Mailinglist Archive: opensuse-security (21 mails)

< Previous Next >
Re: [opensuse-security] What's up with clamav?
  • From: "Carlos E. R." <robin.listas@xxxxxxxxxxxxxx>
  • Date: Sun, 15 Feb 2009 02:04:52 +0100 (CET)
  • Message-id: <alpine.LSU.2.00.0902150127560.27904@xxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On Sunday, 2009-02-15 at 00:12 +0100, Marcus Meissner wrote:

On Sat, Feb 14, 2009 at 08:34:42PM +0100, Carlos E. R. wrote:


Hi,

I have been getting this messages in my warning log for days:

Feb 12 14:48:35 nimrodel freshclam[3605]: getfile: daily-8983.cdiff not found
on remote server (IP: 62.236.254.228)
Feb 12 14:48:35 nimrodel freshclam[3605]: getpatch: Can't download
daily-8983.cdiff from database.clamav.net
Feb 12 14:48:35 nimrodel freshclam[3605]: getfile: daily-8983.cdiff not found
on remote server (IP: 62.236.254.228)
Feb 12 14:48:35 nimrodel freshclam[3605]: getpatch: Can't download
daily-8983.cdiff from database.clamav.net
Feb 12 14:48:36 nimrodel freshclam[3605]: getfile: daily-8983.cdiff not found
on remote server (IP: 62.236.254.228)
Feb 12 14:48:36 nimrodel freshclam[3605]: getpatch: Can't download
daily-8983.cdiff from database.clamav.net
Feb 12 14:48:36 nimrodel freshclam[3605]: Incremental update failed, trying to
download daily.cvd
Feb 12 14:48:46 nimrodel freshclam[3605]: Mirror 62.236.254.228 is not
synchronized.

You pretty much should ask this the clamav folks.

I just run freshclam and it went through fine, so it seemed
temporary.

No, it's not proof. You have to verify using the exact same server IP I got.

My configuration was using "database.clamav.net", which yields a list of hosts:

nimrodel:~ # host database.clamav.net
database.clamav.net is an alias for db.local.clamav.net.
db.local.clamav.net is an alias for db.eu.rr.clamav.net.
db.eu.rr.clamav.net has address 195.70.36.141
db.eu.rr.clamav.net has address 213.174.32.130
db.eu.rr.clamav.net has address 217.19.16.188
db.eu.rr.clamav.net has address 62.236.254.228 <======
db.eu.rr.clamav.net has address 80.69.67.43
db.eu.rr.clamav.net has address 85.30.129.18
db.eu.rr.clamav.net has address 85.214.115.224
db.eu.rr.clamav.net has address 147.229.3.16
db.eu.rr.clamav.net has address 193.1.193.64
db.eu.rr.clamav.net has address 193.27.50.222
db.eu.rr.clamav.net has address 194.47.250.218

Interesting... "eu" does work here. >>:-)


The thing is that the daemon should be poling any server from the list, but somehow it was trying the same broken server repeatedly. When that server failed the algorithm should try another, but it didn't. That's probably a bug.

And another is that the server is/was down, for days.


About reporting it upstream... I was just asking for comments here. My issue was solved by restarting and reconfiguring the daemon. And as I don't have any windows machine to protect, I'm not really affected.

If the issue repeats, I'll think about it.

[...]

The issue is known, google finds it - recent hits:

<http://www.nabble.com/freshclam-fails,-but-tries-only-one-IP-address-td20980927.html>
freshclam fails, but tries only one IP address - Dec 12, 2008; 07:21pm

and it is the same IP I have problems with.


[clamav-users] Problem with a mirror (209.8.40.140)
Thu, 15 Jan 2009 10:11:38 -0800
http://www.mail-archive.com/clamav-users@xxxxxxxxxxxxxxxx/msg31389.html



- -- Cheers,
Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkmXajoACgkQtTMYHG2NR9UTFACdG6OnH3Wg3HqXo/O0ox9ooFVZ
LiwAn05twFhL9kTW7IAM/aN3brLiGoEg
=GYVa
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >