>>socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
>>bind(3, {sa_family=AF_INET, sin_port=htons(0),
>>sin_addr=inet_addr("IP address")}, 16) = 0
>
>From clamdscan's perspective this should not have been successful. It means
>that the local machine successfully bound to "IP address", so "IP
bind(3, {sa_family=AF_INET, sin_port=htons(0),
sin_addr=inet_addr("IP address")}, 16) = 0
From clamdscan's perspective this should not have been successful. It
means that the local machine successfully bound to "IP address", so "IP
address" (and therefore clamd running on it) has to be local,
This is what I see from the strace:
sendto(3, "zCONTSCAN /etc/gshadow\0", 23, 0, NULL, 0) = 23
>>>That's interesting. Does the client machine access clamav-central via a
>>>local proxy? Or more precisely, does the exemplary TCPAddr
>>>"clamav-central.company.com" resolve to an
That's interesting. Does the client machine access clamav-central via a local proxy? Or
more precisely, does the exemplary TCPAddr "clamav-central.company.com" resolve
to an IP-address that the client machine uses on one of its interfaces?
No, it's a direct connection. In both straces I can
>> This is what I see from the strace:
>>
>> sendto(3, "zCONTSCAN /etc/gshadow\0", 23, 0, NULL, 0) = 23
>That's interesting. Does the client machine access clamav-central via a local
>proxy? Or more precisely, does the exemplary TCPAddr
>"clamav-central.company.com" resolve to an IP-address that
This is what I see from the strace:
sendto(3, "zCONTSCAN /etc/gshadow\0", 23, 0, NULL, 0) = 23
That's interesting. Does the client machine access clamav-central via a
local proxy? Or more precisely, does the exemplary TCPAddr
"clamav-central.company.com" resolve to an IP-address that the
We have a central clamav server that does all of the actual scanning
>>>You mean a remote one from clamdscan's perspective, queried via "TCPAddr
>>>..."?
>>Correct.
>>
>>TCPSocket 3310
>>TCPAddr clamav-central.company.com
>man clamdscan:
>
> --fdpass
>... Only available if connected
We have a central clamav server that does all of the actual scanning
You mean a remote one from clamdscan's perspective, queried via "TCPAddr ..."?
Correct.
TCPSocket 3310
TCPAddr clamav-central.company.com
man clamdscan:
--fdpass
... Only available if connected to clamd via
>> We have a central clamav server that does all of the actual scanning
>
>You mean a remote one from clamdscan's perspective, queried via "TCPAddr ..."?
Correct.
TCPSocket 3310
TCPAddr clamav-central.company.com
___
Manage your clamav-users mailing
On 17 May 2024 13:26:27 Julia Korhonen via clamav-users
wrote:
Upon running command curl http://database.clamav.net, I received a message
indicating that my access was blocked. However, upon reviewing my network
settings and conducting diagnostic tests, I could not find any explicit
Upon running command curl http://database.clamav.net, I received a message
indicating that my access was blocked. However, upon reviewing my network
settings and conducting diagnostic tests, I could not find any explicit
indication of a block.
I would greatly appreciate it if you could
We have a central clamav server that does all of the actual scanning
You mean a remote one from clamdscan's perspective, queried via "TCPAddr ..."?
___
Manage your clamav-users mailing list subscription / unsubscribe:
12 matches
Mail list logo
