subject:"\[clamav\-users\] QNAP Antivirus Updates"

Re: [clamav-users] QNAP Antivirus Updates

2021-09-21 Thread Joel Esler (jesler) via clamav-users

And… there’s your answer.  Thank you all!  I think this thread is dead.

> On Sep 21, 2021, at 2:42 PM, Liston, Daniel (DLISTON) via clamav-users 
>  wrote:
> 
> I have already forgotten the point, but I did do some DNS 
> queries from our datacenters in LON, TYO, and NYC.  All 
> reported the same results;
> 
> Non-authoritative answer:
> database.clamav.net canonical name = 
> database.clamav.net.cdn.cloudflare.net.
> Name:   database.clamav.net.cdn.cloudflare.net
> Address: 104.16.218.84
> Name:   database.clamav.net.cdn.cloudflare.net
> Address: 104.16.219.84
> 
> It seems it should be safe to specify these 2 IP addresses
> in your firewall for the updates.
> 
> 
> L8r
> Dan
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml



smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] QNAP Antivirus Updates

2021-09-21 Thread Liston, Daniel (DLISTON) via clamav-users

I have already forgotten the point, but I did do some DNS 
queries from our datacenters in LON, TYO, and NYC.  All 
reported the same results;

Non-authoritative answer:
database.clamav.net canonical name = database.clamav.net.cdn.cloudflare.net.
Name:   database.clamav.net.cdn.cloudflare.net
Address: 104.16.218.84
Name:   database.clamav.net.cdn.cloudflare.net
Address: 104.16.219.84

It seems it should be safe to specify these 2 IP addresses
in your firewall for the updates.


L8r
Dan

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] QNAP Antivirus Updates

2021-09-21 Thread Paul Kosinski via clamav-users

"how's this different from what Joel said?"

My reading of the following (based on normal English convention)

  > >  104.16.218.84
  > >  104.16.219.84  
  > That’s what they are for you.  Cloudflare routes you to the closest pop to 
your network.  Your mileage may vary  

is that "they" refers to the IP addresses, NOT the DNS names (which hadn't even 
been mentioned in my email at this point).

Thus, what I inferred from Joel's statement is that "database.clamav.net" might 
resolve to different IPs for other users (which would be weird, given the use 
of Anycast). So I tested it the best I could (without traveling a lot, or 
setting up VMs in different countries).


On Tue, 21 Sep 2021 13:21:20 +0200
Matus UHLAR - fantomas  wrote:

> >On Mon, 20 Sep 2021 17:17:34 +
> >"Joel Esler (jesler)"  wrote:
> >  
> >> > On Sep 20, 2021, at 13:08, Paul Kosinski via clamav-users 
> >> >  wrote:
> >> >
> >> > These two IPs are Anycast addresses, and have been unchanged for well 
> >> > over 2 years. (Anycast addresses don't have to change even if the 
> >> > physical servers change, that's their point!) They are:
> >> >
> >> >  104.16.218.84
> >> >  104.16.219.84  
> >> That’s what they are for you.  Cloudflare routes you to the closest pop to 
> >> your network.  Your mileage may vary  
> 
> On 20.09.21 20:16, Paul Kosinski via clamav-users wrote:
> >I thought the IP addresses, being Anycast, were what are routed to the 
> >closest POP.  
> 
> how's this different from what Joel said?
> 
> > No matter, when I resolve "database.clamav.net" via various DNS servers,
> > using TCP to bypass the default local DNS server (as our firewall blocks
> > outbound UDP port 53 otherwise), I always get these same two IP addresses
> > as results (see below)  
> 
> yes, becaue those two IP are anycast... they are router to the nearest POP.
> 
> > Given that the servers at 1.1.1.1, 8.8.8.8 and 9.9.9.9 are "public", and
> > likely Anycast, while 71.243.0.12 is local Verizon/FIOS, I suppose that
> > the Authoritative server and the public (Anycast) servers could
> > conceivably be distributing different IP addresses depending on who is
> > querying.  (BIND/named has become incredibly complicated these days.) But
> > since the two IP addresses are themselves Anycast, what would be the
> > point?  
> 
> the point is, not to provide different IPs via anycast DNS but to provide
> anycast IPs via any DNS.
> 
> > In any case, does anyone, anywhere, get IP addresses other than
> >
> >  104.16.218.84
> >  104.16.219.84
> >
> > when resolving "database.clamav.net"?  
> 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] QNAP Antivirus Updates

2021-09-21 Thread Joel Esler (jesler) via clamav-users

Cool 

— 
Sent from my  iPhone

> On Sep 20, 2021, at 20:17, Paul Kosinski  wrote:
> 
> On Mon, 20 Sep 2021 17:17:34 +
> "Joel Esler (jesler)"  wrote:
> 
 On Sep 20, 2021, at 13:08, Paul Kosinski via clamav-users 
  wrote:
>>> 
>>> These two IPs are Anycast addresses, and have been unchanged for well over 
>>> 2 years. (Anycast addresses don't have to change even if the physical 
>>> servers change, that's their point!) They are:
>>> 
>>> 104.16.218.84
>>> 104.16.219.84  
>> That’s what they are for you.  Cloudflare routes you to the closest pop to 
>> your network.  Your mileage may vary
> 
> ===
> 
> I thought the IP addresses, being Anycast, were what are routed to the 
> closest POP.
> 
> No matter, when I resolve "database.clamav.net" via various DNS servers, 
> using TCP to bypass the default local DNS server (as our firewall blocks 
> outbound UDP port 53 otherwise), I always get these same two IP addresses as 
> results (see below) 
> 
> Given that the servers at 1.1.1.1, 8.8.8.8 and 9.9.9.9 are "public", and 
> likely Anycast, while 71.243.0.12 is local Verizon/FIOS, I suppose that the 
> Authoritative server and the public (Anycast) servers could conceivably be 
> distributing different IP addresses depending on who is querying. (BIND/named 
> has become incredibly complicated these days.) But since the two IP addresses 
> are themselves Anycast, what would be the point?
> 
> In any case, does anyone, anywhere, get IP addresses other than
> 
>  104.16.218.84
>  104.16.219.84
> 
> when resolving "database.clamav.net"?
> 
> 
> 
>  $ dig +tcp +all @1.1.1.1 database.clamav.net
> 
>  ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all 
> @1.1.1.1 database.clamav.net
>  ; (1 server found)
>  ;; global options: +cmd
>  ;; Got answer:
>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5920
>  ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
> 
>  ;; QUESTION SECTION:
>  ;database.clamav.net.INA
> 
>  ;; ANSWER SECTION:
>  database.clamav.net.31INCNAME
> database.clamav.net.cdn.cloudflare.net.
>  database.clamav.net.cdn.cloudflare.net.271 IN A 104.16.219.84
>  database.clamav.net.cdn.cloudflare.net.271 IN A 104.16.218.84
> 
>  ;; Query time: 11 msec
>  ;; SERVER: 1.1.1.1#53(1.1.1.1)
>  ;; WHEN: Mon Sep 20 15:28:17 2021
>  ;; MSG SIZE  rcvd: 118
> 
>  ---
> 
>  $ dig +tcp +all @8.8.8.8 database.clamav.net
> 
>  ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all 
> @8.8.8.8 database.clamav.net
>  ; (1 server found)
>  ;; global options: +cmd
>  ;; Got answer:
>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49012
>  ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
> 
>  ;; QUESTION SECTION:
>  ;database.clamav.net.INA
> 
>  ;; ANSWER SECTION:
>  database.clamav.net.19INCNAME
> database.clamav.net.cdn.cloudflare.net.
>  database.clamav.net.cdn.cloudflare.net.300 IN A 104.16.218.84
>  database.clamav.net.cdn.cloudflare.net.300 IN A 104.16.219.84
> 
>  ;; Query time: 31 msec
>  ;; SERVER: 8.8.8.8#53(8.8.8.8)
>  ;; WHEN: Mon Sep 20 15:21:13 2021
>  ;; MSG SIZE  rcvd: 118
> 
>  ---
> 
>  $ dig +tcp +all @9.9.9.9 database.clamav.net
> 
>  ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all 
> @9.9.9.9 database.clamav.net
>  ; (1 server found)
>  ;; global options: +cmd
>  ;; Got answer:
>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29165
>  ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
> 
>  ;; QUESTION SECTION:
>  ;database.clamav.net.INA
> 
>  ;; ANSWER SECTION:
>  database.clamav.net.60INCNAME
> database.clamav.net.cdn.cloudflare.net.
>  database.clamav.net.cdn.cloudflare.net.300 IN A 104.16.218.84
>  database.clamav.net.cdn.cloudflare.net.300 IN A 104.16.219.84
> 
>  ;; Query time: 91 msec
>  ;; SERVER: 9.9.9.9#53(9.9.9.9)
>  ;; WHEN: Mon Sep 20 15:30:17 2021
>  ;; MSG SIZE  rcvd: 118
> 
>  ---
> 
>  $ dig +tcp +all @71.243.0.12 database.clamav.net
> 
>  ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all 
> @71.243.0.12 database.clamav.net
>  ; (1 server found)
>  ;; global options: +cmd
>  ;; Got answer:
>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12056
>  ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
> 
>  ;; QUESTION SECTION:
>  ;database.clamav.net.INA
> 
>  ;; ANSWER SECTION:
>  database.clamav.net.60INCNAME
> database.clamav.net.cdn.cloudflare.net.
>  database.clamav.net.cdn.cloudflare.net.144 IN A 104.16.218.84
>  database.clamav.net.cdn.cloudflare.net.144 IN A 104.16.219.84
> 
>  ;; Query time: 16 msec
>  ;; SERVER: 71.243.0.12#53(71.243.0.12)
>  ;; WHEN: Mon Sep 20 15:21:39 2021
>  ;; MSG SIZE  rcvd: 118
> 
>

Re: [clamav-users] QNAP Antivirus Updates

2021-09-21 Thread Matus UHLAR - fantomas

On Mon, 20 Sep 2021 17:17:34 +
"Joel Esler (jesler)"  wrote:

> On Sep 20, 2021, at 13:08, Paul Kosinski via clamav-users 
 wrote:
>
> These two IPs are Anycast addresses, and have been unchanged for well over 2 
years. (Anycast addresses don't have to change even if the physical servers 
change, that's their point!) They are:
>
>  104.16.218.84
>  104.16.219.84
That’s what they are for you.  Cloudflare routes you to the closest pop to your 
network.  Your mileage may vary

On 20.09.21 20:16, Paul Kosinski via clamav-users wrote:

I thought the IP addresses, being Anycast, were what are routed to the closest 
POP.

how's this different from what Joel said?

No matter, when I resolve "database.clamav.net" via various DNS servers,
using TCP to bypass the default local DNS server (as our firewall blocks
outbound UDP port 53 otherwise), I always get these same two IP addresses
as results (see below)

yes, becaue those two IP are anycast... they are router to the nearest POP.

Given that the servers at 1.1.1.1, 8.8.8.8 and 9.9.9.9 are "public", and
likely Anycast, while 71.243.0.12 is local Verizon/FIOS, I suppose that
the Authoritative server and the public (Anycast) servers could
conceivably be distributing different IP addresses depending on who is
querying.  (BIND/named has become incredibly complicated these days.) But
since the two IP addresses are themselves Anycast, what would be the
point?

the point is, not to provide different IPs via anycast DNS but to provide
anycast IPs via any DNS.

In any case, does anyone, anywhere, get IP addresses other than

 104.16.218.84
 104.16.219.84

when resolving "database.clamav.net"?

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] QNAP Antivirus Updates

2021-09-20 Thread Paul Kosinski via clamav-users

On Mon, 20 Sep 2021 17:17:34 +
"Joel Esler (jesler)"  wrote:

> > On Sep 20, 2021, at 13:08, Paul Kosinski via clamav-users 
> >  wrote:
> > 
> > These two IPs are Anycast addresses, and have been unchanged for well over 
> > 2 years. (Anycast addresses don't have to change even if the physical 
> > servers change, that's their point!) They are:
> > 
> >  104.16.218.84
> >  104.16.219.84  
> That’s what they are for you.  Cloudflare routes you to the closest pop to 
> your network.  Your mileage may vary

===

I thought the IP addresses, being Anycast, were what are routed to the closest 
POP.

No matter, when I resolve "database.clamav.net" via various DNS servers, using 
TCP to bypass the default local DNS server (as our firewall blocks outbound UDP 
port 53 otherwise), I always get these same two IP addresses as results (see 
below) 

Given that the servers at 1.1.1.1, 8.8.8.8 and 9.9.9.9 are "public", and likely 
Anycast, while 71.243.0.12 is local Verizon/FIOS, I suppose that the 
Authoritative server and the public (Anycast) servers could conceivably be 
distributing different IP addresses depending on who is querying. (BIND/named 
has become incredibly complicated these days.) But since the two IP addresses 
are themselves Anycast, what would be the point?

In any case, does anyone, anywhere, get IP addresses other than

  104.16.218.84
  104.16.219.84

when resolving "database.clamav.net"?
  

  
  $ dig +tcp +all @1.1.1.1 database.clamav.net
  
  ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all 
@1.1.1.1 database.clamav.net
  ; (1 server found)
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5920
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
  
  ;; QUESTION SECTION:
  ;database.clamav.net. IN  A
  
  ;; ANSWER SECTION:
  database.clamav.net.  31  IN  CNAME   
database.clamav.net.cdn.cloudflare.net.
  database.clamav.net.cdn.cloudflare.net.   271 IN A 104.16.219.84
  database.clamav.net.cdn.cloudflare.net.   271 IN A 104.16.218.84
  
  ;; Query time: 11 msec
  ;; SERVER: 1.1.1.1#53(1.1.1.1)
  ;; WHEN: Mon Sep 20 15:28:17 2021
  ;; MSG SIZE  rcvd: 118
  
  ---
  
  $ dig +tcp +all @8.8.8.8 database.clamav.net
  
  ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all 
@8.8.8.8 database.clamav.net
  ; (1 server found)
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49012
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
  
  ;; QUESTION SECTION:
  ;database.clamav.net. IN  A
  
  ;; ANSWER SECTION:
  database.clamav.net.  19  IN  CNAME   
database.clamav.net.cdn.cloudflare.net.
  database.clamav.net.cdn.cloudflare.net.   300 IN A 104.16.218.84
  database.clamav.net.cdn.cloudflare.net.   300 IN A 104.16.219.84
  
  ;; Query time: 31 msec
  ;; SERVER: 8.8.8.8#53(8.8.8.8)
  ;; WHEN: Mon Sep 20 15:21:13 2021
  ;; MSG SIZE  rcvd: 118
  
  ---
  
  $ dig +tcp +all @9.9.9.9 database.clamav.net
  
  ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all 
@9.9.9.9 database.clamav.net
  ; (1 server found)
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29165
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
  
  ;; QUESTION SECTION:
  ;database.clamav.net. IN  A
  
  ;; ANSWER SECTION:
  database.clamav.net.  60  IN  CNAME   
database.clamav.net.cdn.cloudflare.net.
  database.clamav.net.cdn.cloudflare.net.   300 IN A 104.16.218.84
  database.clamav.net.cdn.cloudflare.net.   300 IN A 104.16.219.84
  
  ;; Query time: 91 msec
  ;; SERVER: 9.9.9.9#53(9.9.9.9)
  ;; WHEN: Mon Sep 20 15:30:17 2021
  ;; MSG SIZE  rcvd: 118
  
  ---
  
  $ dig +tcp +all @71.243.0.12 database.clamav.net
  
  ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all 
@71.243.0.12 database.clamav.net
  ; (1 server found)
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12056
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
  
  ;; QUESTION SECTION:
  ;database.clamav.net. IN  A
  
  ;; ANSWER SECTION:
  database.clamav.net.  60  IN  CNAME   
database.clamav.net.cdn.cloudflare.net.
  database.clamav.net.cdn.cloudflare.net.   144 IN A 104.16.218.84
  database.clamav.net.cdn.cloudflare.net.   144 IN A 104.16.219.84
  
  ;; Query time: 16 msec
  ;; SERVER: 71.243.0.12#53(71.243.0.12)
  ;; WHEN: Mon Sep 20 15:21:39 2021
  ;; MSG SIZE  rcvd: 118



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV

Re: [clamav-users] QNAP Antivirus Updates

2021-09-20 Thread Joel Esler (jesler) via clamav-users



> On Sep 20, 2021, at 13:08, Paul Kosinski via clamav-users 
>  wrote:
> 
> These two IPs are Anycast addresses, and have been unchanged for well over 2 
> years. (Anycast addresses don't have to change even if the physical servers 
> change, that's their point!) They are:
> 
>  104.16.218.84
>  104.16.219.84
That’s what they are for you.  Cloudflare routes you to the closest pop to your 
network.  Your mileage may vary


> I don't know if they are appropriate for non-freshclam ways of obtaining the 
> updates, e.g., updating a mirror. (And I don't know if they work world-wide.)

FreshClam or cvdupdate.  That’s what we recommend, that’s what we enforce.  Use 
one of those two or risk being cut off completely in the future.

smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] QNAP Antivirus Updates

2021-09-20 Thread Paul Kosinski via clamav-users

On Mon, 20 Sep 2021 08:18:01 +0100 (BST)
"G.W. Haywood via clamav-users"  wrote:

> Hi there,
> 
> On Sun, 19 Sep 2021, Gregory Poveda via clamav-users wrote:
> 
> > I have several QNAPs  
> 
> It might be worth searching for 'QNAP' in the list archives.  At least
> some of those devices will struggle to run ClamAV - or rather, ClamAV
> out of the box - for lack of memory.
> 
> > on a locked down network that have the Clamav.net antivirus package/
> > software installed. Something changed on the 16th and I have been
> > unable to get updates. I have an ACL that blocks all traffic on this
> > network unless I define its IPs/DNS addresses. I had set the two DNS
> > addresses that I had detected back in March in the ACL, those are as
> > follows: clamav.net (199.62.84.153) which appears to check if the
> > database as an update and database.clamav.net (198.148.79.54) which
> > has the update file.  
> 
> If you don't mind my saying so, that's a fragile setup.  IPs can and
> do change without notice.
> 
> > Did the DNS names change or has the database stopped providing
> > updates?  
> 
> Check the very recent thread  "Virus DB  updates?".

=

Using an ACL mechanism that uses DNS names to allow outbound traffic strikes me 
as also a setup that is either fragile or very slow. Either it does a DNS 
lookup when started, so if the DNS->IP map changes while it's running, you 
lose. Or it does a reverse DNS (PTR) lookup for every outbound SYN to see if 
it's OK, and it's slow.

In my case, I use iptables (on Linux) to block almost all outbound TCP from 
select servers, and I use two IP addresses (only) to allow ClamAV update 
traffic, from/to freshclam.

These two IPs are Anycast addresses, and have been unchanged for well over 2 
years. (Anycast addresses don't have to change even if the physical servers 
change, that's their point!) They are:

  104.16.218.84
  104.16.219.84

I don't know if they are appropriate for non-freshclam ways of obtaining the 
updates, e.g., updating a mirror. (And I don't know if they work world-wide.)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] QNAP Antivirus Updates

2021-09-20 Thread G.W. Haywood via clamav-users


Hi there,

On Sun, 19 Sep 2021, Gregory Poveda via clamav-users wrote:


I have several QNAPs


It might be worth searching for 'QNAP' in the list archives.  At least
some of those devices will struggle to run ClamAV - or rather, ClamAV
out of the box - for lack of memory.


on a locked down network that have the Clamav.net antivirus package/
software installed. Something changed on the 16th and I have been
unable to get updates. I have an ACL that blocks all traffic on this
network unless I define its IPs/DNS addresses. I had set the two DNS
addresses that I had detected back in March in the ACL, those are as
follows: clamav.net (199.62.84.153) which appears to check if the
database as an update and database.clamav.net (198.148.79.54) which
has the update file.


If you don't mind my saying so, that's a fragile setup.  IPs can and
do change without notice.


Did the DNS names change or has the database stopped providing
updates?


Check the very recent thread  "Virus DB  updates?".

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] QNAP Antivirus Updates

2021-09-19 Thread Gregory Poveda via clamav-users

Hello, 

I have several QNAPs on a locked down network that have the Clamav.net 
 antivirus package/software installed. Something changed on 
the 16th and I have been unable to get updates. I have an ACL that blocks all 
traffic on this network unless I define its IPs/DNS addresses. 

I had set the two DNS addresses that I had detected back in March in the ACL, 
those are as follows: clamav.net  (199.62.84.153) which 
appears to check if the database as an update and database.clamav.net 
 (198.148.79.54) which has the update file. Did 
the DNS names change or has the database stopped providing updates? 


Thanks,
Gregory Poveda
OIT - Network Infrastructure
VBH M1D
Cell: (865) 250-0290
Office: (256) 824-7656
gap0...@uah.edu


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] QNAP Antivirus Updates

Re: [clamav-users] QNAP Antivirus Updates

Re: [clamav-users] QNAP Antivirus Updates

Re: [clamav-users] QNAP Antivirus Updates

Re: [clamav-users] QNAP Antivirus Updates

Re: [clamav-users] QNAP Antivirus Updates

Re: [clamav-users] QNAP Antivirus Updates

Re: [clamav-users] QNAP Antivirus Updates

Re: [clamav-users] QNAP Antivirus Updates

[clamav-users] QNAP Antivirus Updates

10 matches

Site Navigation

Mail list logo

Footer information