It's possible. But, unless there is a vocal minority that no one is chiming in about, you are the only person/group that I have heard complain about the issue...
Millions of people are getting updates from Cloudflare a day, so something is working correctly, and there's been no configuration changes on our side. If you receive Cloudflare blocks then that's a different story. On Nov 20, 2018, at 1:55 PM, Paul Kosinski <clamav-us...@iment.com<mailto:clamav-us...@iment.com>> wrote: We are using a local mirror to reduce Internet traffic and (mainly) to reduce load on the ClamAV servers. It is *only* the "master" (Internet-connected) ClamAV that sees these delays, where the DNS TXT record advertises updates before whatever Cloudflare server we (are unlucky enough to) actually hit has the files available for download. The other ClamAVs on our LAN use an approach wherein the mirror server (on the "master" ClamAV machine) simply reports when new cvd (etc.) files are available locally. It is only the "master" ClamAV that periodically does a DNS TXT query to decide whether to run freshclam, whose source is the ClamAV (Clouflare) server. If it does this immediately when the DNS TXT records suggests, freshclam sometimes fails, complaining about things being out of sync. (That's when I added the curl prefetch to see if the file really was what the DNS TXT said.) All this has nothing to do with our local mirroring, Somebody suggested that our ISP (Comcast) may be proxying / caching the ClamAV files -- and doing it badly. If that's the case, I don't know what we can do about it. On Tue, 20 Nov 2018 13:09:54 +0000 "Joel Esler (jesler)" <jes...@cisco.com<mailto:jes...@cisco.com>> wrote: Any particular reason that you are using a local mirror? I mean, if not strictly necessary, just point it at our mirrors and call it a day. I've talked to a couple people off list in the last few days that were experiencing errors or delays, and 100% of them were using local proxies or mirrors. One was because the proxy didn't know how to address "HTTP/1.0" (Instead of "HTTP/1.1"). So it could be the smallest of issues, eliminate any issues that are not strictly relevant. -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com On Nov 19, 2018, at 9:25 PM, Paul Kosinski <clamav-us...@iment.com> wrote: Our Internet-facing ClamAV sits on our gateway/firewall and serves as our local mirror. It accesses the Internet via the NIC whose IP address is 10.11.14.160. (We used to have two NICs connected to the Internet, but now only have one, so this is historical only.) The msg "Using ip '10.11.14.160' for fetching" is produced by the freshclam binary itself and derives from our freshclam.conf entry: # Use aaa.bbb.ccc.ddd as client address for downloading databases. # Useful for multi-homed systems. # Default: Use OS'es default outgoing IP address. LocalIPAddress 10.11.14.160 No matter, are we so unlucky -- only 1 out of 3M -- in having the sync errors reappear? Or are we simply one of far fewer users who log (and actually examine) their entire freshclam output? P.S. I have very recently updated our clamavs to 0.100.2. I wonder if that will improve things in this regard. On Thu, 15 Nov 2018 19:40:43 +0000 "Joel Esler (jesler)" <jes...@cisco.com> wrote: Judging by the 60+TB of traffic we are transferring a day, it's working for at least 3M+ users. On Nov 15, 2018, at 1:34 PM, Dennis Peterson <denni...@inetnw.com> wrote: On 11/13/18 12:04 PM, Paul Kosinski wrote: "Why are you looking at October reports?" It was the first one. And it also shows that the problem began *before* 0.100.1 was deemed OUTDATED. So, here's one from this morning. I also have 4 from yesterday, 3 from Sunday Nov 11 etc. Posting them all would be a bit tedious. What does this line mean - that is, what is fetching from that IP? Local mirror? Using ip '10.11.14.160' for fetching. And we're having a completely different experience here with reliability over the same time span: Mirror #1 IP: 104.16.189.138 Successes: 19 Failures: 0 Last access: Thu Nov 15 07:01:02 2018 Ignore: No ------------------------------------- Mirror #2 IP: 104.16.186.138 Successes: 19 Failures: 0 Last access: Wed Nov 14 23:01:03 2018 Ignore: No ------------------------------------- Mirror #3 IP: 104.16.185.138 Successes: 18 Failures: 0 Last access: Mon Nov 12 21:05:32 2018 Ignore: No ------------------------------------- Mirror #4 IP: 104.16.187.138 Successes: 18 Failures: 0 Last access: Sun Nov 11 01:07:46 2018 Ignore: No ------------------------------------- Mirror #5 IP: 104.16.188.138 Successes: 19 Failures: 0 Last access: Mon Nov 12 14:03:05 2018 Ignore: No _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
