Re: [clamav-users] Yet Another US Mirror Issue

Tue, 13 Sep 2011 13:16:28 -0700 

Hi--

On Sep 13, 2011, at 12:49 PM, Bryan Burke wrote:
>> - Which always seems to be the first one checked
> 
> Actual issue. Perhaps DNS caching is a factor? If freshclam checks often 
> enough, then
> perhaps the cache entry never dies, and you get the same order every time?

Running "dig db.us.clamav.net" a few times shows that the nameserver responses 
are rotating the resource records; and even if it didn't, well-behaved resolver 
clients ought to rotate through multiple valid IPs returned by 
gethostbyname()/getaddrinfo() for a hostname anyway.

>> - And has never successfully connected for over two weeks
> 
> Other than an announcement to the list that there may be problems with one of 
> the mirrors,
> this seems to be an issue primarily between those users who encountered said 
> error (and
> caused them distress) and the mirror admins, not the whole list. However, 
> maybe I'm wrong
> and many readers of the list appreciate seeing the back-and-forth.
> 
> P.S. - My goal is to try to limit the scope of this thread a little more, so 
> it stays
> focused and relevant. As a side-line user on this list, I feel it had long 
> since gotten
> out-of-hand.

I admire your goal of focussing on the problem, which I why I'll reply to this 
rather than other emails.  :-)

This being said, there is definitely a recurring issue with this particular 
mirror.  Since Aug 22, I've seen:

% grep "Can't connect to port 80 of host database.clamav.net (IP: 
88.198.67.125)" /var/log/freshclam.log | wc -l
      27

...with zero successful connections to that IP.  The connectivity failure is 
entirely reproducible by hand:

% telnet 88.198.67.125 80
Trying 88.198.67.125...
telnet: connect to address 88.198.67.125: Connection refused
telnet: Unable to connect to remote host

I don't consider this to be a significant problem since other mirrors are up, 
but it's not a matter of bandwidth or connectivity on my side.  As it happens, 
I'm testing from Cupertino, CA via Apple's 17.0.0.0/8 network, and from a 
Time-Warner cable link from NYC, NY on 24.103.0.0/16.

However, as a workaround it should be possible for folks to manually set 
DatabaseMirror in freshclam.conf to specific IPs from db.us.clamav.net, or 
perhaps switch to using db.ca.clamav.net, db.mx.clamav.net, or similar.

Regards,
-- 
-Chuck

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Reply via email to