It does not appear to be ignoring the TTL, but the TTL appears to be 60.
freshclam seems to wait for 5 seconds between attempts so the 3 attempts to
download will fall within the TTL of the DNS results.
Sample squidclient mgr:ipcache entry:
Hostname Flg lstref TTL N(b)
db.us.clamav.net 5 55 9( 0)
72.21.91.8-OK
I think this doesn't affect freshclam normally because it sends a DNS request
for each attempt, and the nameserver appears to rotate the names for each
request.
Just to pass it on - balance_on_multiple_ip appears not to be functional in
squid anymore: https://bugs.squid-cache.org/show_bug.cgi?id=4691 and for a
fairly good reason I suppose, but does work against freshclam.
At this point I'd like to increase the 5 second delay between download
attempts (to allow the DNS cache to expire) but that appears to be hard coded.
And still having persistent problems with 72.21.91.8 as reported here:
https://bugzilla.clamav.net/show_bug.cgi?id=12068
On 03/28/2018 05:50 PM, Dennis Peterson wrote:
> If your proxy ignores the TTL for the mirrors then quite likely things will
> grind to a halt for you. All the mirrors are in round-robin dns pools.
>
> dp
>
> On 3/27/18 4:32 PM, Orion Poplawski wrote:
>> On 03/27/2018 05:21 PM, Al Varnell wrote:
>>> Using the same IP each time with failure will also cause mirrors.dat to
>>> temporarily block that IP's use for some period of time. That will require
>>> you to trash mirrors.dat and allow it to be rebuilt at the next check.
>>>
>>> -Al-
>> I don't think mirrors.dat comes into play here as the proxy is doing the dns
>> lookup, not freshclam.
>>
>>> On Tue, Mar 27, 2018 at 03:40 PM, Orion Poplawski wrote:
>>>> On 03/27/2018 03:13 PM, Orion Poplawski wrote:
>>>>> Thanks for the response.
>>>>>
>>>>> I ended up switching freshclam to use our proxy servers and increasing the
>>>>> ConnectTimeout to 60 seconds. This has helped a bit, but I still get the
>>>>> occasional issue. Latest was trying to get daily-24426.cdiff from
>>>>> 72.21.91.8
>>>>> around Tue Mar 27 13:31:14 2018 PDT. These are annoying because they
>>>>> generate
>>>>> emails.
>>>> This was exacerbated by squid continuing to use the same IP address for the
>>>> connection each time freshclam retried the download. I'm trying enabling
>>>> http://www.squid-cache.org/Doc/config/balance_on_multiple_ip/
>>>> <http://www.squid-cache.org/Doc/config/balance_on_multiple_ip/> to see if
>>>> that
>>>> helps.
>>>
>>>
>>>
>>> _______________________________________________
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
