My proxy had stale cache data as shown in the last post and that is why I was
seeing what appeared to be an active site. I should have explained better in
that post rather than assume everyone knows what squid logs show us. The stats
site web server is down but clamav.net DNS is providing the IP to what is now a
ghost server somewhere in Germany that responds to a ping. That's a bad idea
because that IP could be repurposed in alarming ways. The clamav.net NS records
need to be updated to reflect the current configuration - that is to say
stats.clamav.net along with the www cname should be dropped or repointed to a
Sourcefire web server page that explains the situation. That's why I say the DNS
is wonky.
dp
On 3/19/16 1:08 PM, Yuri Voinov wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Are you really sure this host is works?
root @ cthulhu / # dig www.stats.clamav.net
; <<>> DiG 9.6-ESV-R11-P4 <<>> www.stats.clamav.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37863
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.stats.clamav.net. IN A
;; ANSWER SECTION:
www.stats.clamav.net. 86400 IN CNAME vm01.stats.clamav.net.
vm01.stats.clamav.net. 86400 IN A 188.40.140.240
;; Query time: 547 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 20 02:03:03 ALMT 2016
;; MSG SIZE rcvd: 73
root @ cthulhu / # ping 188.40.140.240
188.40.140.240 is alive
root @ cthulhu / # telnet 188.40.140.240 80
Trying 188.40.140.240...
telnet: Unable to connect to remote host: Connection refused
root @ cthulhu / # telnet 188.40.140.240 443
Trying 188.40.140.240...
telnet: Unable to connect to remote host: Connection refused
I remember it uses Open ID as authenthcation.
But this host is not listening port 80 or 443 as shown above.
19.03.16 21:51, Dennis Peterson ?????:
The DNS configuration for www.stats.clamav.net are suspect
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJW7bG3AAoJENNXIZxhPexGkP0IAMW37bTc3/qi3lm4tIHxxUdY
bNT+JnbEeQmY6XJ7XMnYrL6RxuDsGumk2VgIONg49/arc5o667/ODBxc0/mlXBLr
W9ELIapF+wSCyUYnH3StkphjeyQyiAWZkgiEkMoZo7RPfghnnt9UbEvIoEcrpd/k
I6jYZcTAKrruGmm/WqTGYdkziet2Ys4QDGIcjJjY997TUt7/dW6/Nz0Mcxc0qTtc
/QaywmHEx83Ec0O0tu1YAqkZ7aVQj77IMEVp4jSJo49oGdIon/igyrAmJflSVRTE
7Yml/u2ReJEBTfLcYPgx4cvauaEwbxX6DB8m1gH9TvAWdCNcPzcj6npdC687fz8=
=Vi7E
-----END PGP SIGNATURE-----
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
