Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

[cid:5D12CA40-9AC5-4A67-8169-BAD1535C8B23@vrt.sourcefire.com] On Jul 11, 2018, at 2:46 PM, Kevin A. McGrail mailto:kmcgr...@pccc.com>> wrote: On 7/11/2018 2:33 PM, Joel Esler (jesler) wrote: It is very solid. We are using *all* of their regions. As a result of this, we've been able to pin

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On 7/11/2018 2:33 PM, Joel Esler (jesler) wrote: > It is very solid.  We are using *all* of their regions.  As a result > of this, we've been able to pin point that there are only a couple > countries, *in the world* that *don't* use ClamAV.  It's very impressive. Interesting.  Any chance you have

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

It is very solid. We are using *all* of their regions. As a result of this, we've been able to pin point that there are only a couple countries, *in the world* that *don't* use ClamAV. It's very impressive. On Jul 10, 2018, at 10:13 PM, Eric Tykwinski mailto:eric-l...@truenet.com>> wrote:

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

More sync delays (which our new curl pretest scheme mitigates). First, a 2 hour 15 minute delay: -- Wednesday 11 July 2018 at 01:03:01 -- /opt/clamav/bin/testclam-external --> EXT D 24741/24742/24741 B 324/324/324 M 58/58/58 # 4

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

I looked at a bunch of pages on Cloudflare's site. What they offer is quite impressive -- way beyond "mere" distributed/anycast CDN. On Tue, 10 Jul 2018 22:13:49 -0400 Eric Tykwinski wrote: > They have some documentation on their site: >

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

They have some documentation on their site: https://support.cloudflare.com/hc/en-us/articles/115000540888-Load-Balancing-Geographic-Regions No clue what regions they are using, but hopefully they

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Joel posted pictures (in one of these update thread) of where the mirrors are located along with the relative traffic that each one transfers. Cheers, Freddie Typos courtesy of my phone's keyboard. On Tue, Jul 10, 2018, 6:37 PM Paul Kosinski, wrote: > I have a question. I presume that there

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

I have a question. I presume that there are more physical Cloudflare server instances than implied by database.clamav.net's 5 IP addresses, and that they are geographically distributed, rather than all being in/near San Francisco. This suggests that they are Anycast addresses. But I don't know

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Thanks for this feedback everyone. This is extremely useful. > On Jul 10, 2018, at 11:26 AM, Paul Kosinski wrote: > > Last night our new method of getting cvd updates showed that it was > *one hour* from the time the DNS TXT record claimed a new cvd was > available to the time when our quick

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Last night our new method of getting cvd updates showed that it was *one hour* from the time the DNS TXT record claimed a new cvd was available to the time when our quick curl said it was really available! In particular at 1:03 AM (EDT), DNS said version 24739 was available, but a curl of the

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

I have changed the way we use freshclam to mitigate the sync problem with the new Cloudflare mirror regime -- which, by the way, *still* seems to lag what the DNS TXT record reports. What I have done is to introduce a pretesting phase before invoking freshclam. Our new update method operates in

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Thu, Jul 5, 2018 at 2:21 PM Joel Esler (jesler) wrote: > For the people who have this issue, can you change your mirror to " > database.clamav.net" and see if this error occurs any more? > I'm no longer seeing "Can't query" messsages or "Mirror unsynched" messages in the freshclam.log for

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Hi clear so far, will keep a close eye on each update Michael On 05/07/18 22:21, Joel Esler (jesler) wrote: For the people who have this issue, can you change your mirror to "database.clamav.net " and see if this error occurs any more? -- *Joel Esler* Sr.

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

For the people who have this issue, can you change your mirror to "database.clamav.net" and see if this error occurs any more? -- Joel Esler Sr. Manager Open Source, Design, Web, and Education Talos Group http://www.talosintelligence.com On Jul 2, 2018, at 10:22 AM,

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

I have an idea which I have relayed to the ops team. When they put my idea in place, we'll see if that clears up the last remaining issue (which is the "Mirror is out of date!" warning.) > On Jul 5, 2018, at 2:06 PM, Paul Kosinski wrote: > > Mirrors should support a well-defined protocol.

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Mirrors should support a well-defined protocol. Using an ill-defined protocol which only works with a particular tool is not, in my mind, consistent with the spirit of Open Source. I've been perfectly happy (until the recent sync failures, at least) using freshclam, which is Open Source like the

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Am 04.07.2018 um 17:26 schrieb Paul Kosinski: > Using DNS TXT records is great when they work, but a bandwidth disaster > when they don't. > > I don't think Cloudflare per se is the problem -- I think having > different computers serving the DNS vs the big files is the problem. > Back in the

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Am 03.07.2018 um 22:51 schrieb Joel Esler (jesler): >> On Jul 3, 2018, at 4:46 PM, Reindl Harald > > wrote: >> >> Am 03.07.2018 um 22:42 schrieb Joel Esler (jesler): On Jul 3, 2018, at 3:59 PM, Reindl Harald >>>

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Am 03.07.2018 um 18:39 schrieb Joel Esler (jesler): >> On Jul 2, 2018, at 1:17 PM, Reindl Harald > > wrote: >> >> on a typical setup freshclam is running once or twice *daily* while a >> webserver these days can spit out the same small static txt file many >>

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Am 03.07.2018 um 18:28 schrieb Paul Kosinski: > It's not a matter of using DNS TXT records, it's a matter of sourcing > them on a *different* computer than the actual files. This separation > virtually begs for synchronization problems. it is! simply because DNS knowns nothing about your

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Okay. Here’s a good conversation. Why? If the tool is provided for updates, and the mirror network is setup to function to that tool Why should the mirrors function for all tools? Or, should the tools have to conform to the mirror network? (I believe this) Sent from my iPhone > On

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

I did block a couple people after I wrote that email. Probably about 10 in all. All the worst offenders. (The person in China attempting to download daily-1.diff every two seconds.) But I did notice some interesting patterns. Like the same host downloading the same definitions over and over

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

It would be a mistake to think everyone is using freshclam to dl signatures. The system needs to accommodate that. dp On 7/4/18 10:08 AM, G.W. Haywood wrote: Hi Joel, FWIW I believe we've had no problems at all with mirrors since March 2018, when I responded to a post on 23rd March by Orion

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Hi Joel, FWIW I believe we've had no problems at all with mirrors since March 2018, when I responded to a post on 23rd March by Orion Poplawski, who saw a few timeouts. We also saw a very few timeouts in mid-late March. On Wed, 4 Jul 2018, Joel Esler wrote: ... It's the people that are

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

What do you see if you run freshclam --list-mirrors, and are you running freshclam in daemon mode? The reason I ask is if you deleted mirrors.dat then freshclam should have no knowledge of any previous errors. dp On 7/4/18 1:18 AM, Michael Da Cova wrote: Hi still getting issues, (I have

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Using DNS TXT records is great when they work, but a bandwidth disaster when they don't. I don't think Cloudflare per se is the problem -- I think having different computers serving the DNS vs the big files is the problem. Back in the old days of ClamAV, they probably were the same computers.

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

As I indicated earlier, any time you see (due to previous errors) it's because mirrors.dat has disabled that IP address. What might be useful are the attempts immediately after you removed mirrors.dat which should indicate the reason for those failures. Is your setup IPv6 compatible? If not,

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Hi still getting issues, (I have removed the mirror file) the setup we have has been in place for years except for minor hiccup, but never this bad main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cvd version from DNS: 24721 Retrieving

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

8 12:53 PM To: clamav-users@lists.clamav.net Subject: [External] Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors) Does your wget not support the -e args to access a proxy? Example: wget http://someurl.com/filename.html -e use_proxy=yes -e http_proxy=xxx.xxx.xx

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 4:50 PM, Benny Pedersen mailto:m...@junc.eu>> wrote: Joel Esler (jesler) skrev den 2018-07-03 22:42: Yes. But measuring those numbers is the difficult part. A fresh install of ClamAV is going to download the main, the daily, then all the diffs since the last daily, which

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 4:46 PM, Reindl Harald mailto:h.rei...@thelounge.net>> wrote: Am 03.07.2018 um 22:42 schrieb Joel Esler (jesler): On Jul 3, 2018, at 3:59 PM, Reindl Harald mailto:h.rei...@thelounge.net> > wrote: voila - all new connections which are more

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Joel Esler (jesler) skrev den 2018-07-03 22:42: Yes. But measuring those numbers is the difficult part. A fresh install of ClamAV is going to download the main, the daily, then all the diffs since the last daily, which could be a ton. It's the people that are downloading the *same* diff

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 3:59 PM, Reindl Harald mailto:h.rei...@thelounge.net>> wrote: voila - all new connections which are more than 5 per hour from the same IP are dropped, i have similar rules for specific ports and max connections per client for many years now - no rocket science Yes. But

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

s-boun...@lists.clamav.net] On Behalf > Of Dennis Peterson > Sent: Tuesday, July 03, 2018 12:53 PM > To: clamav-users@lists.clamav.net > Subject: [External] Re: [clamav-users] We STILL cannot reliably get virus > updates (since new mirrors) > > Does your wget not support th

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Does your wget not support the -e args to access a proxy? Example: wget http://someurl.com/filename.html -e use_proxy=yes -e http_proxy=xxx.xxx.xxx.xxx:3128 The proxy IP or hostname can be used. dp On 7/3/18 11:11 AM, SCOTT PACKARD wrote: The current DNS TXT does not work within my

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 2:11 PM, SCOTT PACKARD mailto:scott.pack...@raytheon.com>> wrote: I rely on someone in Arizona to pull definitions from, but sometimes their server goes out, other times clamav's content system breaks, and it's a pain to figure out which one is the culprit. Well,

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

uesday, July 03, 2018 10:36 AM > To: ClamAV users ML > Subject: [External] Re: [clamav-users] We STILL cannot reliably get virus > updates (since new mirrors) > > > > For everyone (or maybe the one) asking why the DNS system exists, as the > person who came up with the

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 1:36 PM, Christopher X. Candreva mailto:ch...@westnet.com>> wrote: I have to admit I've wondered if Cloudflare and the other CDN's meant it outlived it's usefullness, but it's a contribution I'm fairly proud of. That's what we are evaluating. It's a great system. The

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

For everyone (or maybe the one) asking why the DNS system exists, as the person who came up with the idea in the first place (or the idea of stealing it from the DNSbls ) I thought I would provide a link to the original discussion in which is was hashed out ( beaten to death) back in 2004:

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

We used to check once every 90 minutes (16 per day). Plus, we run a local proxy/mirror so the updates can be served to other machines on our LAN without extra load on the ClamAV servers. That was before the new mirroring scheme. Now we're checking several times per hour in the (vain?) hope of

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Tue, Jul 3, 2018 at 9:28 AM, Paul Kosinski wrote: > The way Linux updates are done in practice is significantly different > from ClamAV virus signature updates. > > With ClamAV, freshclam is automatically run periodically, sees (by > some low-cost means) that a new file version is *supposed*

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 2, 2018, at 1:17 PM, Reindl Harald mailto:h.rei...@thelounge.net>> wrote: on a typical setup freshclam is running once or twice *daily* while a webserver these days can spit out the same small static txt file many thousands of times per seond with zero load That is not the results we

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

You are right! Maybe it only rejects browser-ish headers. On Tue, 3 Jul 2018 08:12:47 -0700 Dennis Peterson wrote: > If you run that curl command I provided it will return only the > signature serial number. > > dp > > On 7/3/18 6:59 AM, Paul Kosinski wrote: > > Determining what version a

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

The way Linux updates are done in practice is significantly different from ClamAV virus signature updates. With ClamAV, freshclam is automatically run periodically, sees (by some low-cost means) that a new file version is *supposed* to be available and tries to download it. If either it can't,

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Am 03.07.2018 um 09:14 schrieb Matus UHLAR - fantomas: >>> On Mon, 02 Jul 2018 04:02:58 -0700 >>> Al Varnell wrote: Does the evidence available infivsyr that it's the mirrors that are out-of-date or is it DNS? Everything I've seen shows that they are not in sync, but I'm not sure

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

at the people who think the DNS nonsense instead a static "daily.version" text-file gains anything.... -------- Weitergeleitete Nachricht ---- Betreff: Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors) Datum: Mon, 2 Jul 2018 19:10:40 +0100 Von: Brian Morrison A

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Am 02.07.2018 um 20:10 schrieb Brian Morrison: > On Mon, 2 Jul 2018 19:50:55 +0200 > Reindl Harald wrote: > >>> For me freshclam runs roughly every 2 hours, so I think that the >>> load is an order of magnitude higher than you state. I will confess >>> that I don't know about the capability of

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Am 02.07.2018 um 19:45 schrieb Brian Morrison: > On Mon, 2 Jul 2018 19:17:32 +0200 > Reindl Harald wrote: > >> Am 02.07.2018 um 19:07 schrieb Brian Morrison: >>> On Mon, 2 Jul 2018 10:26:34 +0200 >>> Reindl Harald wrote: >>> Am 02.07.2018 um 08:44 schrieb Bill Maidment: > Maybe

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Am 02.07.2018 um 19:07 schrieb Brian Morrison: > On Mon, 2 Jul 2018 10:26:34 +0200 > Reindl Harald wrote: > >> Am 02.07.2018 um 08:44 schrieb Bill Maidment: >>> Maybe these are dumb questions; if so, please ignore. >>> But doesn't it make more sense to update all the mirrors first, >>> before

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 2, 2018, at 2:10 PM, Brian Morrison mailto:b...@fenrir.org.uk>> wrote: On Mon, 2 Jul 2018 19:50:55 +0200 Reindl Harald wrote: For me freshclam runs roughly every 2 hours, so I think that the load is an order of magnitude higher than you state. I will confess that I don't know about the

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Jul 3, 2018, at 10:37 AM, Benoit Panizzon mailto:benoit.paniz...@imp.ch>> wrote: Sorry I was not following that discussion... Host: db.us.clamav.net User-Agent: ClamAV/0.99.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Error 1003 Ray ID: 4349da2f33f4ae20 •

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Hi List Sorry I was not following that discussion... > Host: db.us.clamav.net > User-Agent: ClamAV/0.99.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) > >Error 1003 Ray ID: 4349da2f33f4ae20 • 2018-07-03 13:55:52 UTC >Direct IP access not allowed But this cought my attention...

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Determining what version a *mirror* has is a bit tricky. Looking at the capture of the entire HTTP session with the new mirrors, they seem to require some header magic to be acceptable: Host: db.us.clamav.net User-Agent: ClamAV/0.99.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Simply trying

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Mon, 02 Jul 2018 04:02:58 -0700 Al Varnell wrote: Does the evidence available infivsyr that it's the mirrors that are out-of-date or is it DNS? Everything I've seen shows that they are not in sync, but I'm not sure which get's updated first. Am 02.07.2018 um 13:22 schrieb Brian Morrison:

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Well damn - they say memory is the first thing to go... curl -s -r 35-39 http://db.us.clamav.net/daily.cvd |strings The -s (silent) inhibits stats. dp On 7/3/18 12:02 AM, Dennis Peterson wrote: I had completely forgotten about freshclam grabbing the entire file to determine currency. I

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

I had completely forgotten about freshclam grabbing the entire file to determine currency. I recall knocking off a quick script to avoid that which included: curl -q -r 35-39 http://db.us.clamav.net/daily.cvd |strings It returns the ID of what ever version is on the mirror. I've added strings

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Any system whereby new versions of files are announced before they are actually available to automated downloads is awkward (to say the least). If, in addition, a server which doesn't have the announced version is blacklisted by the automated downloader, the whole mechanism can grind to a halt

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On 7/2/18 3:39 PM, Joel Esler (jesler) wrote: I’m not at a large keyboard right now. But with Cloudflare currently acting as our mirror network, none of the current assumptions about how the mirror network works is accurate. We have not changed the donated mirror network, as our discussions

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

I’m not at a large keyboard right now. But with Cloudflare currently acting as our mirror network, none of the current assumptions about how the mirror network works is accurate. We have not changed the donated mirror network, as our discussions with cloudflare are on going. Sent from

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

The current system announces a new version of the signatures is available before all the mirrors have received the update.  Another design option is for ClamAV to upload the updates to all the mirrors and then announce the new version. That is not what we have and there are good reasons for it.

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Mon, 2 Jul 2018 19:50:55 +0200 Reindl Harald wrote: > > For me freshclam runs roughly every 2 hours, so I think that the > > load is an order of magnitude higher than you state. I will confess > > that I don't know about the capability of web servers in this > > regard, but the point that

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Mon, 2 Jul 2018 19:17:32 +0200 Reindl Harald wrote: > Am 02.07.2018 um 19:07 schrieb Brian Morrison: > > On Mon, 2 Jul 2018 10:26:34 +0200 > > Reindl Harald wrote: > > > >> Am 02.07.2018 um 08:44 schrieb Bill Maidment: > >>> Maybe these are dumb questions; if so, please ignore. > >>> But

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Mon, 2 Jul 2018 10:26:34 +0200 Reindl Harald wrote: > Am 02.07.2018 um 08:44 schrieb Bill Maidment: > > Maybe these are dumb questions; if so, please ignore. > > But doesn't it make more sense to update all the mirrors first, > > before changing the DNS? Is there some mechanism to do it that

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Am 02.07.2018 um 13:22 schrieb Brian Morrison: > On Mon, 02 Jul 2018 04:02:58 -0700 > Al Varnell wrote: > >> Does the evidence available infivsyr that it's the mirrors that are >> out-of-date or is it DNS? Everything I've seen shows that they are >> not in sync, but I'm not sure which get's

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Am 02.07.2018 um 08:44 schrieb Bill Maidment: > Maybe these are dumb questions; if so, please ignore. > But doesn't it make more sense to update all the mirrors first, before > changing the DNS? Is there some mechanism to do it that way round? i wonder why all the linux distributions with

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Hi just had Downloading daily.cvd [100%] WARNING: Mirror 104.16.185.138 is not synchronized. Querying daily.0.79.0.0.6810B98A.ping.clamav.net Can't query daily.0.79.0.0.6810B98A.ping.clamav.net On 02/07/18 13:20, Joel Esler (jesler) wrote: Okay, I just did this and I flushed the cache on all

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

I don't understand your reply. Exactly *how* do we "wait until every mirror is synchonized, become notified, then try". Freshclam is run periodically, automatically (via cron, in our case). Shouldn't it be freshclam's job to do things at the right time. And how would *it* know when all mirrors

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Okay, I just did this and I flushed the cache on all the largest PoP cache servers. If you are connected to db.us, please test? Sent from my iPhone > On Jul 2, 2018, at 07:59, Joel Esler (jesler) wrote: > > It may be the TTL I have set on the cache. Let me get to my desk and remove > the

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

It may be the TTL I have set on the cache. Let me get to my desk and remove the TTL and flush the cache and have you try again Sent from my iPhone > On Jul 2, 2018, at 00:01, Al Varnell wrote: > > Seems to me that it's only a problem if it takes a significant amount of time > between the

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On Mon, 02 Jul 2018 04:02:58 -0700 Al Varnell wrote: > Does the evidence available infivsyr that it's the mirrors that are > out-of-date or is it DNS? Everything I've seen shows that they are > not in sync, but I'm not sure which get's updated first. It should not matter if the mirrors are ahead

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Disregard. I see that in the case Paul sited, DNS is at daily-24713 and the mirrors are still serving daily.cvd 24712. -Al- On Mon, Jul 02, 2018 at 04:02 AM, Al Varnell wrote: > Does the evidence available infivsyr that it's the mirrors that are > out-of-date or is it DNS? Everything I've seen

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Does the evidence available infivsyr that it's the mirrors that are out-of-date or is it DNS? Everything I've seen shows that they are not in sync, but I'm not sure which get's updated first. -Al- On Sun, Jul 01, 2018 at 11:44 PM, Bill Maidment wrote: > Maybe these are dumb questions; if so,

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

- > From:Al Varnell > Sent: Monday 2nd July 2018 16:35 > To: ClamAV users ML > Subject: Re: [clamav-users] We STILL cannot reliably get virus updates (since > new mirrors) > > I suspect the use of IPv6 would double the number of failures, but each > should be counted a

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

I suspect the use of IPv6 would double the number of failures, but each should be counted against a separate IP, so that doesn't strike me as contributing. It would be interesting to know the interval between checks for those experiencing this problem. That, along with knowing how long it takes

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

My interest is if a non-synched mirror would trigger an entry in which case many false entries are possible. That is a cascading  error that would be complicated by close-in-time updates. Just noodling out of the box a bit, here. dp On 7/1/18 9:28 PM, Al Varnell wrote: As far as the client

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

As far as the client mirrors.dat file, it's updated locally by freshclam to indicate either success or failure for a specific IP. After a specific number of failures (I've forgotten what that is) the IP is given a “time-out” which precludes it's use until some amount of time passes. Under

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

What makes it a problem? You can never dl it until it is available, so the problem is you become aware of it too soon. But think about what that means. Your choices are to know immediately when an update is available and try to get it, or wait until every mirror is synchonized, become notified,

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Seems to me that it's only a problem if it takes a significant amount of time between the DNS update and the mirror updates. I don't have a good feel for how long that is from the postings so far, but it does sound like it may have increased as a result of the move from ClamAV mirrors to the

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

On 7/1/18 8:24 PM, Paul Kosinski wrote: My conclusion is that the cause of this is a typical race condition: the DNS TXT record is updated before Cloudflare has propagated the new cvd file to all the mirrors. Is this a problem? dp ___ clamav-users

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

The debug flag on the freshclam invocation seems only to report on the processing that happens *after* the cvd is successfully downloaded. So... I went to a more basic level and captured the actual network traffic with pcap and then examined it with wireshark. I found an update attempt that

Re: [clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

Ping.clamav.net is an identification lookup. Helps us see what versions people are running out there and what version of ClamAV people are using. It’s failure shouldn’t stop the update process. Please give us a debug. Sent from my iPhone > On Jun 30, 2018, at 19:28, Paul Kosinski wrote: >

[clamav-users] We STILL cannot reliably get virus updates (since new mirrors)

We are *still* failing to get ClamAV cvd files updates reliably -- even after deleting mirrors.dat before each attempt! The basic problem seems to be that the query to (e.g.): daily.24710.85.1.0.6810BB8A.ping.clamav.net fails as often as not (e.g.): Querying