On Thu, 23 Jun 2005, Luca Gibelli wrote:
Hello Damian Menscher,
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.86 Recommended version: 0.85.1
Any ideas what's going on?
Don't worry about it... apparently the human updating the DNS record
just goofed, but it looks like it's already been fixed.
[snip]
Then they enable the warnings. (In this case it appears they enabled
warnings but forgot to update the dns record to 0.86, so it warned
people to move to 0.85.1.)
No, I didn't.
I don't know what the cause of the warning message was, but it was not
a change in the dns record for sure.
In fact the "flag" to enable warnings has always been 0 since the
release of 0.86.
In that case, we have a serious problem.
The ONLY way this message could come about is if the DNS TXT record for
current.cvd.clamav.net was formatted as "0.85.1:32:954:timestamp:#"
where timestamp was greater than Jun 23 02:37:01 GMT (3 hours before I
saw the problem) and the final # was a character other than 0 (or didn't
exist at all).
So, if you didn't do it, and none of the other team-members did it, then
who did? This raises an interesting issue: if an attacker figures out
how to poison the DNS server, nobody would get updates. As unlikely as
that seems, it makes me wonder if we should consider having a backup DNS
server, or even configure clients to do the HTTP check for updates (on a
very limited basis, like once a day).
(BTW, this was reported in #clamav, here, and I saw it in my own logs.
So it wasn't just a fluke of someone's local DNS server getting confused
and giving the wrong info. Also, the fact that the timestamp was
correct indicates this was a deliberate change, not the appearance of
some ancient cached data from before 0.86.)
Some timestamps (in GMT) for the record:
I saw the problem at 05:37:01, but not at 05:52:00. Bill saw it at
05:52:07. And lizdeika on IRC reported it at 06:10, though presumably
it had seen it earlier than that.
Damian Menscher
--
-=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
