subject:"Re\: \[clamav\-users\] Freshclam network unreachable"

Re: [clamav-users] Freshclam network unreachable

2021-03-09 Thread Paul Kosinski via clamav-users

"Out of procedural curiosity, why would someone want to disable ipv6?"

Although our FIOS connection supports IPv6, our firewall/gateway complex, which 
I custom built from scratch 16+ years ago using iptables etc., doesn't. Since 
this firewall/gateway also does lots of inter-LAN routing and blocking (not to 
mention some source-based iproute2 stuff), it would have to be rewritten 
extensively. I don't have time to do this, especially given that there is still 
(after all these years) nothing critical that is IPv6 only.

P.S. It would have been nice if the designers of IPv6 hadn't made it almost 
totally incompatible with IPv4 (unlike x64 vs x86). What if, when Ma Bell 
introduced direct distance dialing in the 1960s, they had made the new 
area-code scheme require that every customer who wanted to use area-codes get a 
new phone number with a totally different format, and replace their telephone 
handset?

On Tue, 9 Mar 2021 14:37:59 +
"Joel Esler \(jesler\) via clamav-users"  wrote:

> Out of procedural curiosity, why would someone want to disable ipv6?
> 
> > On Mar 8, 2021, at 6:40 PM, G.W. Haywood via clamav-users 
> >  wrote:
> > 
> > Hi there,
> > 
> > On Mon, 8 Mar 2021, Adam Bashore via clamav-users wrote:
> >   
> >> I'm able to telnet to port 80 at db.local.clamav.net without issue. but I
> >> get a 403 forbidden when i try to download main.clv directly with wget 
> >> (wget
> >> http://db.local.clamav.net/main.cvd)  
> > 
> > There's been a flurry of recent activity on the mailing list about the
> > abuse of ClamAV DB service, see the archives for more detail but I
> > think Joel's reply has answered this part.
> >   
> >> I'm not convinced that it's a network issue. Can anyone explain why
> >> freshclam appears to be trying IPv6 even though the host only has an IPv4
> >> address on eth1?  
> > 
> > I think it is a network issue.  Most network software doesn't know
> > what interface it's going to use, it just asks the resolver for an
> > address.  Your resolver provides an IPv6 address and freshclam tries
> > to use it.
> > 
> > To build freshclam (and everything else) from source without IPv6
> > support you could (at least theoretically, I've never tried it myself)
> > use the 'configure' option '--disable-ipv6'.  Alternatively, which I'd
> > suggest is preferable, you can fix the network's IPv6 connectivity.
> > 
> > -- 
> > 
> > 73,
> > Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam network unreachable

2021-03-09 Thread Joel Esler (jesler) via clamav-users

Thanks team, was just wondering.


On Mar 9, 2021, at 11:52 AM, Gene Heskett via clamav-users 
mailto:clamav-users@lists.clamav.net>> wrote:

On Tuesday 09 March 2021 09:37:59 Joel Esler (jesler) via clamav-users
wrote:

Out of procedural curiosity, why would someone want to disable ipv6?

zero support for it within 130 miles of me,  Well, maybe in Charleston
WV, but that is still 100 miles. ipv6 traffic is blocked at my cable
supplied modem sitting on a shelf at the other end of this smallish
room. So I obviously disable it to make ipv4 the default hookups here.

On Mar 8, 2021, at 6:40 PM, G.W. Haywood via clamav-users
mailto:clamav-users@lists.clamav.net>> wrote:

Hi there,

On Mon, 8 Mar 2021, Adam Bashore via clamav-users wrote:
I'm able to telnet to port 80 at 
db.local.clamav.net without issue.
but I get a 403 forbidden when i try to download main.clv directly
with wget (wget http://db.local.clamav.net/main.cvd)

There's been a flurry of recent activity on the mailing list about
the abuse of ClamAV DB service, see the archives for more detail but
I think Joel's reply has answered this part.

I'm not convinced that it's a network issue. Can anyone explain why
freshclam appears to be trying IPv6 even though the host only has
an IPv4 address on eth1?

I think it is a network issue.  Most network software doesn't know
what interface it's going to use, it just asks the resolver for an
address.  Your resolver provides an IPv6 address and freshclam tries
to use it.

To build freshclam (and everything else) from source without IPv6
support you could (at least theoretically, I've never tried it
myself) use the 'configure' option '--disable-ipv6'.  Alternatively,
which I'd suggest is preferable, you can fix the network's IPv6
connectivity.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam network unreachable

2021-03-09 Thread Gene Heskett via clamav-users

On Tuesday 09 March 2021 09:37:59 Joel Esler (jesler) via clamav-users 
wrote:

> Out of procedural curiosity, why would someone want to disable ipv6?

zero support for it within 130 miles of me,  Well, maybe in Charleston 
WV, but that is still 100 miles. ipv6 traffic is blocked at my cable 
supplied modem sitting on a shelf at the other end of this smallish 
room. So I obviously disable it to make ipv4 the default hookups here.

> > On Mar 8, 2021, at 6:40 PM, G.W. Haywood via clamav-users
> >  wrote:
> >
> > Hi there,
> >
> > On Mon, 8 Mar 2021, Adam Bashore via clamav-users wrote:
> >> I'm able to telnet to port 80 at db.local.clamav.net without issue.
> >> but I get a 403 forbidden when i try to download main.clv directly
> >> with wget (wget http://db.local.clamav.net/main.cvd)
> >
> > There's been a flurry of recent activity on the mailing list about
> > the abuse of ClamAV DB service, see the archives for more detail but
> > I think Joel's reply has answered this part.
> >
> >> I'm not convinced that it's a network issue. Can anyone explain why
> >> freshclam appears to be trying IPv6 even though the host only has
> >> an IPv4 address on eth1?
> >
> > I think it is a network issue.  Most network software doesn't know
> > what interface it's going to use, it just asks the resolver for an
> > address.  Your resolver provides an IPv6 address and freshclam tries
> > to use it.
> >
> > To build freshclam (and everything else) from source without IPv6
> > support you could (at least theoretically, I've never tried it
> > myself) use the 'configure' option '--disable-ipv6'.  Alternatively,
> > which I'd suggest is preferable, you can fix the network's IPv6
> > connectivity.
> >
> > --
> >
> > 73,
> > Ged.
> >
> > ___
> >
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam network unreachable

2021-03-09 Thread G.W. Haywood via clamav-users


Hi there,

On Tue, 9 Mar 2021, Joel Esler (jesler) via clamav-users wrote:


Out of procedural curiosity, why would someone want to disable ipv6?


Well, I think they don't want to, but they might think they do.  The
firewalling for example can be a whole can of worms, and there might
not even be an IPv6 route to the outside world.  I don't know how many
providers still don't offer native IPv6 on their broadband packages,
but I'm fairly sure many (including ours) don't.  We use he.net for
our IPv6 presence - it just needed some address/protocol juggling in
one of the firewalls.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam network unreachable

2021-03-09 Thread Joel Esler (jesler) via clamav-users

Out of procedural curiosity, why would someone want to disable ipv6?

> On Mar 8, 2021, at 6:40 PM, G.W. Haywood via clamav-users 
>  wrote:
> 
> Hi there,
> 
> On Mon, 8 Mar 2021, Adam Bashore via clamav-users wrote:
> 
>> I'm able to telnet to port 80 at db.local.clamav.net without issue. but I
>> get a 403 forbidden when i try to download main.clv directly with wget (wget
>> http://db.local.clamav.net/main.cvd)
> 
> There's been a flurry of recent activity on the mailing list about the
> abuse of ClamAV DB service, see the archives for more detail but I
> think Joel's reply has answered this part.
> 
>> I'm not convinced that it's a network issue. Can anyone explain why
>> freshclam appears to be trying IPv6 even though the host only has an IPv4
>> address on eth1?
> 
> I think it is a network issue.  Most network software doesn't know
> what interface it's going to use, it just asks the resolver for an
> address.  Your resolver provides an IPv6 address and freshclam tries
> to use it.
> 
> To build freshclam (and everything else) from source without IPv6
> support you could (at least theoretically, I've never tried it myself)
> use the 'configure' option '--disable-ipv6'.  Alternatively, which I'd
> suggest is preferable, you can fix the network's IPv6 connectivity.
> 
> -- 
> 
> 73,
> Ged.
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam network unreachable

2021-03-08 Thread Micah Snyder (micasnyd) via clamav-users

Adam,

Some of your log lines like “Ignoring mirror" indicate a version older than 
0.102.  0.102 had a major freshclam update to the network code.  It uses 
libcurl now.  Please try to install 0.102.4 or 0.103.1 if you can.  I think a 
newer version of freshclam may work for you.

Regards,
Micah


From: clamav-users  On Behalf Of Adam 
Bashore via clamav-users
Sent: Monday, March 8, 2021 11:16 AM
To: clamav-users@lists.clamav.net
Cc: Adam Bashore 
Subject: [clamav-users] Freshclam network unreachable

Below is the main problem:

# freshclam -v
Current working dir is /var/www/html
Max retries == 3
ClamAV update process started at Mon Mar  8 14:09:02 2021
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1674
Software version from DNS: 0.103.1
main.cvd version from DNS: 59
main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: 
sigmgr)
daily.cvd version from DNS: 26102
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from 
db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from 
db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from 
db.local.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://db.local.clamav.net/daily.cvd
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
nonblock_connect: connect(): fd=5 errno=101: Network is unreachable
Can't connect to port 80 of host 
db.local.clamav.net (IP: 2606:4700::6810:db54)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Trying host db.local.clamav.net 
(2606:4700::6810:da54)...
nonblock_connect: connect(): fd=5 errno=101: Network is unreachable
Can't connect to port 80 of host 
db.local.clamav.net (IP: 2606:4700::6810:da54)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
WARNING: Can't download daily.cvd from 
db.local.clamav.net
Trying again in 5 secs...
ClamAV update process started at Mon Mar  8 14:09:10 2021
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1666
Software version from DNS: 0.103.1
main.cvd version from DNS: 59
main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: 
sigmgr)
daily.cvd version from DNS: 26102
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from 
db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from 
db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from 
db.local.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving

Re: [clamav-users] Freshclam network unreachable

2021-03-08 Thread G.W. Haywood via clamav-users


Hi there,

On Mon, 8 Mar 2021, Adam Bashore via clamav-users wrote:


I'm able to telnet to port 80 at db.local.clamav.net without issue. but I
get a 403 forbidden when i try to download main.clv directly with wget (wget
http://db.local.clamav.net/main.cvd)


There's been a flurry of recent activity on the mailing list about the
abuse of ClamAV DB service, see the archives for more detail but I
think Joel's reply has answered this part.


I'm not convinced that it's a network issue. Can anyone explain why
freshclam appears to be trying IPv6 even though the host only has an IPv4
address on eth1?


I think it is a network issue.  Most network software doesn't know
what interface it's going to use, it just asks the resolver for an
address.  Your resolver provides an IPv6 address and freshclam tries
to use it.

To build freshclam (and everything else) from source without IPv6
support you could (at least theoretically, I've never tried it myself)
use the 'configure' option '--disable-ipv6'.  Alternatively, which I'd
suggest is preferable, you can fix the network's IPv6 connectivity.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam network unreachable

2021-03-08 Thread Joel Esler (jesler) via clamav-users

Hello Adam,

Thank you for your email.  As a result of events documented in places here:
https://lists.clamav.net/pipermail/clamav-users/2021-March/010577.html
and
https://lists.clamav.net/pipermail/clamav-users/2021-March/010543.html

We’ve been forced to take emergency measures to protect the ClamAV environment.

Please Immediately switch to using Freshclam or 
https://github.com/micahsnyder/cvdupdate to update your AV definitions.

Sorry for the inconvenience, but we are currently in emergency mode and have to 
make several drastic changes over the several days.

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org


On Mar 8, 2021, at 2:16 PM, Adam Bashore via clamav-users 
mailto:clamav-users@lists.clamav.net>> wrote:

Below is the main problem:

# freshclam -v
Current working dir is /var/www/html
Max retries == 3
ClamAV update process started at Mon Mar  8 14:09:02 2021
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1674
Software version from DNS: 0.103.1
main.cvd version from DNS: 59
main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: 
sigmgr)
daily.cvd version from DNS: 26102
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from 
db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from 
db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from 
db.local.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://db.local.clamav.net/daily.cvd
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
nonblock_connect: connect(): fd=5 errno=101: Network is unreachable
Can't connect to port 80 of host 
db.local.clamav.net (IP: 2606:4700::6810:db54)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Trying host db.local.clamav.net 
(2606:4700::6810:da54)...
nonblock_connect: connect(): fd=5 errno=101: Network is unreachable
Can't connect to port 80 of host 
db.local.clamav.net (IP: 2606:4700::6810:da54)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
WARNING: Can't download daily.cvd from 
db.local.clamav.net
Trying again in 5 secs...
ClamAV update process started at Mon Mar  8 14:09:10 2021
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1666
Software version from DNS: 0.103.1
main.cvd version from DNS: 59
main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: 
sigmgr)
daily.cvd version from DNS: 26102
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from 
db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from 
db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror

Re: [clamav-users] Freshclam network unreachable

Re: [clamav-users] Freshclam network unreachable

Re: [clamav-users] Freshclam network unreachable

Re: [clamav-users] Freshclam network unreachable

Re: [clamav-users] Freshclam network unreachable

Re: [clamav-users] Freshclam network unreachable

Re: [clamav-users] Freshclam network unreachable

Re: [clamav-users] Freshclam network unreachable

8 matches

Site Navigation

Mail list logo

Footer information