-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Well, so? ClamAV Community Threat Tracking System is down?
The answer is yes or no? 20.03.16 2:24, Dennis Peterson ?????: > My proxy had stale cache data as shown in the last post and that is why I was > seeing what appeared to be an active site. I should have explained better in that post rather than assume everyone knows what squid logs show us. The stats site web server is down but clamav.net DNS is providing the IP to what is now a ghost server somewhere in Germany that responds to a ping. That's a bad idea because that IP could be repurposed in alarming ways. The clamav.net NS records need to be updated to reflect the current configuration - that is to say stats.clamav.net along with the www cname should be dropped or repointed to a Sourcefire web server page that explains the situation. That's why I say the DNS is wonky. > > dp > > On 3/19/16 1:08 PM, Yuri Voinov wrote: > root @ cthulhu / # dig www.stats.clamav.net > > ; <<>> DiG 9.6-ESV-R11-P4 <<>> www.stats.clamav.net > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37863 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;www.stats.clamav.net. IN A > > ;; ANSWER SECTION: > www.stats.clamav.net. 86400 IN CNAME vm01.stats.clamav.net. > vm01.stats.clamav.net. 86400 IN A 188.40.140.240 > > ;; Query time: 547 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Sun Mar 20 02:03:03 ALMT 2016 > ;; MSG SIZE rcvd: 73 > > root @ cthulhu / # ping 188.40.140.240 > 188.40.140.240 is alive > root @ cthulhu / # telnet 188.40.140.240 80 > Trying 188.40.140.240... > telnet: Unable to connect to remote host: Connection refused > root @ cthulhu / # telnet 188.40.140.240 443 > Trying 188.40.140.240... > telnet: Unable to connect to remote host: Connection refused > > I remember it uses Open ID as authenthcation. > > But this host is not listening port 80 or 443 as shown above. > > 19.03.16 21:51, Dennis Peterson ?????: > >>> The DNS configuration for www.stats.clamav.net are suspect >> >> _______________________________________________ >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJW7bYwAAoJENNXIZxhPexGN4wH/AprgR+vBAneOsfGctmeCOkn 7nWw9gamyzKkVDCEzRJ6lvRiBajlRmRjvZ5Ma3BZCK3pePBbYvy6pydIrkqK7U0V oJ0agg0khGf5PZxhMCGO/7dy/jWagRcdSw+rXIto76yv8jsoFbTZEI60y93HalxT SfKlcCtT7DguIosrh4QgA0rbN7At7xLgcndYV4OHgjFRqKyLsfBbVdtMX0hZLfMa vvtqNsQ5y/RD6hUwOAnym0R8A1I6MtkFCBbEnrT5gRjgaLsv5eeV++p4o7jt+LTs IQbqWMTOE3P/uVdvDWk4r0/kppTWrd18LxqbmZE7iFs4V4GPREKq074bY+n2x0E= =4L3E -----END PGP SIGNATURE----- _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
