Re: [Clamav-users] Please help - Freshclam not updating.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Nov 01, 2007 at 08:02:58AM -0600, Milton Calnek wrote: With no other options, this smells like selinux. I second that. Yah... I'm a die hard RedHat fan... but I haven't had time to explore selinux, so when I build a system, I turn it off. Good to know, that's my SOP as well. Here's something I just noticed... I did a packet sniff (once on internal interface and once on the external interface) while running a freshclam. I did not observe any queries directed to ns1.clamav.net. During the internal sniff, I looked for dns queries as well... I didn't see any for clamav.net. strace it running in the foreground (ie no daemonized) and see what's failing. It looks like your resolver isn't working as you would expect, but that could be a problem with the build as well. I would suggest that you provide us with your exact freshclam config and the strace and maybe Luca can spot where it's doing something unexpected. - -- Regards... Todd There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. --Ed Howdershelt Linux kernel 2.6.22.9-desktop-1mdv load average: 0.41, 0.58, 0.55 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHKd/RY2VBGxIDMLwRApBiAJ9/Ty9XnoDwD9ve1aXWJMLyuU0CPwCdF7IF nmhPdwdwRYZmP+B2fuzTb9c= =1Sn1 -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Please help - Freshclam not updating.
Luca Gibelli wrote: Hello Todd, Check to make sure that your local iptables firewall and any firewall between you and the DNS server does not block TCP port 53 (which is what the fallback proto/port is if the DNS answer is more than 512 bytes). we put a lot of effort in keeping the size of the RR records under 512 bytes, because TCP queries put too much load on the authoritative DNS servers for clamav.net . I read that off the FAQ and changed it a couple of weeks ago. Still no luck. Thanks for the tip all the same. With no other options, this smells like selinux. I second that. Yah... I'm a die hard RedHat fan... but I haven't had time to explore selinux, so when I build a system, I turn it off. This system was built in May, freshclam ran well from then till around the end of September. I used the rpm from rpmforge until a day or two ago. And now I'm using the rpm from ATrpms. Here's something I just noticed... I did a packet sniff (once on internal interface and once on the external interface) while running a freshclam. I did not observe any queries directed to ns1.clamav.net. During the internal sniff, I looked for dns queries as well... I didn't see any for clamav.net. What else can I check out? -- Milton Calnek BSc, A/Slt(Ret.) [EMAIL PROTECTED] 306-717-8737 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Please help - Freshclam not updating.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Oct 31, 2007 at 11:33:17AM -0600, Milton Calnek wrote: [EMAIL PROTECTED] ~]# host -t txt current.cvd.clamav.net current.cvd.clamav.net descriptive text 0.91.2:44:4641:1193798066:1 [EMAIL PROTECTED] ~]# host db.ca.clamav.net db.ca.clamav.net has address 24.215.0.24 db.ca.clamav.net has address 67.15.61.160 db.ca.clamav.net has address 205.139.192.213 db.ca.clamav.net has address 209.139.239.158 You obviously can get out to DNS servers. That's good. [EMAIL PROTECTED] ~]# freshclam ClamAV update process started at Wed Oct 31 02:42:03 2007 WARNING: Can't query current.cvd.clamav.net WARNING: Invalid DNS reply. Falling back to HTTP mode. Reading CVD header (main.cvd): ERROR: Can't get information about db.ca.clamav.net: Temporary DNS error Check to make sure that your local iptables firewall and any firewall between you and the DNS server does not block TCP port 53 (which is what the fallback proto/port is if the DNS answer is more than 512 bytes). With no other options, this smells like selinux. LibClamAV Error: Database Directory: /var/lib/clamav not locked Odd error, I don't have any guesses at this one. - -- Regards... Todd we're off on the usual strange tangents. next will be whether it is ethical to walk in your neighbor's open house if they're running ipv6:-). --Randy Bush Linux kernel 2.6.22.9-desktop-1mdv load average: 0.39, 0.55, 0.91 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHKNnFY2VBGxIDMLwRAtDOAJ0enS5UYEmwbDTP+HMm2a1rQKXYRgCdGlcD 8+o4Ms3CdEsulPhb7yZgfFk= =/dMr -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Please help - Freshclam not updating.
On 10/31/07, Milton Calnek [EMAIL PROTECTED] wrote: Hello all, About a month or so ago, freshclam stopped working for me. At first I thought it might be a short outage, unfortunately that was not the case. First freshclams's query for current.cvd.clamav.net fails, but the query works when done from the command line. It also seems to fail getting info on db.ca.clamav.net, I'm not sure of the query involved for the db... but from the command line I can get address records. I have also tried using db.us.clamav.net and a couple of European mirrors too. This gateway server uses an internal server that queries root name servers and other authoritative name servers. I have also tried using my ISP's name server. With all combinations, I get more or less the same result. Any suggestions? Two things, 1) You may be able to go standard DNS lookups, but can you lookup TXT records? Is DNS over TCP supported by your DNS server (many organisations block it in the mistaken belief that it improves security and breaks nothing) 2) See the last post in the thread titled ClamAV patch download not working in South Africa -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Please help - Freshclam not updating.
Hello Todd, Check to make sure that your local iptables firewall and any firewall between you and the DNS server does not block TCP port 53 (which is what the fallback proto/port is if the DNS answer is more than 512 bytes). we put a lot of effort in keeping the size of the RR records under 512 bytes, because TCP queries put too much load on the authoritative DNS servers for clamav.net . With no other options, this smells like selinux. I second that. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 06 916502176 [Fax] +39 0187 015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any keyserver || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Please help - Freshclam not updating.
Hello Rob, Any suggestions? Two things, 1) You may be able to go standard DNS lookups, but can you lookup TXT records? he explicitly showed that he can. Is DNS over TCP supported by your DNS server (many organisations block it in the mistaken belief that it improves security and breaks nothing) I agree that it's a mistake to block 53/tcp, but we don't have such big records so this is not the cause of the problem. 2) See the last post in the thread titled ClamAV patch download not working in South Africa mirrors in Canada are working just fine. Best regards -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 06 916502176 [Fax] +39 0187 015046 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any keyserver || http://www.clamav.net/gpg/luca.gpg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
