Mailinglist Archive: opensuse-security (21 mails)

< Previous Next >
Re: [opensuse-security] What's up with clamav?
  • From: Christian Boltz <suse-security@xxxxxxxxx>
  • Date: Sun, 15 Feb 2009 15:31:22 +0100
  • Message-id: <200902151531.23468@xxxxxxxxxxxxxxx>
Hello,

Am Sonntag, 15. Februar 2009 schrieb Carlos E. R.:
My configuration was using "database.clamav.net", which yields a list
of hosts:

nimrodel:~ # host database.clamav.net
database.clamav.net is an alias for db.local.clamav.net.
db.local.clamav.net is an alias for db.eu.rr.clamav.net.
db.eu.rr.clamav.net has address 195.70.36.141
db.eu.rr.clamav.net has address 213.174.32.130
db.eu.rr.clamav.net has address 217.19.16.188
db.eu.rr.clamav.net has address 62.236.254.228 <======
...
The thing is that the daemon should be poling any server from the
list, but somehow it was trying the same broken server repeatedly.
When that server failed the algorithm should try another, but it
didn't. That's probably a bug.

The problem is how DNS round robin works. It is intended for load
balancing, not for being failsafe in case one of the servers is broken.

Basically:
- clamav asks your nameserver for "database.clamav.net"
- Your nameserver queries the upstream nameserver and gets multiple
results as listed above
- Your nameserver [1] picks one(!) of the results and gives clamav the
answer "database.clamav.net -> 62.236.254.228"

A proper solution would be to make clamav asking for multiple
servernames, for example something like "1.database.clamav.net"
and "2.database.clamav.net"


Regards,

Christian Boltz

[1] I'm not exactly sure about this fact - I hope there's someone who
corrects me if I'm wrong ;-)
--
The mission statement is simply 'world domination',
but we don't tell anybody. :-)
[Juergen Weigert in opensuse-project]
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >