user would never had lodged his initial complaint.


-Al-
 
-- 
Al Varnell
Mountain View, CA



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Al Varnell]

On 9/13/11 10:18 AM, sys...@ra-schaal.de sys...@ra-schaal.de wrote:

 Am 13.09.2011 18:01, schrieb Al Varnell:
 On Sep 13, 2011, at 8:15 AM, Dan dantear...@gmail.com wrote:
 
 Yet more failure on 88.198.67.125, this morning.  This one is a double.
 
 I was going to wait a few more days to mention this, but since you bring it
 up...
 
 I have seen this twice a day almost every day since 29 Aug.  The only times I
 didn't see this was when the database was reported to be up-to-date.  During
 that same period, I was _never_ able to successfully connect to it.  This
 can't be just my bad luck.
 
 just your bad luck
 
 2011/09/05 - 297638 connects
 2011/09/06 - 265677 connects
 2011/09/07 - 265228 connects
 2011/09/08 - 210367 connects
 2011/09/09 - 230462 connects
 2011/09/10 - 142702 connects
 2011/09/11 - 120486 connects
 2011/09/12 - 207272 connects
 2011/09/13 - 129521 connetcs until now - 1916 CET
 
 as mentioned a few days befor, YOU have a very slow connection to my
 system.
 
I'm half a world away from you, so I'm not really surprised by that, but
what difference should it make?

 just use another mirror instead of crying all the time about your bad setup.

What are you talking about?  I have no choice whatsoever on the mirror I
connect to!


-Al-
 
-- 
Al Varnell
Mountain View, CA



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Bryan Burke]

 I don't know the frequency, but it was enough of a problem for him to
 complain...three times before I brought it up here.

So is this issue specifically with ClamXav? i.e. is ClamXav forcing an update 
each time
it's run? I know that the regular clamav does not do this, and if that's the 
product in
question, my point still seems valid: aren't we crying over spilled milk here? 
I mean, it
would seem that the user's desired case/functionality is unreasonable, and as a 
result,
that asking the ClamAV team to do anything about it is also unreasonable.

If the issue is, however, with ClamXav, then this isn't the correct mailing 
list to be
having this discussion, correct?

 That's not a user option with ClamXav, although I realize it could be done
 by hacking the LaunchAgent (formerly cron) event.  I will probably recommend
 to Mark that he include multiple updates as a user preference one of these
 days, but there are a couple of other features I'd like to see first.

Fair enough.

 - Supporting users half way around the world

Don't see a problem with this.

 - Which always seems to be the first one checked

Actual issue. Perhaps DNS caching is a factor? If freshclam checks often 
enough, then
perhaps the cache entry never dies, and you get the same order every time?

 - And has never successfully connected for over two weeks

Other than an announcement to the list that there may be problems with one of 
the mirrors,
this seems to be an issue primarily between those users who encountered said 
error (and
caused them distress) and the mirror admins, not the whole list. However, maybe 
I'm wrong
and many readers of the list appreciate seeing the back-and-forth.

P.S. - My goal is to try to limit the scope of this thread a little more, so it 
stays
focused and relevant. As a side-line user on this list, I feel it had long 
since gotten
out-of-hand.

-- 
Bryan Burke
IT Administrator
Department of Electrical Engineering and Computer Science
University of Tennessee, Knoxville
bbu...@eecs.utk.edu
(865) 974-4694
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Chuck Swiger]

Hi--

On Sep 13, 2011, at 12:49 PM, Bryan Burke wrote:
 - Which always seems to be the first one checked
 
 Actual issue. Perhaps DNS caching is a factor? If freshclam checks often 
 enough, then
 perhaps the cache entry never dies, and you get the same order every time?

Running dig db.us.clamav.net a few times shows that the nameserver responses 
are rotating the resource records; and even if it didn't, well-behaved resolver 
clients ought to rotate through multiple valid IPs returned by 
gethostbyname()/getaddrinfo() for a hostname anyway.

 - And has never successfully connected for over two weeks
 
 Other than an announcement to the list that there may be problems with one of 
 the mirrors,
 this seems to be an issue primarily between those users who encountered said 
 error (and
 caused them distress) and the mirror admins, not the whole list. However, 
 maybe I'm wrong
 and many readers of the list appreciate seeing the back-and-forth.
 
 P.S. - My goal is to try to limit the scope of this thread a little more, so 
 it stays
 focused and relevant. As a side-line user on this list, I feel it had long 
 since gotten
 out-of-hand.

I admire your goal of focussing on the problem, which I why I'll reply to this 
rather than other emails.  :-)

This being said, there is definitely a recurring issue with this particular 
mirror.  Since Aug 22, I've seen:

% grep Can't connect to port 80 of host database.clamav.net (IP: 
88.198.67.125) /var/log/freshclam.log | wc -l
  27

...with zero successful connections to that IP.  The connectivity failure is 
entirely reproducible by hand:

% telnet 88.198.67.125 80
Trying 88.198.67.125...
telnet: connect to address 88.198.67.125: Connection refused
telnet: Unable to connect to remote host

I don't consider this to be a significant problem since other mirrors are up, 
but it's not a matter of bandwidth or connectivity on my side.  As it happens, 
I'm testing from Cupertino, CA via Apple's 17.0.0.0/8 network, and from a 
Time-Warner cable link from NYC, NY on 24.103.0.0/16.

However, as a workaround it should be possible for folks to manually set 
DatabaseMirror in freshclam.conf to specific IPs from db.us.clamav.net, or 
perhaps switch to using db.ca.clamav.net, db.mx.clamav.net, or similar.

Regards,
-- 
-Chuck

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Chuck Swiger]

On Sep 13, 2011, at 2:28 PM, Bryan Burke wrote:
 ...with zero successful connections to that IP.  The connectivity failure is 
 entirely reproducible by hand:
 
 % telnet 88.198.67.125 80
 Trying 88.198.67.125...
 telnet: connect to address 88.198.67.125: Connection refused
 telnet: Unable to connect to remote host
 
 I should say that when I did this, I got the same, but the connection seemed 
 to be timing
 out, not being refused (despite what telnet says). Was it the same for you?

No, I get an immediate connection refused and an ICMP port unreachable back:

# tcpdump -nq host 88.198.67.125
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:32:31.222347 IP 17.209.4.71.55899  88.198.67.125.80: tcp 0
14:32:31.397480 IP 88.198.67.125  17.209.4.71: ICMP 88.198.67.125 tcp port 80 
unreachable, length 72
^C
2 packets captured

 I ask because that would indicate either that the web server on that IP is 
 down, or that
 some firewall is silently dropping packets.

The webserver appears down from here; while a firewall could be configured to 
return ICMP_UNREACH_PORT, normally they just drop the traffic and you get 
connection timeouts as you've described...

Regards,
-- 
-Chuck

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Nathan Gibbs]

On 9/13/2011 12:47 AM, Henrik K wrote:
 
 If you are an individual not able to put $15-$100 a month, then yes, it's not
 in your capability.
 

$15 - $100 extra / month would go to higher priority tasks / needs.
Some of our servers are nearly old enough to vote.
:-)

As an individual, or small company, it just isn't within our current
capabilities.
When it is, we plan to get involved there.
For now, we do what we can with what we have.

 
 No one thinks any less of you for trying to help, on the contrary. But if
 you can't even get any facts straight etc, it's just messing up the thread.
 
 Let's not forget that ClamAV is backed by a commercial organization?? If
 they wanted US bandwidth badly, they can get it.  If not by buying, then
 probably just by asking around or even on the web page?  Why do you think
 it's not mentioned there.  Probably very few users read this list.
 
Very good point.
They could get it if they really needed it.
Asking the user base for it is kind of sad.

-- 
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com




signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Bryan Burke]

 No, I get an immediate connection refused and an ICMP port unreachable back:
 
 # tcpdump -nq host 88.198.67.125
 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
 listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes
 14:32:31.222347 IP 17.209.4.71.55899  88.198.67.125.80: tcp 0
 14:32:31.397480 IP 88.198.67.125  17.209.4.71: ICMP 88.198.67.125 tcp port 
 80 unreachable, length 72

My fault; just different telnet behaviors: I was using BSD telnet, which 
apparently kept
trying to connect. When I used linux telnet, it ends immediately. So no 
discrepancy there.

And I momentarily forgot the behavior of so-called closed ports (not blocked 
by
firewall, but nothing running on them... thought the packets were dropped). So 
assuming a
common firewall setup, it would appear the webserver is down.

For potential aid in comparing notes and diagnosing the problem, I'm attaching 
some
network information (whois and traceroute).

If no firewall rule at the remote site explains this, then I can only surmise 
that some
hop along the way is blocking the connections.

If, however, this is due to some rate-limiting rule at the end point, is that 
acceptable?
I don't know if ClamAV has a policy they ask their mirror hosts to adhere to, 
but if so,
would this constitute grounds for removal from the pool?

If not, then at this point, I'm guessing there's enough data here for the team 
to make a
decision one way or the other concerning this host. Even if removed, it can 
always be
re-added when the cause of this issue is tracked down and fixed.

At least concerning this issue, is there anything more to be done?

-- 
Bryan Burke
IT Administrator
Department of Electrical Engineering and Computer Science
University of Tennessee, Knoxville
bbu...@eecs.utk.edu
(865) 974-4694
WHOIS:
The University of Tennessee Health Science Center UTK-NET (NET-160-36-0-0-1) 
160.36.0.0 - 160.36.255.255
Various Registries (Maintained by ARIN) NET160 (NET-160-0-0-0-0) 160.0.0.0 - 
160.255.255.255

traceroute:
 1  chm01v150.ns.utk.edu (160.36.56.1)  0.383 ms  0.430 ms  0.371 ms
 2  10.8.2.30 (10.8.2.30)  0.605 ms  0.547 ms  0.477 ms
 3  bsm01v20.ns.utk.edu (160.36.128.133)  0.962 ms  0.967 ms  0.975 ms
 4  bhm01ge3-3.ns.utk.edu (160.36.2.74)  0.671 ms  0.940 ms  0.869 ms
 5  gi1-8.mpd01.atl04.atlas.cogentco.com (38.104.182.37)  6.564 ms  6.551 ms  
6.580 ms
 6  te0-1-0-1.mpd22.atl01.atlas.cogentco.com (154.54.3.169)  18.520 ms 
te0-1-0-1.ccr22.atl01.atlas.cogentco.com (154.54.6.121)  18.685 ms  18.603 ms
 7  te0-4-0-7.mpd22.dca01.atlas.cogentco.com (154.54.27.93)  18.552 ms 
te0-1-0-2.ccr22.dca01.atlas.cogentco.com (154.54.28.230)  18.521 ms 
te0-2-0-3.mpd22.dca01.atlas.cogentco.com (154.54.2.102)  18.642 ms
 8  te0-1-0-1.ccr22.iad02.atlas.cogentco.com (154.54.26.138)  19.529 ms 
te0-1-0-1.mpd22.iad02.atlas.cogentco.com (154.54.26.122)  19.656 ms 
te0-3-0-5.ccr22.iad02.atlas.cogentco.com (154.54.41.238)  19.922 ms
 9  te1-8.ccr02.iad01.atlas.cogentco.com (154.54.31.174)  19.450 ms 
te2-7.ccr02.iad01.atlas.cogentco.com (154.54.31.214)  19.676 ms 
te1-2.ccr02.iad01.atlas.cogentco.com (154.54.31.194)  19.713 ms
10  kpn.iad01.atlas.cogentco.com (154.54.10.242)  19.364 ms  19.434 ms  19.377 
ms
11  nyk-s2-rou-1021.US.eurorings.net (134.222.227.133)  26.53 ms  25.576 ms  
25.506 ms
12  nntr-s1-rou-1022.FR.eurorings.net (134.222.226.162)  101.182 ms  103.179 ms 
 101.83 ms
13  ffm-s1-rou-1022.DE.eurorings.net (134.222.229.30)  117.550 ms  117.294 ms  
117.393 ms
14  ffm-s1-rou-1021.DE.eurorings.net (134.222.228.85)  118.820 ms  116.595 ms  
118.851 ms
15  nbg-s1-rou-1001.DE.eurorings.net (134.222.225.26)  119.864 ms  120.319 ms  
120.34 ms
16  kpn-gw.hetzner.de (134.222.107.21)  121.689 ms  121.654 ms  121.642 ms
17  hos-bb2.juniper1.fs.hetzner.de (213.239.240.146)  122.426 ms 
hos-bb2.juniper2.rz14.hetzner.de (213.239.240.151)  123.412 ms  123.453 ms
18  hos-tr2.ex3k4.rz14.hetzner.de (213.239.224.165)  124.146 ms 
hos-tr1.ex3k4.rz14.hetzner.de (213.239.224.133)  128.706 ms  127.250 ms
19  mx00.akxnet.de (88.198.67.125)  122.800 ms  122.781 ms  122.707 ms

traceroute -n:
 1  160.36.56.1  0.456 ms  2.169 ms  2.226 ms
 2  10.8.2.30  7.586 ms  0.622 ms  0.563 ms
 3  160.36.128.133  0.541 ms  0.529 ms  0.566 ms
 4  160.36.2.74  0.594 ms  0.580 ms  0.630 ms
 5  38.104.182.37  6.674 ms  6.600 ms  6.551 ms
 6  154.54.3.169  18.612 ms 154.54.6.121  18.850 ms  19.305 ms
 7  154.54.3.66  18.513 ms 154.54.1.122  18.616 ms 154.54.27.97  18.489 ms
 8  154.54.30.126  19.643 ms 154.54.30.118  19.548 ms 154.54.7.158  19.570 ms
 9  154.54.31.214  19.513 ms 154.54.31.174  19.478 ms 154.54.31.234  19.504 ms
10  154.54.10.242  19.359 ms  19.324 ms  19.288 ms
11  134.222.227.133  42.719 ms  33.734 ms  32.88 ms
12  134.222.226.162  101.309 ms  101.216 ms  112.846 ms
13  134.222.231.145  118.146 ms  118.101 ms  118.99 ms
14  134.222.228.89  120.349 ms  118.313 ms  124.437 ms
15  134.222.225.26  119.494 ms  119.264 ms  119.573 ms
16  

Re: [clamav-users] Yet Another US Mirror Issue

[Al Varnell]

On 9/13/11 12:49 PM, Bryan Burke bbu...@eecs.utk.edu wrote:

 I don't know the frequency, but it was enough of a problem for him to
 complain...three times before I brought it up here.
 
 So is this issue specifically with ClamXav? i.e. is ClamXav forcing an update
 each time it's run?
 
No, the option to check updates at launch defaults to off, but this
particular user prefers to have the most recent updates available when
running manual checks, so he has toggled the option on.

 I know that the regular clamav does not do this, and if that's the
 product in
 question, my point still seems valid: aren't we crying over spilled milk here?
 I mean, it
 would seem that the user's desired case/functionality is unreasonable, and as
 a result,
 that asking the ClamAV team to do anything about it is also unreasonable.
 
 If the issue is, however, with ClamXav, then this isn't the correct mailing
 list to be having this discussion, correct?
 
Correct and it has been extensively discussed on the ClamXav Forum long
before I brought it here.  He has tried all the suggestions we made and
still feels like he's wasting a log of time.  If one user isn't enough to
justify making any changes, fair enough, but I firmly believe we have a
systemic problem that affects all US users here that needs to be resolved.

 That's not a user option with ClamXav, although I realize it could be done
 by hacking the LaunchAgent (formerly cron) event.  I will probably recommend
 to Mark that he include multiple updates as a user preference one of these
 days, but there are a couple of other features I'd like to see first.
 
 Fair enough.
 
 - Supporting users half way around the world
 
 Don't see a problem with this.
 
Not under normal circumstances, but from the Traceroutes I and others have
done there does seem to be a significant delay in the Trans Atlantic
segment.  If that's what's causing the failure to connects, then maybe we
need to take a look at the viability of where we go for off-shore mirrors.

 - Which always seems to be the first one checked
 
 Actual issue. Perhaps DNS caching is a factor? If freshclam checks often
 enough, then
 perhaps the cache entry never dies, and you get the same order every time?
 
Interesting thought.

 - And has never successfully connected for over two weeks
 
 Other than an announcement to the list that there may be problems with one of
 the mirrors,
 this seems to be an issue primarily between those users who encountered said
 error (and
 caused them distress) and the mirror admins, not the whole list. However,
 maybe I'm wrong
 and many readers of the list appreciate seeing the back-and-forth.
 
I'm more than willing to take this off-line if someone can give me a list of
everybody that needs to be part of the discussion.

 P.S. - My goal is to try to limit the scope of this thread a little more, so
 it stays
 focused and relevant. As a side-line user on this list, I feel it had long
 since gotten
 out-of-hand.


-Al-
 
-- 
Al Varnell
Mountain View, CA



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Al Varnell]

On 9/13/11 2:28 PM, Bryan Burke bbu...@eecs.utk.edu wrote:

 % grep Can't connect to port 80 of host database.clamav.net (IP:
 88.198.67.125) /var/log/freshclam.log | wc -l
   27
 
 Interesting. When I just grep for the IP in my logs:
 
 ib /var/log # grep 88.198.67.125 maillog* | wc -l
 12
 
 ren /var/log # grep 88.198.67.125 maillog* | wc -l
 5
 
 ba /var/log # grep 88.198.67.125 maillog* | wc -l
 12
 
 That represents 7 days worth of logs, across three servers. That averages to
 ~10/day. Note
 that my systems are configured for the default, which is 12 DB update checks
 per day.
 Since freshclam doesn't seem to log the IP (by default, at least) when the
 update succeeds
 (or there is no update), I have no good way of checking how many times
 88.198.67.125 is queried.

My logs show successful update sources in the last line, but not when there
is no update.

For instance, here is the one that just occurred:

--
ClamAV update process started at Tue Sep 13 15:45:07 2011
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder:
sven)
connect_error: getsockopt(SO_ERROR): fd=4 error=61: Connection refused
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Downloading daily-13609.cdiff [100%]
daily.cld updated (version: 13609, sigs: 192584, f-level: 60, builder: neo)
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60, builder:
edwin)
Database updated (1038839 signatures) from db.US.clamav.net (IP:
194.8.197.22)
--


-Al-
 
-- 
Al Varnell
Mountain View, CA



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Nathan Gibbs]

On 9/13/2011 7:07 PM, Al Varnell wrote:
 On 9/13/11 2:28 PM, Bryan Burke bbu...@eecs.utk.edu wrote:

 Since freshclam doesn't seem to log the IP (by default, at least) when the
 update succeeds
 (or there is no update), I have no good way of checking how many times
 88.198.67.125 is queried.

 My logs show successful update sources in the last line, but not when there
 is no update.
 

Which log messages need the IP?

I'm testing the next CCEE patch set, so I could possibly slip those
changes in before release.
:-)


-- 
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com




signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Bryan Burke]

 My logs show successful update sources in the last line, but not when there
 is no update.

Ok, well I did check the output of the grep before posting the number of lines 
on this
list, and all log entries mentioning that IP were failures. So there's still 
*technically*
some gray area, in that, if it happened to query that IP successfully, and 
there was no
update, we'd never know, but I'm guessing that would reveal a similar outcome.

Another side note: My ping latency times were about half of those posted 
earlier in the
thread and I can't connect (about 122ms average). Either way, I really doubt 
the high
latency of 250ms would cause any sort of issue.

-- 
Bryan Burke
IT Administrator
Department of Electrical Engineering and Computer Science
University of Tennessee, Knoxville
bbu...@eecs.utk.edu
(865) 974-4694
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Al Varnell]

On 9/13/11 6:31 PM, Nathan Gibbs nat...@cmpublishers.com wrote:

 On 9/13/2011 7:07 PM, Al Varnell wrote:
 On 9/13/11 2:28 PM, Bryan Burke bbu...@eecs.utk.edu wrote:
 
 Since freshclam doesn't seem to log the IP (by default, at least) when the
 update succeeds
 (or there is no update), I have no good way of checking how many times
 88.198.67.125 is queried.
 
 My logs show successful update sources in the last line, but not when there
 is no update.
 
 
 Which log messages need the IP?
 
I was trying to say that using this command:

freshclam --stdout --quiet --no-warnings
--log=/usr/local/clamXav/share/clamav/freshclam.log

I can determine the IP address of a successful update in the last line, e.g.

Database updated (1038839 signatures) from db.US.clamav.net (IP:
194.8.197.22)

If the database is already up-to-date then there is no attempt to access a
mirror, so it would not be possible to provide an IP.

But appreciate the offer.


-Al-
 
-- 
Al Varnell
Mountain View, CA



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Bryan Burke]

 Eliminate some unknowns - like maybe your DNS doesn't like big
 packets. Add this *temporarily* to your host table:
 
 88.198.67.125   db.us.big.clamav.net
 
 And try again - and try with your browser, too. It should show you a
 web page indentifying the site you connected to and then after a
 short time you will be sent to clamav.net.

Running host db.us.big.clamav.net multiple times seems to reveal 15 servers 
in the pool,
and the order changes each time; as I mentioned earlier, in my case at least, 
the random
pool idea is working, even if over a 7-day period, 1/7 attempts to update 
seemed to try
the IP in question... just the nature of randomness, I suppose. Also, how would 
this
reveal anything more than what telnet 88.198.67.125 80 getting a connection 
refused
tells us?

However, I did just discover something bizarre and interesting:

 telnet 88.198.67.125 80
Trying 88.198.67.125...
telnet: connect to address 88.198.67.125: Connection refused
 host 88.198.67.125
125.67.198.88.in-addr.arpa domain name pointer mx00.akxnet.de.
 host mx00.akxnet.de
mx00.akxnet.de has address 88.198.67.99
mx00.akxnet.de has IPv6 address 2a01:4f8:140:4301::2
 telnet 88.198.67.99 80
Trying 88.198.67.99...
Connected to 88.198.67.99.
Escape character is '^]'.
^]
telnet quit
Connection closed.

Is it possible this is caused by a master DNS issue? Of course, I tried to see 
the page
and didn't get much, but I'm not all that familiar with HTTP:

 curl -H Host: db.us.clamav.net 88.198.67.99
!DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
htmlhead
title403 Forbidden/title
/headbody
h1Forbidden/h1
pYou don't have permission to access /
on this server./p
hr
addressApache/2.2.15 (Linux/SUSE) Server at db.us.clamav.net Port 
80/address
/body/html

-- 
Bryan Burke
IT Administrator
Department of Electrical Engineering and Computer Science
University of Tennessee, Knoxville
bbu...@eecs.utk.edu
(865) 974-4694
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Noel Jones]

On 9/13/2011 9:03 PM, Bryan Burke wrote:
 My logs show successful update sources in the last line, but not when there
 is no update.
 
 Ok, well I did check the output of the grep before posting the number of 
 lines on this
 list, and all log entries mentioning that IP were failures. So there's still 
 *technically*
 some gray area, in that, if it happened to query that IP successfully, and 
 there was no
 update, we'd never know, but I'm guessing that would reveal a similar outcome.

There is no grey area.  All connections are logged, both successful
and unsuccessful.   When DNS reports there is no update available,
no connection is attempted and consequently there is no IP to log.

From a well-connected host near Nashville TN USA:
# tcping 88.198.67.125 80
88.198.67.125 port 80 closed.

I get identical port 80 closed results from several hosts on
various major USA ISPs.

Logs going back a couple weeks show several failures each day and
zero successful downloads from this host for us.

While I certainly appreciate the donation of hardware and bandwidth
by the owners of 88.198.67.125, a host that is consistently
unavailable should be removed from the pool until it can be reliably
accessed.



  -- Noel Jones
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Dennis Peterson]

On 9/13/11 7:53 PM, Noel Jones wrote:

On 9/13/2011 9:03 PM, Bryan Burke wrote:

My logs show successful update sources in the last line, but not when there
is no update.


Ok, well I did check the output of the grep before posting the number of lines 
on this
list, and all log entries mentioning that IP were failures. So there's still 
*technically*
some gray area, in that, if it happened to query that IP successfully, and 
there was no
update, we'd never know, but I'm guessing that would reveal a similar outcome.


There is no grey area.  All connections are logged, both successful
and unsuccessful.   When DNS reports there is no update available,
no connection is attempted and consequently there is no IP to log.

 From a well-connected host near Nashville TN USA:
# tcping 88.198.67.125 80
88.198.67.125 port 80 closed.

I get identical port 80 closed results from several hosts on
various major USA ISPs.


I've just sent the URL to validator.wc3.org and got the same problem with this 
message:


I got the following unexpected response when trying to retrieve 
http://88.198.67.125:


500 Can't connect to 88.198.67.125:80 (connect: Connection refused)


I'm satisfied that site should be pulled from the list.

If you have your own DNS server you can create your own round-robin authorative 
DNS server pointing to known to be reliable signature servers and which are 
located where ever they may be. It takes very little time to set one up.


dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Dennis Peterson]

On 9/13/11 8:05 PM, Dennis Peterson wrote:


I've just sent the URL to validator.wc3.org and got the same problem with this
message:


My fat fingers intended to type http://validator.wc.org and not what they did 
type.

dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Al Varnell]

On 9/13/11 6:58 PM, Dennis Peterson denni...@inetnw.com wrote:

 On 9/13/11 3:15 PM, Bryan Burke wrote:
 
 
 At least concerning this issue, is there anything more to be done?
 
 Eliminate some unknowns - like maybe your DNS doesn't like big packets. Add
 this 
 *temporarily* to your host table:
 
 88.198.67.125   db.us.big.clamav.net
 
 And try again - and try with your browser, too. It should show you a web page
 indentifying the site you connected to and then after a short time you will be
 sent to clamav.net.
 
Sounds like the server will be pulled, so you may not care, but since I went
through the effort.

Made changes to the hosts file.

Ran dig $ db.us.clamav.net

 ;  DiG 9.4.3-P3  db.us.clamav.net
 ;; global options:  printcmd
 ;; Got answer:
 ;; -HEADER- opcode: QUERY, status: NOERROR, id: 61401
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 16, AUTHORITY: 0, ADDITIONAL: 0
 
 ;; QUESTION SECTION:
 ;db.us.clamav.net.INA
 
 ;; ANSWER SECTION:
 db.us.clamav.net.1190INCNAMEdb.us.big.clamav.net.
 db.us.big.clamav.net.50INA194.47.250.218
 db.us.big.clamav.net.50INA194.186.47.19
 db.us.big.clamav.net.50INA200.236.31.1
 db.us.big.clamav.net.50INA204.109.62.22
 db.us.big.clamav.net.50INA207.57.106.31
 db.us.big.clamav.net.50INA208.72.56.53
 db.us.big.clamav.net.50INA64.246.134.219
 db.us.big.clamav.net.50INA65.19.179.67
 db.us.big.clamav.net.50INA69.12.162.28
 db.us.big.clamav.net.50INA69.163.100.14
 db.us.big.clamav.net.50INA88.198.67.125
 db.us.big.clamav.net.50INA150.214.142.197
 db.us.big.clamav.net.50INA155.98.64.87
 db.us.big.clamav.net.50INA168.143.19.95
 db.us.big.clamav.net.50INA194.8.197.22
 
 ;; Query time: 91 msec
 ;; SERVER: 10.0.1.1#53(10.0.1.1)
 ;; WHEN: Tue Sep 13 19:37:53 2011
 ;; MSG SIZE  rcvd: 298

Note that 88.198.67.125 is far down the list, so I immediately ran
 $ sudo /usr/local/clamXav/bin/freshclam --stdout --quiet --no-warnings
 --log=/usr/local/clamXav/share/clamav/freshclam.log

With the following results:
 --
 ClamAV update process started at Tue Sep 13 19:40:13 2011
 main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
 connect_error: getsockopt(SO_ERROR): fd=4 error=61: Connection refused
 Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
 Downloading daily-13610.cdiff [100%]
 Downloading daily-13611.cdiff [100%]
 daily.cld updated (version: 13611, sigs: 192595, f-level: 60, builder: guitar)
 bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60, builder:
 edwin)
 Database updated (1038850 signatures) from db.US.clamav.net (IP:
 69.163.100.14)

So how could old 88 have possibly worked is way back to the top?

Sending my browser to db.US.clamav.net gives me
 Safari can¹t open the page ³http://db.us.big.clamav.net/² because Safari can¹t
 connect to the server ³db.us.big.clamav.net².

No matter how many times I try it.

Was there anything else I need to try before restoring the hosts file?


-Al-
 
-- 
Al Varnell
Mountain View, CA



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Al Varnell]

On 9/13/11 8:07 PM, Dennis Peterson denni...@inetnw.com wrote:

 On 9/13/11 8:05 PM, Dennis Peterson wrote:
 
 I've just sent the URL to validator.wc3.org and got the same problem with
 this
 message:
 
 My fat fingers intended to type http://validator.wc.org and not what they did
 type.
 
Or possibly http://validator.w3.org?

-Al-
 
-- 
Al Varnell
Mountain View, CA



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Dennis Peterson]

On 9/13/11 8:31 PM, Al Varnell wrote:




Sounds like the server will be pulled, so you may not care, but since I went
through the effort.

Made changes to the hosts file.

Ran dig $ db.us.clamav.net


Does your dig use the host table? Mine does not. Same with nslookup. I can't 
imagine why they would, in fact.


dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Dennis Peterson]

On 9/13/11 8:34 PM, Al Varnell wrote:

On 9/13/11 8:07 PM, Dennis Petersondenni...@inetnw.com  wrote:


On 9/13/11 8:05 PM, Dennis Peterson wrote:


I've just sent the URL to validator.wc3.org and got the same problem with
this
message:


My fat fingers intended to type http://validator.wc.org and not what they did
type.


Or possibly http://validator.w3.org?

-Al-



Thank you, Al - I knew the truth would out! The lesson learned is if you can 
avoid it, don't work 48 hour shifts and then try to think and type at the same 
time :)


dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Al Varnell]

On 9/13/11 8:34 PM, Dennis Peterson denni...@inetnw.com wrote:

 On 9/13/11 8:31 PM, Al Varnell wrote:
 
 
 Sounds like the server will be pulled, so you may not care, but since I went
 through the effort.
 
 Made changes to the hosts file.
 
 Ran dig $ db.us.clamav.net
 
 Does your dig use the host table? Mine does not. Same with nslookup. I can't
 imagine why they would, in fact.
 
Apparently not.  I re-launched Terminal, just in case that was necessary,
but it still didn't make any difference.


-Al-
 
-- 
Al Varnell
Mountain View, CA



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Jim Preston]

On 09/13/2011 12:33 PM, Al Varnell wrote:

On 9/13/11 10:18 AM, sys...@ra-schaal.desys...@ra-schaal.de  wrote:


Am 13.09.2011 18:01, schrieb Al Varnell:

On Sep 13, 2011, at 8:15 AM, Dandantear...@gmail.com  wrote:


Yet more failure on 88.198.67.125, this morning.  This one is a double.

I was going to wait a few more days to mention this, but since you bring it
up...

I have seen this twice a day almost every day since 29 Aug.  The only times I
didn't see this was when the database was reported to be up-to-date.  During
that same period, I was _never_ able to successfully connect to it.  This
can't be just my bad luck.

just your bad luck

2011/09/05 - 297638 connects
2011/09/06 - 265677 connects
2011/09/07 - 265228 connects
2011/09/08 - 210367 connects
2011/09/09 - 230462 connects
2011/09/10 - 142702 connects
2011/09/11 - 120486 connects
2011/09/12 - 207272 connects
2011/09/13 - 129521 connetcs until now - 1916 CET

as mentioned a few days befor, YOU have a very slow connection to my
system.


I'm half a world away from you, so I'm not really surprised by that, but
what difference should it make?


just use another mirror instead of crying all the time about your bad setup.


What are you talking about?  I have no choice whatsoever on the mirror I
connect to!


-Al-

Well here I have to take exception. You have every option to choose 
mirrors that suit your liking better. If the US servers are not meeting 
your needs, pick a different region. If the US round-robin are using 
mirrors half way around the world, then. there is no detraction to 
picking default mirrors that are half way around the world but choosing 
something other then US as the location. The fact that ClamXav HAS 
chosen to  make it inconvenient for users to change update frequency or 
setting of db mirrors is NOT a clamav fault. The mechanism exists in 
freschclam but the port to OS X has chosen to ignore this very important 
feature. Would you like me to write a user interface application so OS X 
users can do this very simple preference setting? And don't get me 
started on some of the stupid approaches Apple has taken to a very 
simple to manage OS like FreeBSD. Although I choose express no opinion 
on the MACH kernel versus other kernels, the MACH kernel choice,  is not 
issue that has detracted from the ability to easily set preferences. 
Apple has chosen to go the Microsoft route of our users are too stupid 
to be allowed to do their own customization and as such we OS X users 
have to suffer as we do with the choices made in Redmond.


--
Jim Preston
jimli...@commspeed.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Jim Preston]

On 09/13/2011 01:16 PM, Chuck Swiger wrote:

This being said, there is definitely a recurring issue with this particular 
mirror.  Since Aug 22, I've seen:

% grep Can't connect to port 80 of host database.clamav.net (IP: 
88.198.67.125) /var/log/freshclam.log | wc -l
   27

...with zero successful connections to that IP.  The connectivity failure is 
entirely reproducible by hand:

% telnet 88.198.67.125 80
Trying 88.198.67.125...
telnet: connect to address 88.198.67.125: Connection refused
telnet: Unable to connect to remote host


Well I wonder if it is a configuration issue on the web server of thus 
mirror. Others have reported that it responds to pings but will not 
accept connections on port 80. Maybe the config is unrealistically 
limiting connections..

I don't consider this to be a significant problem since other mirrors are up, 
but it's not a matter of bandwidth or connectivity on my side.  As it happens, 
I'm testing from Cupertino, CA via Apple's 17.0.0.0/8 network, and from a 
Time-Warner cable link from NYC, NY on 24.103.0.0/16.

Is Apple running an ISP on 17.0.0.0/8? If so, maybe my objection to 
Apple having a class A pubic subnet is unjustified.




--
Jim Preston
jimli...@commspeed.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Henrik K]

On Sun, Sep 11, 2011 at 04:11:07PM -0400, Dan wrote:
 
 At 11:40 PM +0200 9/7/2011, Luca Gibelli wrote:
 Traffic is around 5TB/month on each mirror.
 
 Short of a paid service, which I doubt any of us want, few have such
 bandwidth available to donate.

First of all, I think this whole thread is overreacting. I seriously
doubt the mirror capacity is at maximum.

Anyways, 5TB comes at 2MB/s average, which is not that much. I can do it
with my $15 OVH/Kimsufi box and so do probably thousands of others.

 Clam needs to leverage the power of the Internet - as it is now, not
 yesterday.  The simple, semi-linear propagate thru a few mirrors
 design has obviously reached a limit...  5 TB *per mirror* per
 month!!!???  Just to maintain a tiny 36 MB database?  d'oh!

It does sound a bit much for all the cdiffs etc, but maybe I'm
underestimating the number of ClamAV users..

 It may have worked just fine yesterday, but, seriously, just a model
 that's waiting to fall on its face as Clam becomes more popular.

I don't think it can suddenly come _that_ much more popular, since it's
already quite popular.

 So, I'm thinking that leaves two choices: 1) a cloud, a la Amazon S3.  2) p2p.

 Maybe, someday, when the well-cached cloud services are fully
 propagated *and* reliable world-wide, using a cloud in leiu of the
 traditional mirror set-up might be viable.  But IMO that's years
 away and too expensive.

There's nothing wrong with the current method. It's simple and cheap.
You are underestimating the bandwidth available in the world.

Either there really is no problem and ClamAV is just lazily fishing for
more mirrors, or then they are just clueless and/or not having the
substantial financial and engineering resources of a much larger
organization (advertised in faq).

Heck, even I could buy few boxes for mirrors, but I'm not going to do that
as a private person since there are bazillion commercial entities that have
or can get the bandwidth if needed, including Sourcefire itself.

 Right now, IMO, a p2p set-up would be the most viable.  Continue to
 propagate via mirrors.  *ADD* the torrent.  Together, we clam users
 have many times the bandwidth needed!
 
 Is there a way to make freshclam grab and verify database files from
 a local directory?  If there is, creating a torrent set-up would be
 fairly easy, even on an ad-hoc basis.  I think it would be
 interesting to get a test going...

 WRT the reputation of p2p/torrents... There are quite a few legit
 uses for p2p.  A number of open source products are even distributed
 via bittorrent.  Yes, some ISPs are blocking the protocol -- but
 when shown that it's a legit use, they're usually willing to fix
 that.

I like the idea of some 3rd party offering torrent service for the
p2p-minded. What I don't want to see is freshclam bloated with some torrent
libraries and stuff.

You do realize that torrents actually need to have central servers for the
.torrent files themselves? That's just the first step (freshclam would
have already downloaded cdiffs at the same step). Then you actually need to
have some trackers also, unless you are relying on DHT. Hopefully it's not
the main database you end up downloading from some guys slow ADSL link..

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Dan]

At 9:22 AM +0300 9/12/2011, Henrik K wrote:

On Sun, Sep 11, 2011 at 04:11:07PM -0400, Dan wrote:


 At 11:40 PM +0200 9/7/2011, Luca Gibelli wrote:
 Traffic is around 5TB/month on each mirror.

 Short of a paid service, which I doubt any of us want, few have such
 bandwidth available to donate.


First of all, I think this whole thread is overreacting. I seriously
doubt the mirror capacity is at maximum.


Noone has suggested maximum.  The issue is that the mirrors are so 
overloaded that it's often taking freshclam an excessive amount of 
time to do its thing, because of the time-outs / connection failures. 
No big deal if it's the update run in the background.  But if it's 
on-demand update preceding a user-driven scan, it's making the user 
sit there, twiddling its thumbs, for up to a minute or two.


Luca's response to the problem is that more mirror capacity is 
needed.  Hence the discussion of alternatives...



Anyways, 5TB comes at 2MB/s average, which is not that much. I can do it
with my $15 OVH/Kimsufi box and so do probably thousands of others.


Perhaps, where you live.  Here, in the good'ole USofA, if I set up a 
server to feed 170 GB/day, my ISP would shut me down and bill me big.


  So, I'm thinking that leaves two choices: 1) a cloud, a la Amazon 
S3.  2) p2p.


 Maybe, someday, when the well-cached cloud services are fully
 propagated *and* reliable world-wide, using a cloud in leiu of the
 traditional mirror set-up might be viable.  But IMO that's years
 away and too expensive.


There's nothing wrong with the current method. It's simple and cheap.
You are underestimating the bandwidth available in the world.


I didn't say there's anything wrong with the current method.  It's 
just overwhelmed, and I doubt that adding a mirror or two will fix it 
now or even in the long term.  I'm looking to explore ways of 
supplementing the current infrastructure.


You do realize that torrents actually need to have central servers 
for the .torrent files themselves?


Are you saying that including a 30 KB file in the Clam distro is too 
heavy of a burden?


That's just the first step (freshclam would have already downloaded 
cdiffs at the same step). Then you actually need to have some 
trackers also, unless you are relying on DHT. Hopefully it's not the 
main database you end up downloading from some guys slow ADSL link..


The point of a torrent is that noone provides all the data from one 
source.  It's *distributed*.


- Dan.
--
- Psychoceramic Emeritus; South Jersey, USA, Earth.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Kris Deugau]

G.W. Haywood wrote:

The ClamAV database mirrors appear to have a growing capacity problem.
Torrents are intended to alleviate the problem, and it takes, oh, ten
minutes to set one up.  Scripts already exist which could be adapted
fairly easily to use torrents instead of mirrors to download the data.
The DNS tells us the filenames to ask for.  Anybody can run a torrent,
the torrent software can control the data rates used by clients, and a
network of torrents is a much more challenging target for the Bad Guys
than a few mirrors.  So what's the problem?


Maybe I just don't understand enough about how torrents actually work... 
 but wouldn't you need to update the .torrent every time the virus 
database changed?


I don't think the standard torrent protocol includes any support for 
something like that...


-kgd
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Nathan Gibbs]

On 9/12/2011 11:05 AM, Dan wrote:
 At 9:22 AM +0300 9/12/2011, Henrik K wrote:
 On Sun, Sep 11, 2011 at 04:11:07PM -0400, Dan wrote:

  At 11:40 PM +0200 9/7/2011, Luca Gibelli wrote:
  Traffic is around 5TB/month on each mirror.

  Short of a paid service, which I doubt any of us want, few have such
  bandwidth available to donate.

 First of all, I think this whole thread is overreacting. I seriously
 doubt the mirror capacity is at maximum.
 
 Noone has suggested maximum.  The issue is that the mirrors are so
 overloaded that it's often taking freshclam an excessive amount of time
 to do its thing, because of the time-outs / connection failures. No big
 deal if it's the update run in the background.  But if it's on-demand
 update preceding a user-driven scan, it's making the user sit there,
 twiddling its thumbs, for up to a minute or two.
 
 Luca's response to the problem is that more mirror capacity is needed. 
 Hence the discussion of alternatives...
 
 Anyways, 5TB comes at 2MB/s average, which is not that much. I can do it
 with my $15 OVH/Kimsufi box and so do probably thousands of others.
 
 Perhaps, where you live.  Here, in the good'ole USofA, if I set up a
 server to feed 170 GB/day, my ISP would shut me down and bill me big.
 
HERE HERE!

My ISP is pretty cool about letting users do what they want. However, if
I started moving 170GB / day they would definitely be chasing me down to
have a chat.
:-)

When they start offering inexpensive 10Mbit links to the net, a mirror
would be an option, but not right now.

-- 
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com




signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Henrik K]

On Mon, Sep 12, 2011 at 12:41:14PM -0400, Nathan Gibbs wrote:
 On 9/12/2011 11:05 AM, Dan wrote:
  At 9:22 AM +0300 9/12/2011, Henrik K wrote:
  On Sun, Sep 11, 2011 at 04:11:07PM -0400, Dan wrote:
 
   At 11:40 PM +0200 9/7/2011, Luca Gibelli wrote:
   Traffic is around 5TB/month on each mirror.
 
   Short of a paid service, which I doubt any of us want, few have such
   bandwidth available to donate.
 
  First of all, I think this whole thread is overreacting. I seriously
  doubt the mirror capacity is at maximum.
  
  Noone has suggested maximum.  The issue is that the mirrors are so
  overloaded that it's often taking freshclam an excessive amount of time
  to do its thing, because of the time-outs / connection failures. No big
  deal if it's the update run in the background.  But if it's on-demand
  update preceding a user-driven scan, it's making the user sit there,
  twiddling its thumbs, for up to a minute or two.
  
  Luca's response to the problem is that more mirror capacity is needed. 
  Hence the discussion of alternatives...
  
  Anyways, 5TB comes at 2MB/s average, which is not that much. I can do it
  with my $15 OVH/Kimsufi box and so do probably thousands of others.
  
  Perhaps, where you live.  Here, in the good'ole USofA, if I set up a
  server to feed 170 GB/day, my ISP would shut me down and bill me big.
  
 HERE HERE!
 
 My ISP is pretty cool about letting users do what they want. However, if
 I started moving 170GB / day they would definitely be chasing me down to
 have a chat.
 :-)
 
 When they start offering inexpensive 10Mbit links to the net, a mirror
 would be an option, but not right now.

Guys, I'm not talking about some home or office ISP lines. I'm talking about
rented dedicated servers that have huge bandwidth by contract. Why do you
make pointless arguments? Depending on where you live or want the servers
to be located, they can be cheap or amazingly cheap.

And Dan, please familiarize yourself first on how torrents work.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Al Varnell]

On Sep 12, 2011, at 10:58 AM, Henrik K h...@hege.li wrote:

 I'm not talking about some home or office ISP lines. I'm talking about
 rented dedicated servers that have huge bandwidth by contract. Why do you
 make pointless arguments?

Has anybody talked to Apple?  Every box of Server software they sell comes with 
clavav, so they are already invested and have plenty of capacity world-wide.


Sent from Janet's iPad

-Al-
-- 
Al Varnell
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Dan]

At 8:58 PM +0300 9/12/2011, Henrik K wrote:
Guys, I'm not talking about some home or office ISP lines. I'm 
talking about rented dedicated servers that have huge bandwidth by 
contract. Why do you make pointless arguments?


Excuse me?  Pointless?  Is that your way of disagreeing intelligently 
or just trying to shut the conversation down?


In YOUR opinion individuals and even small businesses are incapable 
of contributing to Clam's strained infrastructure?


So OUR suggestions and inquiries on this USER mailing list are  ...  pointless?


And Dan, please familiarize yourself first on how torrents work.


I know pretty much how they work.  What's your point here?  Is there 
some design issue that invalidates the idea of using a p2p/torrent 
type distribution method to supplement the mirrors?



I just love having a design idea shot down with no discussion because 
it's POINTLESS.


Or perhaps I've made the error here?   Is there some heresy in asking 
my question yesterday:  Is there a way to make freshclam grab and 
verify database files from a local directory?


- Dan.
--
- Psychoceramic Emeritus; South Jersey, USA, Earth.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Török Edwin]

On 09/12/2011 10:54 PM, Dan wrote:
 Is there a way to make freshclam grab and verify database files from a local 
 directory?


Yes, but they don't work for fetching incremental updates from local dir 
(DatabaseCustomURL, PrivateMirror).
What you could try is set DatabaseMirror to a local webserver, which fetches 
CDIFFs/CVDs from torrents on demand.

FWIW fetching small cdiffs (1kb) via torrents is probably a bad idea as it'll 
take a lot more
for you to find peers than to download from a mirror.

Best regards,
--Edwin

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Jim Preston]

On 09/12/2011 12:20 PM, Al Varnell wrote:

On Sep 12, 2011, at 10:58 AM, Henrik Kh...@hege.li  wrote:


I'm not talking about some home or office ISP lines. I'm talking about
rented dedicated servers that have huge bandwidth by contract. Why do you
make pointless arguments?

Has anybody talked to Apple?  Every box of Server software they sell comes with 
clavav, so they are already invested and have plenty of capacity world-wide.


Sent from Janet's iPad

-Al-
And Apple (along with several other large corporations) has an over 
abundance of public IP addresses to assign to their own hosted servers 
017/8 (16,777,216 IP Addresses).


--
Jim Preston
jimli...@commspeed.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Joel Esler]

On Sep 12, 2011, at 3:20 PM, Al Varnell wrote:
 On Sep 12, 2011, at 10:58 AM, Henrik K h...@hege.li wrote:
 
 I'm not talking about some home or office ISP lines. I'm talking about
 rented dedicated servers that have huge bandwidth by contract. Why do you
 make pointless arguments?
 
 Has anybody talked to Apple?  

Yes.

...and you know that's all I can say about it.

--
Joel Esler
OpenSource Community Manager
Sourcefire
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Henrik K]

On Mon, Sep 12, 2011 at 03:54:44PM -0400, Dan wrote:
 At 8:58 PM +0300 9/12/2011, Henrik K wrote:
 Guys, I'm not talking about some home or office ISP lines. I'm
 talking about rented dedicated servers that have huge bandwidth by
 contract. Why do you make pointless arguments?
 
 Excuse me?  Pointless?  Is that your way of disagreeing
 intelligently or just trying to shut the conversation down?
 
 In YOUR opinion individuals and even small businesses are incapable
 of contributing to Clam's strained infrastructure?

 So OUR suggestions and inquiries on this USER mailing list are  ...  
 pointless?

I'm sorry but that's the fact. If mirrors need bandwidth, it's not going to
work on some slow home connection.  Why do you take it so personally?  If
you want to help, buy a server and host a mirror.

 And Dan, please familiarize yourself first on how torrents work.
 
 I know pretty much how they work.  What's your point here?  Is there
 some design issue that invalidates the idea of using a p2p/torrent
 type distribution method to supplement the mirrors?

Obviously you didn't think how you are going to download all those cdiffs. 
You do realize that all of them need .torrent files also? It's pointless
overhead.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Henrik K]

On Mon, Sep 12, 2011 at 05:57:24PM -0400, Nathan Gibbs wrote:
 On 9/12/2011 1:58 PM, Henrik K wrote:
  
  Guys, I'm not talking about some home or office ISP lines. I'm
  talking about rented dedicated servers that have huge bandwidth by
  contract.
 
 OK, but what the rest of us are talking about is taking load off the
 global clamav mirror infrastructure.
 Particularly the US section.

And I'm not?? But a da*n US server and host a mirror. Even as a individual
if you like.

  Depending on where you live
 
 Because it is our section of the infrastructure that is having issues.
 Please read the thread title.

Even I can buy some US servers if I want.  There are lots of providers to
choose from.

  or want the servers to be located, they can be cheap or amazingly
  cheap.
  
 
 I don't care where the servers are as long as I can get the current DBs.
 
 Rehash
 1. The Clamav Project needs more capacity especially in the US zone.
 2. Many of us have gone to a local mirror configuration to use as little
 of the capacity as possible.
 3. The Clamav Project still needs more capacity.
 4. Many of us would step up to the plate and provide this capacity if it
 were within our ability to do so.

If you are an individual not able to put $15-$100 a month, then yes, it's not
in your capability.

 5. Barring that we are asking about torrent because we would step up to
 the plate and provide what is within our ability to provide.

 I could easily provide 20MB of transfer a month initially and maybe
 more.  However 5TB / month is definitely out of the question.

No one thinks any less of you for trying to help, on the contrary. But if
you can't even get any facts straight etc, it's just messing up the thread.

Let's not forget that ClamAV is backed by a commercial organization?? If
they wanted US bandwidth badly, they can get it.  If not by buying, then
probably just by asking around or even on the web page?  Why do you think
it's not mentioned there.  Probably very few users read this list.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Dan]

At 12:25 PM +0100 9/9/2011, G.W. Haywood wrote:

  On 8-9 Sep 2011 Luca Gibelli and I wrote:
If anyone can provide a CVD mirror in US, please contact me directly.

   We definitely need more capacity in the db.us.clamav.net RR.
 
  I've asked this before and never had an answer, so I'll ask again.

   Is there a reason why torrents can't be used?

On Thu, 08 Sep 2011 Jim Preston wrote:
  Torrents have a bad reputation from pirating software, illegal digital

 media distribution, distributing infections and malware and such. I am

  not sure I would trust torrents in a general way.

Since the widespread adoption of strong encryption and digital 
certificates the Internet has been used securely to transfer 
verifiable and non-repudiable information.  The published ClamAV 
databases are verifiably signed.


Exactly.  Either the pieces are already properly verified by 
freshclam before being added into the local database, or there is a 
massive security vulnerability that needs to be addressed immediately!



  ... spreading the work over many pipes ...

That's the whole point, and that's why I keep banging on about it. :)


At 11:40 PM +0200 9/7/2011, Luca Gibelli wrote:

Traffic is around 5TB/month on each mirror.


Short of a paid service, which I doubt any of us want, few have such 
bandwidth available to donate.


Clam needs to leverage the power of the Internet - as it is now, not 
yesterday.  The simple, semi-linear propagate thru a few mirrors 
design has obviously reached a limit...  5 TB *per mirror* per 
month!!!???  Just to maintain a tiny 36 MB database?  d'oh!


It may have worked just fine yesterday, but, seriously, just a model 
that's waiting to fall on its face as Clam becomes more popular.


So, I'm thinking that leaves two choices: 1) a cloud, a la Amazon S3.  2) p2p.

Maybe, someday, when the well-cached cloud services are fully 
propagated *and* reliable world-wide, using a cloud in leiu of the 
traditional mirror set-up might be viable.  But IMO that's years away 
and too expensive.


Right now, IMO, a p2p set-up would be the most viable.  Continue to 
propagate via mirrors.  *ADD* the torrent.  Together, we clam users 
have many times the bandwidth needed!


Is there a way to make freshclam grab and verify database files from 
a local directory?  If there is, creating a torrent set-up would be 
fairly easy, even on an ad-hoc basis.  I think it would be 
interesting to get a test going...


WRT the reputation of p2p/torrents... There are quite a few legit 
uses for p2p.  A number of open source products are even distributed 
via bittorrent.  Yes, some ISPs are blocking the protocol -- but when 
shown that it's a legit use, they're usually willing to fix that.


fwiw,
- Dan.
--
- Psychoceramic Emeritus; South Jersey, USA, Earth.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Dennis Peterson]

On 9/9/11 3:07 PM, Nathan Gibbs wrote:


Not everyone on this list works in your kind of shop.
Our shop has a host whose main purpose in life is to torrent Debian ISO's.

All the other person is asking, is why can't we have the capability to
use torrents?

This solution could take load off the global mirror infrastructure?
I'm sure that many of us are already running local mirror configurations
to do this, but obviously it isn't enough.
The global infrastructure is still stressed.


It takes next to no time to seed the signed signatures on a torrent system in 
your own home. Set it up and post a link.


dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Al Varnell]

On 9/8/11 11:54 AM, Jim Preston jimli...@commspeed.net wrote:

 The last issue is what is the default country code for ClamXav? I have
 not installed or configured ClamXav for a long time. I know that the
 default source build for clamav is #DatabaseMirror db.XY.clamav.net and
 by incorrect default configuration  just uses DatabaseMirror
 database.clamav.net. Again, this is not for this list to discuss
 specifically, but if ClamXav users are not selecting the proper database
 round robin for their locale, may be the package maintainers should
 force an interactive selection during the installation / configuration.
 

You are correct that the default is db.XY.clamav.net.  In working with users
I have observed that the network is pretty good about picking the correct
list to use based on what I understand is a complicated geographic analysis
of the client's IP address.  I have not observed any users being routed to
mirrors great distances away by using the default and as far as US users are
concerned I find their results almost always identical to mine at any given
time.  Because changing the CC involves non-trivial actions by a Mac user
(most don't even know where to find the Terminal app, let alone use it) and
it must be repeated each time the engine is reinstalled, I only recommend it
to those who have a need to update their database more often than every two
hours, since that's a clamav.net requirement or insist that they need to
make the change due to other network issues.  I have personally written a
short script to accomplish this, but don't always remember to use it.

I once thought about recommending to Mark that he make it a Preference
option, but never felt that it was truly necessary.  He's got his hands full
just keeping up with engine and OS changes, and there are several other
improvements that I feel are more important right now.


-Al-
 
-- 
Al Varnell
Mountain View, CA



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[G.W. Haywood]

Hi there,

 On 8-9 Sep 2011 Luca Gibelli and I wrote:

   If anyone can provide a CVD mirror in US, please contact me directly.
   We definitely need more capacity in the db.us.clamav.net RR.
 
  I've asked this before and never had an answer, so I'll ask again.
  Is there a reason why torrents can't be used?

 like twitter, torrent is not a requirement (we are planning to extend
 this rule to everything that starts with a 't').

Still no answer then? :)

On Thu, 08 Sep 2011 Jim Preston wrote:

 Torrents have a bad reputation from pirating software, illegal digital
 media distribution, distributing infections and malware and such. I am
 not sure I would trust torrents in a general way.

Last I heard, the Internet had a similar reputation, but I guess you
still use it.  Of course in parts of the UK they call it 'tinternet'
so Luca might say it's not a requirement. :)  Since the widespread
adoption of strong encryption and digital certificates the Internet
has been used securely to transfer verifiable and non-repudiable
information.  The published ClamAV databases are verifiably signed.

 ... spreading the work over many pipes ...

That's the whole point, and that's why I keep banging on about it. :)

The ClamAV database mirrors appear to have a growing capacity problem.
Torrents are intended to alleviate the problem, and it takes, oh, ten
minutes to set one up.  Scripts already exist which could be adapted
fairly easily to use torrents instead of mirrors to download the data.
The DNS tells us the filenames to ask for.  Anybody can run a torrent,
the torrent software can control the data rates used by clients, and a
network of torrents is a much more challenging target for the Bad Guys
than a few mirrors.  So what's the problem?

--

73,
Ged.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Dennis Peterson]

On 9/9/11 4:25 AM, G.W. Haywood wrote:
So what's the problem?

I guess I'd like to see what your Checkpoint firewall rules in your DC look like 
and read your presentation to your security team justifying connecting your 
system to unknown systems using a distribution method most better known for 
software and music pirating for the purpose of uploading AV signatures from your 
AV vendor, and that this is needed because the vendor actually doesn't have 
enough bandwidth to do the job right without this torrent method.


dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Jim Preston]

On 09/09/2011 04:25 AM, G.W. Haywood wrote:


Last I heard, the Internet had a similar reputation, but I guess you
still use it.  Of course in parts of the UK they call it 'tinternet'
so Luca might say it's not a requirement. :)  Since the widespread
adoption of strong encryption and digital certificates the Internet
has been used securely to transfer verifiable and non-repudiable
information.  The published ClamAV databases are verifiably signed.


I am on the Internet? OMG, where is that plug? gots ta pull it ;-)


--
Jim Preston
jimli...@commspeed.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Nathan Gibbs]

On 9/8/2011 11:41 AM, Luca Gibelli wrote:
 
 
 Hello G.W.,
 
 If anyone can provide a CVD mirror in US, please contact me directly.
 We definitely need more capacity in the db.us.clamav.net RR.
 I've asked this before and never had an answer, so I'll ask again.
 Is there a reason why torrents can't be used?
 
 like twitter, torrent is not a requirement (we are planning to extend
 this rule to everything that starts with a 't').
 

They must have extended it from everything that starts with s.
When I asked about https support in freshclam, I was told SSL wasn't
required.

Security isn't required either.
CLAM BAKE!
:-)


-- 
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com




signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Nathan Gibbs]

On 9/9/2011 10:57 AM, Dennis Peterson wrote:
 On 9/9/11 4:25 AM, G.W. Haywood wrote:
 So what's the problem?
 
 I guess I'd like to see what your Checkpoint firewall rules in your DC
 look like and read your presentation to your security team justifying
 connecting your system to unknown systems using a distribution method
 most better known for software and music pirating for the purpose of
 uploading AV signatures from your AV vendor, and that this is needed
 because the vendor actually doesn't have enough bandwidth to do the job
 right without this torrent method.
 
 dp

Not everyone on this list works in your kind of shop.
Our shop has a host whose main purpose in life is to torrent Debian ISO's.

All the other person is asking, is why can't we have the capability to
use torrents?

This solution could take load off the global mirror infrastructure?
I'm sure that many of us are already running local mirror configurations
to do this, but obviously it isn't enough.
The global infrastructure is still stressed.


-- 
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com




signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Al Varnell]

Before I respond I think I should describe my role in this community.  I 
provide uncompensated tech support on the ClamXav forum, so I attempt to keep 
my system configured as close to defaults as possible, since that's what most 
users do.

On Sep 7, 2011, at 9:49 PM, Jim Preston jimli...@commspeed.net wrote:

 I do see your concern if as your log shows you are only checking twice a 
 day Missing an update extends the stale db quite a bit.
 
 Three questions;
 
 Do you have both of these lines in your freshclam.conf?
 DatabaseMirror db.us.clamav.net
 DatabaseMirror database.clamav.net
 
 What is your max retry before failure? Default is 3

Yes to all three, but most of the users I assist do not update the country code.

 How many updates are you making? Default in freshclam says it is every 2 
 hours or 12/day but . you do not seem to be making that many based on 
 your log posting.

Just two, but that actually more than meets my needs.  Most ClamXav users 
update as needed or once a day, at most.  I do help a few sysadmins with 
critical server responsibilities who require 12 or more updates a day, however. 
 One of them reported 30 failures involving this server in a 24-hour period 
involving multiple machines.

 Right / wrong / or indifferent, I am running freshclam once an hour off the 
 hour. I am doing this via a cron task and select the execution minute. To 
 help reduce load, I do not run it on the hour but have selected sometime 
 after the hour.

ClamXav just switch from using cron to lauchd, which has been the preferred 
method for event scheduling in Mac OS X for some time.  So right now I have one 
event scheduled by launchd and a legacy event using cron to troubleshoot 
various issues concerning both.  Appreciate the input, but the issue I am 
trying to solve here is simply to improve the reliability of the CVD mirror 
network for US users.


Sent from Janet's iPad

-Al-
-- 
Al Varnell
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[G.W. Haywood]

Hi there,

On Thu, 8 Sep 2011 Luca Gibelli wrote:

 ...
 If anyone can provide a CVD mirror in US, please contact me directly.
 We definitely need more capacity in the db.us.clamav.net RR.
 ...

I've asked this before and never had an answer, so I'll ask again.

Is there a reason why torrents can't be used?

--

73,
Ged.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Luca Gibelli]

Hello G.W.,

  If anyone can provide a CVD mirror in US, please contact me directly.
  We definitely need more capacity in the db.us.clamav.net RR.
 I've asked this before and never had an answer, so I'll ask again.
 Is there a reason why torrents can't be used?

like twitter, torrent is not a requirement (we are planning to extend
this rule to everything that starts with a 't').

Best regards

-- 
Luca Gibelli (luca _at_ clamav.net)   ClamAV, a GPL anti-virus toolkit
[Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it
PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[McDonald, Dan]

 -Original Message-
 From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-
 boun...@lists.clamav.net] On Behalf Of Luca Gibelli
 
 Hello G.W.,
 
   If anyone can provide a CVD mirror in US, please contact me
 directly.
   We definitely need more capacity in the db.us.clamav.net RR.
  I've asked this before and never had an answer, so I'll ask again.
  Is there a reason why torrents can't be used?
 
 like twitter, torrent is not a requirement (we are planning to extend
 this rule to everything that starts with a 't').

No typing required?  ;-)

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Jim Preston]

On 09/07/2011 11:14 PM, Al Varnell wrote:

Before I respond I think I should describe my role in this community.  I 
provide uncompensated tech support on the ClamXav forum, so I attempt to keep 
my system configured as close to defaults as possible, since that's what most 
users do.

On Sep 7, 2011, at 9:49 PM, Jim Prestonjimli...@commspeed.net  wrote:


I do see your concern if as your log shows you are only checking twice a 
day Missing an update extends the stale db quite a bit.

Three questions;

Do you have both of these lines in your freshclam.conf?
DatabaseMirror db.us.clamav.net
DatabaseMirror database.clamav.net

What is your max retry before failure? Default is 3

Yes to all three, but most of the users I assist do not update the country code.


How many updates are you making? Default in freshclam says it is every 2 hours 
or 12/day but . you do not seem to be making that many based on your log 
posting.

Just two, but that actually more than meets my needs.  Most ClamXav users 
update as needed or once a day, at most.  I do help a few sysadmins with 
critical server responsibilities who require 12 or more updates a day, however. 
 One of them reported 30 failures involving this server in a 24-hour period 
involving multiple machines.


Right / wrong / or indifferent, I am running freshclam once an hour off the 
hour. I am doing this via a cron task and select the execution minute. To help 
reduce load, I do not run it on the hour but have selected sometime after the 
hour.

ClamXav just switch from using cron to lauchd, which has been the preferred 
method for event scheduling in Mac OS X for some time.  So right now I have one 
event scheduled by launchd and a legacy event using cron to troubleshoot 
various issues concerning both.  Appreciate the input, but the issue I am 
trying to solve here is simply to improve the reliability of the CVD mirror 
network for US users.


Sent from Janet's iPad

-Al-

Thanks Al,
The first line it the most telling. I was not aware of this and the 
service you are providing,  and well my bad, just made an assumption 
you were just bitching for the sake of bitching without making simple 
modifications to your system. I have read many of your posts and should 
have realized there was a deeper reason.


I am not going to go through the previous posts to be sure, but .. I 
do not remember (at least in this last server issue) that you were 
supporting  CLamXav. I too support and have several Apple OS X systems 
and am aware of the launchd preference over cron but that is a separate 
bitch of mine to be take up on an Apple forum ;-)


The last issue is what is the default country code for ClamXav? I have 
not installed or configured ClamXav for a long time. I know that the 
default source build for clamav is #DatabaseMirror db.XY.clamav.net and 
by incorrect default configuration  just uses DatabaseMirror 
database.clamav.net. Again, this is not for this list to discuss 
specifically, but if ClamXav users are not selecting the proper database 
round robin for their locale, may be the package maintainers should 
force an interactive selection during the installation / configuration.


Thanks for allowing me to put in my 2 cents and and no I am not trying 
to start a flame war nor looking for a response from anyone but Al.


--
Jim Preston
jimli...@commspeed.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Jim Preston]

On 09/08/2011 03:14 AM, G.W. Haywood wrote:

I've asked this before and never had an answer, so I'll ask again.
Is there a reason why torrents can't be used?

--

Against my head's better judgment, I am going to respond here =-O

Torrents have a bad reputation from pirating software, illegal digital 
media distribution, distributing infections and malware and such. I am 
not sure I would trust torrents in a general way. However, It does sound 
like a very intriguing idea for distributing the db to my own server 
farms, spreading the work over many pipes and systems . I was always 
very intrigued by the jigdo distribution for Debian and used it when I 
was experimenting with Debian as my main *nix platform.


Thanks, Jim

--
Jim Preston
jimli...@commspeed.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Luca Gibelli]

Hello Al,

 error.  Since that time each of two updates on 2, 3, 4, 5,  6 Sep have
 started with that same server and erred with the following:
  connect_error: getsockopt(SO_ERROR): fd=4 error=61: Connection refused
  Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
 That status page has shown some issues with that server each day, but
 nothing like what I am seeing.

the admin of akxnet.de has limited the amount of concurrent connections
on the mirror. Depending on traffic, you may get a connection
refused error, but it's nothing to worry about. 
freshclam will just try to connect to another mirror in the RR.

If anyone can provide a CVD mirror in US, please contact me directly. 
We definitely need more capacity in the db.us.clamav.net RR.

Regards,

-- 
Luca Gibelli (luca _at_ clamav.net)   ClamAV, a GPL anti-virus toolkit
[Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it
PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[sys...@ra-schaal.de]

Am 07.09.2011 05:11, schrieb Al Varnell:
 According to my mirrors.dat file the last time I successfully connected to
 the US Mirror at akxnet.de (IP: 88.198.67.125) (obviously located in DE) was
 on 29 Aug, but when I check my log I see that even that was actually an
 error.  Since that time each of two updates on 2, 3, 4, 5,  6 Sep have
 started with that same server and erred with the following:
 
 connect_error: getsockopt(SO_ERROR): fd=4 error=61: Connection refused
 Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
 
 That status page has shown some issues with that server each day, but
 nothing like what I am seeing.
 
 I can ping the server, but can not find it with my browser.  When I enter
 clamav.akxnet.de I am currently taken to a different IP address, I believe
 (46.4.61.241).  The 88.198.67.125 address comes back to mx00.akxnet.de
 
 
 -Al-
  
You can use 46.4.61.241 and 88.198.67.125 - both systems are always in sync.

Due to heavy traffic (up to 5 GB in july only for the mirror) i limited
the access. 2 connects/ip at the same time and 500 current connections.

The error should not allways apear. If so, could you please mail me your
ip so i can have a look at the firewall.

regards
Florian
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Nathan Gibbs]

On 9/7/2011 7:13 AM, Luca Gibelli wrote:
 
 If anyone can provide a CVD mirror in US, please contact me directly. 
 We definitely need more capacity in the db.us.clamav.net RR.
 
If I had the bandwidth, I would.
When I have the bandwidth, I intend to.

-- 
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com




signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Christopher X. Candreva]

On Wed, 7 Sep 2011, Luca Gibelli wrote:

 If anyone can provide a CVD mirror in US, please contact me directly. 
 We definitely need more capacity in the db.us.clamav.net RR.

What sort of bandwidth do the mirrors use, as in what would be a typical 
burst or peak load - 5mbit/sec, 10mbit/sec, etc.


==
Chris Candreva  -- ch...@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Henrik K]

On Wed, Sep 07, 2011 at 01:13:37PM +0200, Luca Gibelli wrote:
 Hello Al,
 
  error.  Since that time each of two updates on 2, 3, 4, 5,  6 Sep have
  started with that same server and erred with the following:
   connect_error: getsockopt(SO_ERROR): fd=4 error=61: Connection refused
   Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
  That status page has shown some issues with that server each day, but
  nothing like what I am seeing.
 
 the admin of akxnet.de has limited the amount of concurrent connections
 on the mirror. Depending on traffic, you may get a connection
 refused error, but it's nothing to worry about. 
 freshclam will just try to connect to another mirror in the RR.
 
 If anyone can provide a CVD mirror in US, please contact me directly. 
 We definitely need more capacity in the db.us.clamav.net RR.

Is Sourceforge so cheap that it can't get few $20 vps for mirrors?

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Al Varnell]

On 9/7/11 4:21 AM, sys...@ra-schaal.de sys...@ra-schaal.de wrote:

 Am 07.09.2011 05:11, schrieb Al Varnell:
 According to my mirrors.dat file the last time I successfully connected to
 the US Mirror at akxnet.de (IP: 88.198.67.125) (obviously located in DE) was
 on 29 Aug, but when I check my log I see that even that was actually an
 error.  Since that time each of two updates on 2, 3, 4, 5,  6 Sep have
 started with that same server and erred with the following:
 
 connect_error: getsockopt(SO_ERROR): fd=4 error=61: Connection refused
 Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
 
 That status page has shown some issues with that server each day, but
 nothing like what I am seeing.
 
 I can ping the server, but can not find it with my browser.  When I enter
 clamav.akxnet.de I am currently taken to a different IP address, I believe
 (46.4.61.241).  The 88.198.67.125 address comes back to mx00.akxnet.de
 
 
 -Al-
  
 You can use 46.4.61.241 and 88.198.67.125 - both systems are always in sync.
 
I don't really get a choice, I must use whatever is handed off to me.  I
have never seen the 46 IP on our list.

 Due to heavy traffic (up to 5 GB in july only for the mirror) i limited
 the access. 2 connects/ip at the same time and 500 current connections.
 
I did a port scan last evening and 80 never came available:
Port Scanning host: 88.198.67.125

 Open TCP Port: 21 ftp
 Open TCP Port: 25 smtp
 Open TCP Port: 53 domain
 Open TCP Port: 110pop3
 Open TCP Port: 143imap
 Open TCP Port: 221fln-spx

Also, there are two other ClamXav users in different parts of the country
that have been reporting this issue.

 The error should not allways apear. If so, could you please mail me your
 ip so i can have a look at the firewall.
 
Currently 71.198.46.64 but it's dynamically assigned by the ISP, so could
change.

 regards
 Florian

-Al-


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[sys...@ra-schaal.de]

Am 07.09.2011 19:59, schrieb Al Varnell:
 You can use 46.4.61.241 and 88.198.67.125 - both systems are always in sync.

 I don't really get a choice, I must use whatever is handed off to me.  I
 have never seen the 46 IP on our list.

You can use clamav.akxnet.de:

nslookup clamav.akxnet.de
Server: 127.0.0.1
Address:127.0.0.1#53

Name:   clamav.akxnet.de
Address: 88.198.67.125
Name:   clamav.akxnet.de
Address: 46.4.61.241

Maybe Luca can the second IP to db.us.big.clamav.net.

 
 Due to heavy traffic (up to 5 GB in july only for the mirror) i limited
 the access. 2 connects/ip at the same time and 500 current connections.

 I did a port scan last evening and 80 never came available:
 Port Scanning host: 88.198.67.125
 
  Open TCP Port: 21 ftp
  Open TCP Port: 25 smtp
  Open TCP Port: 53 domain
  Open TCP Port: 110pop3
  Open TCP Port: 143imap
  Open TCP Port: 221fln-spx

Due to some problems with our backbone yesterday, this may be a reason.

wc -l database.clamav.net/200.log
202168 database.clamav.net/200.log

 The error should not allways apear. If so, could you please mail me your
 ip so i can have a look at the firewall.

 Currently 71.198.46.64 but it's dynamically assigned by the ISP, so could
 change.

I´ve seen your IP within the last three days only two times.
BTW: ping 71.198.46.64
PING 71.198.46.64 (71.198.46.64) 56(84) bytes of data.
64 bytes from 71.198.46.64: icmp_seq=1 ttl=236 time=189 ms
64 bytes from 71.198.46.64: icmp_seq=2 ttl=236 time=189 ms

That´s not really fast.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Nathan Gibbs]

On 9/7/2011 1:59 PM, Al Varnell wrote:

 I did a port scan last evening and 80 never came available:
 Port Scanning host: 88.198.67.125
 
  Open TCP Port: 21 ftp
  Open TCP Port: 25 smtp
  Open TCP Port: 53 domain
  Open TCP Port: 110pop3
  Open TCP Port: 143imap
  Open TCP Port: 221fln-spx
 

Bad Sysadmin, no coffee!


-- 
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com




signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Al Varnell]

On 9/7/11 11:19 AM, sys...@ra-schaal.de sys...@ra-schaal.de wrote:

 Am 07.09.2011 19:59, schrieb Al Varnell:
 You can use 46.4.61.241 and 88.198.67.125 - both systems are always in sync.
 
 I don't really get a choice, I must use whatever is handed off to me.  I
 have never seen the 46 IP on our list.
 
 You can use clamav.akxnet.de:
 
 nslookup clamav.akxnet.de
 Server: 127.0.0.1
 Address:127.0.0.1#53
 
 Name:   clamav.akxnet.de
 Address: 88.198.67.125
 Name:   clamav.akxnet.de
 Address: 46.4.61.241
 
I don't see that as a work around unless...

 Maybe Luca can the second IP to db.us.big.clamav.net.
 
Could Luca use the url instead of the IP address in db.us.big.clamav.net?

 
 Due to heavy traffic (up to 5 GB in july only for the mirror) i limited
 the access. 2 connects/ip at the same time and 500 current connections.
 
 I did a port scan last evening and 80 never came available:
 Port Scanning host: 88.198.67.125
 
  Open TCP Port: 21 ftp
  Open TCP Port: 25 smtp
  Open TCP Port: 53 domain
  Open TCP Port: 110pop3
  Open TCP Port: 143imap
  Open TCP Port: 221fln-spx
 
 Due to some problems with our backbone yesterday, this may be a reason.
 
 wc -l database.clamav.net/200.log
 202168 database.clamav.net/200.log
 
I've started a new port scan.

 The error should not allways apear. If so, could you please mail me your
 ip so i can have a look at the firewall.
 
 Currently 71.198.46.64 but it's dynamically assigned by the ISP, so could
 change.
 
 I´ve seen your IP within the last three days only two times.
 
Here's my freshclam log for that period with six attempts:
--
ClamAV update process started at Sun Sep  4 15:50:19 2011
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder:
sven)
connect_error: getsockopt(SO_ERROR): fd=4 error=61: Connection refused
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Downloading daily-13548.cdiff [100%]
Downloading daily-13549.cdiff [100%]
daily.cld updated (version: 13549, sigs: 186393, f-level: 60, builder:
guitar)
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60, builder:
edwin)
Database updated (1032648 signatures) from db.US.clamav.net (IP:
194.186.47.19)
--
ClamAV update process started at Mon Sep  5 00:16:32 2011
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder:
sven)
connect_error: getsockopt(SO_ERROR): fd=4 error=61: Connection refused
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Downloading daily-13550.cdiff [100%]
Downloading daily-13551.cdiff [100%]
daily.cld updated (version: 13551, sigs: 186402, f-level: 60, builder:
guitar)
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60, builder:
edwin)
Database updated (1032657 signatures) from db.US.clamav.net (IP:
65.19.179.67)
WARNING: Clamd was NOT notified: Can't connect to clamd through
/tmp/clamd.socket
--
ClamAV update process started at Mon Sep  5 07:45:02 2011
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder:
sven)
connect_error: getsockopt(SO_ERROR): fd=4 error=61: Connection refused
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Downloading daily-13552.cdiff [100%]
Downloading daily-13553.cdiff [100%]
Downloading daily-13554.cdiff [100%]
Downloading daily-13555.cdiff [100%]
daily.cld updated (version: 13555, sigs: 186543, f-level: 60, builder:
ccordes)
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60, builder:
edwin)
Database updated (1032798 signatures) from db.US.clamav.net (IP:
168.143.19.95)
--
ClamAV update process started at Mon Sep  5 15:45:48 2011
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder:
sven)
connect_error: getsockopt(SO_ERROR): fd=4 error=61: Connection refused
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Downloading daily-13556.cdiff [100%]
Downloading daily-13557.cdiff [100%]
Downloading daily-13558.cdiff [100%]
Downloading daily-13559.cdiff [100%]
daily.cld updated (version: 13559, sigs: 187320, f-level: 60, builder:
ccordes)
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60, builder:
edwin)
Database updated (1033575 signatures) from db.US.clamav.net (IP:
69.163.100.14)
--
ClamAV update process started at Tue Sep  6 07:45:01 2011
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder:
sven)
connect_error: getsockopt(SO_ERROR): fd=4 error=61: Connection refused
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Downloading daily-13560.cdiff [100%]
Downloading daily-13561.cdiff [100%]
Downloading daily-13562.cdiff [100%]
Downloading daily-13563.cdiff [100%]
daily.cld updated (version: 13563, sigs: 

Re: [clamav-users] Yet Another US Mirror Issue

[Luca Gibelli]

Hello Christopher,

  If anyone can provide a CVD mirror in US, please contact me directly. 
  We definitely need more capacity in the db.us.clamav.net RR.
 What sort of bandwidth do the mirrors use, as in what would be a typical 
 burst or peak load - 5mbit/sec, 10mbit/sec, etc.

You can throttle the bandwidth to whatever you can afford, we usually
require a minimum of 10Mbit/s though.

Traffic is around 5TB/month on each mirror.

Best regards

-- 
Luca Gibelli (luca _at_ clamav.net)   ClamAV, a GPL anti-virus toolkit
[Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it
PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Al Varnell]

On Sep 7, 2011, Luca Gibelli l...@clamav.net wrote:

 Hello Al, 
 
 error. Since that time each of two updates on 2, 3, 4, 5,  6 Sep have 
 started with that same server and erred with the following: 
  connect_error: getsockopt(SO_ERROR): fd=4 error=61: Connection refused 
  Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125) 
 That status page has shown some issues with that server each day, but 
 nothing like what I am seeing. 
 
 the admin of akxnet.de has limited the amount of concurrent connections 
 on the mirror. Depending on traffic, you may get a connection 
 refused error, but it's nothing to worry about. 
 freshclam will just try to connect to another mirror in the RR. 
Yes, I am aware of that, in fact it did so in every case and since I do updates 
on a scheduled basis, it's no real impact.  The problem comes when a user has 
need for a spontaneous scan of a file and requests a definition update before 
the scan.  At this point he must wait an additional 30 seconds which, over the 
course of a day, results in unacceptable (to him) non-productive time.  In his 
view, such a connection error should result in a failure being logged and 
eventually blacklisting that server.  I suggested to him that he file a bug 
report to thst effect, but the problem at that time was resolved, so elected 
not to bother.

Sent from Janet's iPad

-Al-
-- 
Al Varnell
 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

[Jim Preston]

On 09/07/2011 12:36 PM, Al Varnell wrote:

Here's my freshclam log for that period with six attempts:
--
ClamAV update process started at Sun Sep  4 15:50:19 2011
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder:
sven)
connect_error: getsockopt(SO_ERROR): fd=4 error=61: Connection refused
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Downloading daily-13548.cdiff [100%]
Downloading daily-13549.cdiff [100%]
daily.cld updated (version: 13549, sigs: 186393, f-level: 60, builder:
guitar)
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60, builder:
edwin)
Database updated (1032648 signatures) from db.US.clamav.net (IP:
194.186.47.19)
--
ClamAV update process started at Mon Sep  5 00:16:32 2011
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder:
sven)
connect_error: getsockopt(SO_ERROR): fd=4 error=61: Connection refused
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Downloading daily-13550.cdiff [100%]
Downloading daily-13551.cdiff [100%]
daily.cld updated (version: 13551, sigs: 186402, f-level: 60, builder:
guitar)
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60, builder:
edwin)
Database updated (1032657 signatures) from db.US.clamav.net (IP:
65.19.179.67)
WARNING: Clamd was NOT notified: Can't connect to clamd through
/tmp/clamd.socket
--
ClamAV update process started at Mon Sep  5 07:45:02 2011
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder:
sven)
connect_error: getsockopt(SO_ERROR): fd=4 error=61: Connection refused
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Downloading daily-13552.cdiff [100%]
Downloading daily-13553.cdiff [100%]
Downloading daily-13554.cdiff [100%]
Downloading daily-13555.cdiff [100%]
daily.cld updated (version: 13555, sigs: 186543, f-level: 60, builder:
ccordes)
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60, builder:
edwin)
Database updated (1032798 signatures) from db.US.clamav.net (IP:
168.143.19.95)
--
ClamAV update process started at Mon Sep  5 15:45:48 2011
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder:
sven)
connect_error: getsockopt(SO_ERROR): fd=4 error=61: Connection refused
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Downloading daily-13556.cdiff [100%]
Downloading daily-13557.cdiff [100%]
Downloading daily-13558.cdiff [100%]
Downloading daily-13559.cdiff [100%]
daily.cld updated (version: 13559, sigs: 187320, f-level: 60, builder:
ccordes)
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60, builder:
edwin)
Database updated (1033575 signatures) from db.US.clamav.net (IP:
69.163.100.14)
--
ClamAV update process started at Tue Sep  6 07:45:01 2011
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder:
sven)
connect_error: getsockopt(SO_ERROR): fd=4 error=61: Connection refused
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Downloading daily-13560.cdiff [100%]
Downloading daily-13561.cdiff [100%]
Downloading daily-13562.cdiff [100%]
Downloading daily-13563.cdiff [100%]
daily.cld updated (version: 13563, sigs: 187384, f-level: 60, builder:
jesler)
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60, builder:
edwin)
Database updated (1033639 signatures) from db.US.clamav.net (IP:
69.163.100.14)
--
ClamAV update process started at Tue Sep  6 15:46:56 2011
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder:
sven)
connect_error: getsockopt(SO_ERROR): fd=4 error=61: Connection refused
Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)
Downloading daily-13564.cdiff [100%]
Downloading daily-13565.cdiff [100%]
Downloading daily-13566.cdiff [100%]
Downloading daily-13567.cdiff [100%]
Downloading daily-13568.cdiff [100%]
Downloading daily-13569.cdiff [100%]
Downloading daily-13570.cdiff [100%]
daily.cld updated (version: 13570, sigs: 187667, f-level: 60, builder:
jesler)
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60, builder:
edwin)
Database updated (1033922 signatures) from db.US.clamav.net (IP:
194.8.197.22)


Hi Al,

I do see your concern if as your log shows you are only checking twice a 
day Missing an update extends the stale db quite a bit.


Three questions;

Do you have both of these lines in your freshclam.conf?
DatabaseMirror db.us.clamav.net
DatabaseMirror database.clamav.net

What is your max retry before failure? Default is 3

How many updates are you making? Default in freshclam says it is every 2 
hours or 12/day but . you do not seem to be making that many based 
on your log posting.


Right / wrong / or indifferent, I am running freshclam once an hour off 
the hour. I am doing this via a cron 

[clamav-users] Yet Another US Mirror Issue

[Al Varnell]

According to my mirrors.dat file the last time I successfully connected to
the US Mirror at akxnet.de (IP: 88.198.67.125) (obviously located in DE) was
on 29 Aug, but when I check my log I see that even that was actually an
error.  Since that time each of two updates on 2, 3, 4, 5,  6 Sep have
started with that same server and erred with the following:

 connect_error: getsockopt(SO_ERROR): fd=4 error=61: Connection refused
 Can't connect to port 80 of host db.US.clamav.net (IP: 88.198.67.125)

That status page has shown some issues with that server each day, but
nothing like what I am seeing.

I can ping the server, but can not find it with my browser.  When I enter
clamav.akxnet.de I am currently taken to a different IP address, I believe
(46.4.61.241).  The 88.198.67.125 address comes back to mx00.akxnet.de


-Al-
 
-- 
Al Varnell
Mountain View, CA



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml