[clamav-users] messages in freshclam.log
Hello, Recently I found in freshclam.log messages like this: Can't query daily.25671.105.1.0.6810DA54.ping.clamav.net that was occured once per day about 11:30 p.m. Another attempts to update clamav are successfull (before mentioned message and after) but next day this message is repeat. I thought that the reason is connection error with IPv6 mirrors, because output: $ freshclam --list-mirrors Mirror #1 IP: 104.16.219.84 Successes: 53 Failures: 0 Last access: Fri Dec 20 11:29:39 2019 Ignore: No - Mirror #2 IP: 104.16.218.84 Successes: 53 Failures: 0 Last access: Thu Dec 19 11:28:56 2019 Ignore: No - Mirror #3 IP: 2606:4700::6810:da54 Successes: 0 Failures: 1 Last access: Tue Sep 10 11:25:42 2019 Ignore: No - Mirror #4 IP: 2606:4700::6810:db54 Successes: 0 Failures: 1 Last access: Wed Sep 11 11:26:21 2019 Ignore: No So I added these IPv6 clamav mirrors to /etc/clamav/freshclam.conf: DatabaseMirror db.nl.ipv6.clamav.net DatabaseMirror db.fr.ipv6.clamav.net DatabaseMirror db.ch.ipv6.clamav.net DatabaseMirror db.uk.ipv6.clamav.net and restarted freshclam process. But next day mentioned message is still exists in freshclam.log: Can't query daily.25671.105.1.0.6810DA54.ping.clamav.net How it's possible to update clamav without mentioned error? p.s. OS=> Debian 9.11 ClamAV=> 0.101.4+dfsg-0+deb9u1 -- Best wishes, Chertov Vyacheslav ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] messages in freshclam.log
Hi there, On Mon, 23 Dec 2019, Sohin Vyacheslav via clamav-users wrote: Recently I found in freshclam.log messages like this: Can't query daily.25671.105.1.0.6810DA54.ping.clamav.net [...] I thought that the reason is connection error with IPv6 mirrors [...] $ freshclam --list-mirrors Mirror #1 IP: 104.16.219.84 Successes: 53 Failures: 0 [...] Mirror #3 IP: 2606:4700::6810:da54 Successes: 0 Failures: 1 [...] So I added these IPv6 clamav mirrors to /etc/clamav/freshclam.conf: [...] and restarted freshclam process. But next day mentioned message is still exists in freshclam.log: Can't query daily.25671.105.1.0.6810DA54.ping.clamav.net How it's possible to update clamav without mentioned error? Are you sure that you have IPv6 connectivity to the mirrors? -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] messages in freshclam.log
On Mon, 23 Dec 2019, Sohin Vyacheslav via clamav-users wrote: > Date: Mon, 23 Dec 2019 11:18:15 +0200 > From: Sohin Vyacheslav via clamav-users > To: clamav-users@lists.clamav.net > Cc: Sohin Vyacheslav > Subject: [clamav-users] messages in freshclam.log > > Hello, > > Recently I found in freshclam.log messages like this: > Can't query daily.25671.105.1.0.6810DA54.ping.clamav.net > > that was occured once per day about 11:30 p.m. > > Another attempts to update clamav are successfull (before mentioned > message and after) but next day this message is repeat. > > I thought that the reason is connection error with IPv6 mirrors, because > output: > > $ freshclam --list-mirrors > Mirror #1 > IP: 104.16.219.84 > Successes: 53 > Failures: 0 > Last access: Fri Dec 20 11:29:39 2019 > Ignore: No > - > Mirror #2 > IP: 104.16.218.84 > Successes: 53 > Failures: 0 > Last access: Thu Dec 19 11:28:56 2019 > Ignore: No > - > Mirror #3 > IP: 2606:4700::6810:da54 > Successes: 0 > Failures: 1 > Last access: Tue Sep 10 11:25:42 2019 > Ignore: No > - > Mirror #4 > IP: 2606:4700::6810:db54 > Successes: 0 > Failures: 1 > Last access: Wed Sep 11 11:26:21 2019 > Ignore: No > > So I added these IPv6 clamav mirrors to /etc/clamav/freshclam.conf: > > DatabaseMirror db.nl.ipv6.clamav.net > DatabaseMirror db.fr.ipv6.clamav.net > DatabaseMirror db.ch.ipv6.clamav.net > DatabaseMirror db.uk.ipv6.clamav.net > > and restarted freshclam process. But next day mentioned message is still > exists in freshclam.log: > Can't query daily.25671.105.1.0.6810DA54.ping.clamav.net > > How it's possible to update clamav without mentioned error? > > p.s. OS=> Debian 9.11 > ClamAV=> 0.101.4+dfsg-0+deb9u1 Oh that's interesting : [hubble:root]:(~)# freshclam --list-mirrors WARNING: Deprecated option --list-mirrors. Individual mirrors are no longer tracked, as official signature distribution is now done through the CloudFlare CDN. [hubble:root]:(~)# freshclam --version ClamAV 0.102.1/25672/Mon Dec 23 10:53:10 2019 [hubble:root]:(~)# Robert -- Robert M. Stockmann - RHCE Network Engineer - UNIX/Linux Specialist crashrecovery.org st...@stokkie.net ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] messages in freshclam.log
23.12.2019 15:37, G.W. Haywood via clamav-users пишет: Are you sure that you have IPv6 connectivity to the mirrors? $ ping db.nl.ipv6.clamav.net PING db.nl.ipv6.clamav.net.cdn.cloudflare.net (104.16.219.84) 56(84) bytes of data. 64 bytes from 104.16.219.84 (104.16.219.84): icmp_seq=1 ttl=59 time=5.26 ms $ ping db.fr.ipv6.clamav.net PING db.fr.ipv6.clamav.net.cdn.cloudflare.net (104.16.219.84) 56(84) bytes of data. 64 bytes from 104.16.219.84 (104.16.219.84): icmp_seq=1 ttl=59 time=5.20 ms $ ping db.ch.ipv6.clamav.net PING db.ch.ipv6.clamav.net.cdn.cloudflare.net (104.16.219.84) 56(84) bytes of data. 64 bytes from 104.16.219.84 (104.16.219.84): icmp_seq=1 ttl=59 time=5.24 ms $ ping db.uk.ipv6.clamav.net PING db.uk.ipv6.clamav.net.cdn.cloudflare.net (104.16.219.84) 56(84) bytes of data. 64 bytes from 104.16.219.84 (104.16.219.84): icmp_seq=1 ttl=59 time=5.33 ms -- Best wishes, Chertov Vyacheslav ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] messages in freshclam.log
23.12.2019 15:43, Robert M. Stockmann via clamav-users пишет: On Mon, 23 Dec 2019, Sohin Vyacheslav via clamav-users wrote: [hubble:root]:(~)# freshclam --list-mirrors WARNING: Deprecated option --list-mirrors. Individual mirrors are no longer tracked, as official signature distribution is now done through the CloudFlare CDN. [hubble:root]:(~)# freshclam --version ClamAV 0.102.1/25672/Mon Dec 23 10:53:10 2019 [hubble:root]:(~)# $ freshclam --version ClamAV 0.101.4/25672/Mon Dec 23 10:53:10 2019 So you have more fresh version of ClamAV. -- Best wishes, Chertov Vyacheslav ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] messages in freshclam.log
These don’t exist. All of these addresses simply point at database.clamav.net. So, it makes no sense to point them to anything else. Sent from my iPad > On Dec 23, 2019, at 04:19, Sohin Vyacheslav via clamav-users > wrote: > > DatabaseMirror db.nl.ipv6.clamav.net > DatabaseMirror db.fr.ipv6.clamav.net > DatabaseMirror db.ch.ipv6.clamav.net > DatabaseMirror db.uk.ipv6.clamav.net smime.p7s Description: S/MIME cryptographic signature ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] messages in freshclam.log
23.12.2019 16:51, Joel Esler (jesler) пишет: These don’t exist. All of these addresses simply point at database.clamav.net. So, it makes no sense to point them to anything else. Ok, I agree. But what about mentioned message: Can't query daily.25671.105.1.0.6810DA54.ping.clamav.net -- Best wishes, Chertov Vyacheslav ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] messages in freshclam.log
This was mentioned here before, and I can't remember what the status was. For this example: A dig trace leads to: ping.clamav.net.86400 IN NS ns1a.clamav.net. ;; BAD (HORIZONTAL) REFERRAL dig: too many lookups #dig daily.25671.105.1.0.6810DA54.ping.clamav.net @ns1a.clamav.net ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> daily.25671.105.1.0.6810DA54.ping.clamav.net @ns1a.clamav.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61445 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;daily.25671.105.1.0.6810DA54.ping.clamav.net. IN A ;; AUTHORITY SECTION: ping.clamav.net.86400 IN NS ns1a.clamav.net. ;; ADDITIONAL SECTION: ns1a.clamav.net.86400 IN A 198.148.79.38 ns1a.clamav.net.86400 IN 2620:28:c000:0:aba:ca:daba:ee So it's a continuous loop on ns1a.clamav.net to itself as authoritive for ping.clamav.net on NS causing the issue. > -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of Sohin Vyacheslav via clamav-users > Sent: Monday, December 23, 2019 10:16 AM > To: Joel Esler (jesler); ClamAV users ML > Cc: Sohin Vyacheslav > Subject: Re: [clamav-users] messages in freshclam.log > > > > 23.12.2019 16:51, Joel Esler (jesler) пишет: > > These don’t exist. All of these addresses simply point at > database.clamav.net. So, it makes no sense to point them to anything else. > > Ok, I agree. But what about mentioned message: > > Can't query daily.25671.105.1.0.6810DA54.ping.clamav.net > > > -- > Best wishes, > Chertov Vyacheslav > > > ___ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav-milter and "whitelist"
On Mon, 23 Dec 2019 08:04:13 +0100, Alessandro Vesely via clamav-users stated: >Perhaps you could try and match From:snopescom-.*@cmail20.com? Actually, it is the "@cmail20.com" part changes also. -- Jerry ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] messages in freshclam.log
I think the status is currently “ignore this”. Sent from my iPad > On Dec 23, 2019, at 10:52, Eric Tykwinski wrote: > > This was mentioned here before, and I can't remember what the status was. > > For this example: > A dig trace leads to: > ping.clamav.net.86400 IN NS ns1a.clamav.net. > ;; BAD (HORIZONTAL) REFERRAL > dig: too many lookups > > #dig daily.25671.105.1.0.6810DA54.ping.clamav.net @ns1a.clamav.net > > ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> > daily.25671.105.1.0.6810DA54.ping.clamav.net @ns1a.clamav.net > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61445 > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 3 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;daily.25671.105.1.0.6810DA54.ping.clamav.net. IN A > > ;; AUTHORITY SECTION: > ping.clamav.net.86400 IN NS ns1a.clamav.net. > > ;; ADDITIONAL SECTION: > ns1a.clamav.net.86400 IN A 198.148.79.38 > ns1a.clamav.net.86400 IN 2620:28:c000:0:aba:ca:daba:ee > > So it's a continuous loop on ns1a.clamav.net to itself as authoritive for > ping.clamav.net on NS causing the issue. > >> -Original Message- >> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On >> Behalf Of Sohin Vyacheslav via clamav-users >> Sent: Monday, December 23, 2019 10:16 AM >> To: Joel Esler (jesler); ClamAV users ML >> Cc: Sohin Vyacheslav >> Subject: Re: [clamav-users] messages in freshclam.log >> >> >> >> 23.12.2019 16:51, Joel Esler (jesler) пишет: >>> These don’t exist. All of these addresses simply point at >> database.clamav.net. So, it makes no sense to point them to anything else. >> >> Ok, I agree. But what about mentioned message: >> >> Can't query daily.25671.105.1.0.6810DA54.ping.clamav.net >> >> >> -- >> Best wishes, >> Chertov Vyacheslav >> >> >> ___ >> >> clamav-users mailing list >> clamav-users@lists.clamav.net >> https://lists.clamav.net/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > > > > ___ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml smime.p7s Description: S/MIME cryptographic signature ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] messages in freshclam.log
This is correct. Please ignore the "Can't query daily. ... .ping.clamav.net". This message has been removed as of ClamAV 0.102. -Micah On 12/23/19, 12:12 PM, "clamav-users on behalf of Joel Esler (jesler) via clamav-users" wrote: I think the status is currently “ignore this”. Sent from my iPad > On Dec 23, 2019, at 10:52, Eric Tykwinski wrote: > > This was mentioned here before, and I can't remember what the status was. > > For this example: > A dig trace leads to: > ping.clamav.net.86400 IN NS ns1a.clamav.net. > ;; BAD (HORIZONTAL) REFERRAL > dig: too many lookups > > #dig daily.25671.105.1.0.6810DA54.ping.clamav.net @ns1a.clamav.net > > ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> daily.25671.105.1.0.6810DA54.ping.clamav.net @ns1a.clamav.net > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61445 > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 3 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;daily.25671.105.1.0.6810DA54.ping.clamav.net. IN A > > ;; AUTHORITY SECTION: > ping.clamav.net.86400 IN NS ns1a.clamav.net. > > ;; ADDITIONAL SECTION: > ns1a.clamav.net.86400 IN A 198.148.79.38 > ns1a.clamav.net.86400 IN 2620:28:c000:0:aba:ca:daba:ee > > So it's a continuous loop on ns1a.clamav.net to itself as authoritive for ping.clamav.net on NS causing the issue. > >> -Original Message- >> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On >> Behalf Of Sohin Vyacheslav via clamav-users >> Sent: Monday, December 23, 2019 10:16 AM >> To: Joel Esler (jesler); ClamAV users ML >> Cc: Sohin Vyacheslav >> Subject: Re: [clamav-users] messages in freshclam.log >> >> >> >> 23.12.2019 16:51, Joel Esler (jesler) пишет: >>> These don’t exist. All of these addresses simply point at >> database.clamav.net. So, it makes no sense to point them to anything else. >> >> Ok, I agree. But what about mentioned message: >> >> Can't query daily.25671.105.1.0.6810DA54.ping.clamav.net >> >> >> -- >> Best wishes, >> Chertov Vyacheslav >> >> >> ___ >> >> clamav-users mailing list >> clamav-users@lists.clamav.net >> https://lists.clamav.net/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > > > > ___ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
