Basically, you are absolutely right.
That it can be possible, that the dig client differ in each of the Distros was
not clear to me, good to know - thank you.
Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Lyle Giese <mailto:l...@lcrcomputer.net>
Gesendet / Sent: Mittwoch, Januar 08, 2025 um 15:34 (at 03:34 PM) +0100
Betreff / Subject: Re: [clamav-users] 1. What causes cool blocking by
clamav 2. Freshclam
If you notice the answer I am getting is from one of my internal network
recursive DNS servers running Bind 9.18.27 built from source and may
well have different options setup in named.conf.
In addition my dig client is from Debian repos and yours is from Ubuntu
repos. There can be many minor differences, but I suspect it's
different versions and options in the named daemon running in our
different environments.
But the question for the original poster, is freshclam does DNS queries
that look for these TXT records to determine if an update is available
and the request for those TXT records(via DNS) appears to be failing.
Regards,
Lyle Giese
On 1/7/25 17:22, newcomer01 via clamav-users wrote:
funny, my stats looking little different, then yours
$ dig txt current.cvd.clamav.net
; <<>> DiG 9.18.28-0ubuntu0.24.04.1-Ubuntu <<>> txt
current.cvd.clamav.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16050
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;current.cvd.clamav.net. IN TXT
;; ANSWER SECTION:
current.cvd.clamav.net. 230 IN TXT
"0.103.12:62:27511:1736288940:1:90:49192:335"
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Wed Jan 08 00:18:09 CET 2025
;; MSG SIZE rcvd: 107
but it worked, you see the COOKIE is missing in my case
Von / From: Clamav User Mailinglist
<mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Lyle Giese <mailto:l...@lcrcomputer.net>
Gesendet / Sent: Dienstag, Januar 07, 2025 um 23:56 (at 11:56 PM)
+0100
Betreff / Subject: Re: [clamav-users] 1. What causes cool blocking
by clamav 2. Freshclam
I could be all wrong on this, but it looks to me like DNS issues.
I can ask for the TXT record for current.cvd.clamav.net and get a
good response. I suspect you can not query for the current version
record for some reason.
Lyle Giese
$dig txt current.cvd.clamav.net
; <<>> DiG 9.16.50-Debian <<>> txt current.cvd.clamav.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18821
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 7a86423e6cc2510b01000000677db0b69d01108403a168a5 (good)
;; QUESTION SECTION:
;current.cvd.clamav.net. IN TXT
;; ANSWER SECTION:
current.cvd.clamav.net. 1534 IN TXT
"0.103.12:62:27511:1736288940:1:90:
49192:335"
;; Query time: 0 msec
;; SERVER: 192.168.250.1#53(192.168.250.1)
;; WHEN: Tue Jan 07 16:54:46 CST 2025
;; MSG SIZE rcvd: 135
On 1/7/25 12:39, koffie via clamav-users wrote:
don't believe that here isn't enough .interest to get answer.
Again: Anybody who can reply if there is access to this post?
-------- Forwarded Message --------
Subject: 1. What causes cool blocking by clamav 2.
Date: Mon, 6 Jan 2025 23:42:42 +0100
From: koffie <kof...@gmx.net>
To: clamav-users@lists.clamav.net
Hello
1.
I've never got an answer on cool blocking by clamav.
That happened last december.
Instead I was sent to cloudflare and Honeypot.
All didn't explain and didn't do anything.
At the beginning I've tried to ask M.Snyder who is involved with that
topic but he refused to get in touch too.
What causes cool blocking by clamav.
2.No update possible with freshclam.
WARNING: Can't query current.cvd.clamav.net
Sun Jan 5 10:20:08 2025 -> WARNING: Invalid DNS reply. Falling back to
HTTP mode.
Sun Jan 5 10:20:08 2025 -> Trying to retrieve CVD header from
https://database.clamav.net/daily.cvd
Sun Jan 5 10:20:08 2025 -> WARNING: remote_cvdhead: Download failed
(6)
Sun Jan 5 10:20:08 2025 -> WARNING: Message: Could not resolve
hostname
Sun Jan 5 10:20:08 2025 -> WARNING: Failed to get daily database
version information from server: https://database.clamav.net
Sun Jan 5 10:20:08 2025 -> ERROR: check_for_new_database_version:
Failed to find daily database using server https://database.clamav.net.
Sun Jan 5 10:20:08 2025 -> Trying again in 5 secs...
I've seen two log files on several programs.
There is permanent struggle with browser redirection a.s.o.
Need support.
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
