Re: [clamav-users] Yet Another US Mirror Issue

Tue, 13 Sep 2011 14:29:22 -0700 

> % grep "Can't connect to port 80 of host database.clamav.net (IP: 
> 88.198.67.125)" /var/log/freshclam.log | wc -l
>       27

Interesting. When I just grep for the IP in my logs:

    ib /var/log # grep 88.198.67.125 maillog* | wc -l
    12

    ren /var/log # grep 88.198.67.125 maillog* | wc -l
    5

    ba /var/log # grep 88.198.67.125 maillog* | wc -l
    12

That represents 7 days worth of logs, across three servers. That averages to 
~10/day. Note
that my systems are configured for the default, which is 12 DB update checks 
per day.
Since freshclam doesn't seem to log the IP (by default, at least) when the 
update succeeds
(or there is no update), I have no good way of checking how many times 
88.198.67.125 is
queried.

However, my numbers indicate, on average, about 1 in 7 checks end up querying 
that IP, and
it fails. If we're fairly confident that it's consistently failing, then we can 
infer that
freshclam isn't routinely querying it, i.e. that the randomization of the 
mirrors via DNS
seems to be working reasonably well (I remember someone questioning the 
"randomness" of
the queries).

> ...with zero successful connections to that IP.  The connectivity failure is 
> entirely reproducible by hand:
> 
> % telnet 88.198.67.125 80
> Trying 88.198.67.125...
> telnet: connect to address 88.198.67.125: Connection refused
> telnet: Unable to connect to remote host

I should say that when I did this, I got the same, but the connection seemed to 
be timing
out, not being refused (despite what telnet says). Was it the same for you?

I ask because that would indicate either that the web server on that IP is 
down, or that
some firewall is silently dropping packets.

> I don't consider this to be a significant problem since other mirrors are up, 
> but it's not a matter of bandwidth or connectivity on my side.  As it 
> happens, I'm testing from Cupertino, CA via Apple's 17.0.0.0/8 network, and 
> from a Time-Warner cable link from NYC, NY on 24.103.0.0/16.

Not that it'll be the same everywhere if it's even remotely random, but 1/7 
failures isn't
a significant problem for me.

-- 
Bryan Burke
IT Administrator
Department of Electrical Engineering and Computer Science
University of Tennessee, Knoxville
bbu...@eecs.utk.edu
(865) 974-4694
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Reply via email to