Re: [clamav-users] Is ClamAV Community Threat Tracking System down?

[Dennis Peterson]

The DNS configuration for www.stats.clamav.net are suspect. I just looked at the 
squid logs and see this:

1458401557.097    598  TCP_CLIENT_REFRESH_MISS/503 890 GET 
http://www.stats.clamav.net/ - DIRECT/188.40.140.240 text/html

1458401566.520    599 TCP_REFRESH_HIT/200 1431 GET http://www.stats.clamav.net/ 
- DIRECT/188.40.140.240 text/html
1458401567.162    597 TCP_REFRESH_HIT/200 7030 GET 
http://www.stats.clamav.net/js/openid-jquery.js - DIRECT/188.40.140.240 
application/javascript
1458401567.239    719 TCP_REFRESH_HIT/200 1104 GET 
http://www.stats.clamav.net/css/openid.css - DIRECT/188.40.140.240 text/css
1458401567.351    786 TCP_REFRESH_HIT/200 56215 GET 
http://www.stats.clamav.net/js/jquery-1.2.6.min.js - DIRECT/188.40.140.240 
application/javascript

Follow the DNS trail.

The URIs shown in the squid log are part of the results I see which is a login 
page that requires some kind of social media login. An ID scraper, perhaps.

dp

On 3/19/16 8:22 AM, Yuri Voinov wrote:


_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml