Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-26 Thread Dennis Peterson
I think these reports don't tell you what you think they mean. In fact they're pretty much meaningless. The two different servers have different versions of the signature. That is perfectly normal - there is simply zero chance and it is naive to think they will always be fully synced in the

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-26 Thread Joel Esler (jesler)
The "out of date at one mirror" issue you are speaking of is fine. Once someone requests a file, it is cached at that POP site. All further requests to other POPs then check "sister" POP sites to see if the other POP sites have the file first, then download it laterally from one POP to

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-26 Thread Paul Kosinski
I believe that the delays we have been observing are due to some problem with the Boston Cloudflare servers, or, perhaps, Comcast has a "transparent" caching proxy which is causing us trouble. I recently installed the same build and configuration of ClamAV 0.100.2 on our Web server, a virtual

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-23 Thread Paul Kosinski
"I might be a little late to the party here, but are you saying that 10.11.14.160 is the IP address which the Cloudflare servers see?" Sorry, I left out a bit. The 10.11.14.160 is the address assigned to a NIC on our firewall / gateway / internal router machine, but that NIC is connected to a

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-23 Thread Paul Kosinski
"But the OP has *refused* to consider trying that." Nonsense! I did, of course, do that for a while, in a desperate attempt to get any updates at all. But it seemed like an incredibly crude way to try to get back to the pre-Cloudflare behavior when updates didn't regularly fail (and eventually

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-23 Thread G.W. Haywood
Hi there, On Thu, 22 Nov 2018, Paul Kosinski wrote: I wonder how many users of ClamAV actually log their freshclam updates. I've been using ClamAV for more than a decade. I've already said on the list that I log all freshclam updates and that in general my experience is that the mirrors are

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-23 Thread Joel Esler (jesler)
The “be” error was my fault. Plain and simple. I misconfigured a dns entry. Sent from my  iPhone On Nov 23, 2018, at 04:28, Pierre Dehaen wrote: >> On 11/22/18 8:51 PM, Paul Kosinski wrote: >> I wonder how many users of ClamAV actually log their freshclam updates. >> Those who don't

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-23 Thread Gary R. Schmidt
On 23/11/2018 22:45, Gene Heskett wrote: On Friday 23 November 2018 03:43:40 Dennis Peterson wrote: On 11/22/18 8:51 PM, Paul Kosinski wrote: I wonder how many users of ClamAV actually log their freshclam updates. Those who don't likely won't notice freshclam temporary failures due to an

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-23 Thread Gene Heskett
On Friday 23 November 2018 03:43:40 Dennis Peterson wrote: > On 11/22/18 8:51 PM, Paul Kosinski wrote: > > I wonder how many users of ClamAV actually log their freshclam > > updates. Those who don't likely won't notice freshclam temporary > > failures due to an out-of-sync condition. > > I just

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-23 Thread Pierre Dehaen
> On 11/22/18 8:51 PM, Paul Kosinski wrote: > I wonder how many users of ClamAV actually log their freshclam updates. > Those who don't likely won't notice freshclam temporary failures due > to an out-of-sync condition. I do log and do analyze all logs on all servers everyday, sometimes every

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-23 Thread Dennis Peterson
On 11/22/18 8:51 PM, Paul Kosinski wrote: I wonder how many users of ClamAV actually log their freshclam updates. Those who don't likely won't notice freshclam temporary failures due to an out-of-sync condition. I just checked logs on two systems dating from July 1 and see no failures. I

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-22 Thread Paul Kosinski
I was just looking at freshclam.conf.sample in 0.101.2, and it looks like *all* logging is disabled by default (back to 0.98.6, at least). I wonder how many users of ClamAV actually log their freshclam updates. Those who don't likely won't notice freshclam temporary failures due to an out-of-sync

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-20 Thread Joel Esler (jesler)
It's possible. But, unless there is a vocal minority that no one is chiming in about, you are the only person/group that I have heard complain about the issue... Millions of people are getting updates from Cloudflare a day, so something is working correctly, and there's been no configuration

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-20 Thread Paul Kosinski
We are using a local mirror to reduce Internet traffic and (mainly) to reduce load on the ClamAV servers. It is *only* the "master" (Internet-connected) ClamAV that sees these delays, where the DNS TXT record advertises updates before whatever Cloudflare server we (are unlucky enough to) actually

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-20 Thread Paul Kosinski
I think you misunderstand. The 'LocalIPAddress' is the *outgoing* IP address: i.e., the address assigned to the NIC. (This used to be important when we had two Internet connections.) The 'LocalIPAddress' has nothing to do with the IP address that freshclam tries to get the cvds etc. *from*.

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-20 Thread Joel Esler (jesler)
Any particular reason that you are using a local mirror? I mean, if not strictly necessary, just point it at our mirrors and call it a day. I've talked to a couple people off list in the last few days that were experiencing errors or delays, and 100% of them were using local proxies or

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-19 Thread Benny Pedersen
Paul Kosinski skrev den 2018-11-20 03:25: # Use aaa.bbb.ccc.ddd as client address for downloading databases. # Useful for multi-homed systems. # Default: Use OS'es default outgoing IP address. LocalIPAddress 10.11.14.160 comment that line No matter, are we so unlucky -- only 1 out

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-19 Thread Paul Kosinski
Our Internet-facing ClamAV sits on our gateway/firewall and serves as our local mirror. It accesses the Internet via the NIC whose IP address is 10.11.14.160. (We used to have two NICs connected to the Internet, but now only have one, so this is historical only.) The msg "Using ip '10.11.14.160'

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-15 Thread Joel Esler (jesler)
Judging by the 60+TB of traffic we are transferring a day, it's working for at least 3M+ users. > On Nov 15, 2018, at 1:34 PM, Dennis Peterson wrote: > > On 11/13/18 12:04 PM, Paul Kosinski wrote: >> "Why are you looking at October reports?" >> >> It was the first one. And it also shows that

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-15 Thread Dennis Peterson
On 11/13/18 12:04 PM, Paul Kosinski wrote: "Why are you looking at October reports?" It was the first one. And it also shows that the problem began *before* 0.100.1 was deemed OUTDATED. So, here's one from this morning. I also have 4 from yesterday, 3 from Sunday Nov 11 etc. Posting them all

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-13 Thread Paul Kosinski
"Why are you looking at October reports?" It was the first one. And it also shows that the problem began *before* 0.100.1 was deemed OUTDATED. So, here's one from this morning. I also have 4 from yesterday, 3 from Sunday Nov 11 etc. Posting them all would be a bit tedious.

Re: [clamav-users] ClamAV mirrors have gotten worse!

2018-11-13 Thread Dennis Peterson
On 11/12/18 6:28 PM, Paul Kosinski wrote: As some of you may remember, I "solved" the problems of the Cloudflare mirrors being out of sync by not relying on what version the DNS TXT record reports, but double checking it by retrieving the head of the CVD file via curl. Why are you looking at