Mailing List Archive

Hi Jim,

Some background about "ping.clamav.net":

Freshclam has a feature to do a DNS query for domain names of the form:
<databasename>.<clam functionality level>.<success?>.<host is on WIndows>.<hex IPv4 address of mirror>.ping.clamav.net

It is of course not a real host in our domain, but instead the query gets logged and that provides an extremely low cost method for getting basic telemetry on the performance of mirror infrastructure. The metadata in question hasn't held too much value to our team for a long time, especially now that we're using CloudFlare instead of using a network of 3rd party mirrors.

Regarding the error you're seeing:

I think the "Can't query" error is new and indicates some infrastructure change or potential issue with the server that had been the sink for the DNS lookups (ns4.clamav.net (?)). Joel Esler said he'd look into it. In the meantime, it's fine to be seeing those errors -- since they're basically saying that it failed to report telemetry that we no longer record or review. The ability to use freshclam to keep up to date should remain unimpeded.

On a related note, the next feature release of ClamAV has a significant update to freshclam. A part of that is removing this "ping.clamav.net" DNS query feature.

-Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.



?On 7/31/19, 9:15 AM, "clamav-users on behalf of Jim Popovitch via clamav-users" <clamav-users-bounces@lists.clamav.net on behalf of clamav-users@lists.clamav.net> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Jul 31 09:24:16 cav freshclam[3977]: Can't query daily.25527.102.1.0.6810DA54.ping.clamav.net

To me, "Can't" implies an inability to do something, generally this
would therefore require action by someone else or something else.

"I can't move this large rock" -> Hire a backhoe

"I can't breath!" -> Medical intervention

"I can't sleep" -> Draft emails like this one....

Given the freshclam msg up above, what is the meaning of "Can't
query..."? Is there a problem needing investigation or intervention
(e.g., should that query normally succeed?), or is this is just a way of
saying there is a new update? If the latter, perhaps there is some
better terminology.

- -Jim P.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAl1BlCsACgkQPcxbabkK
GJ+HKhAAmNTpRUVz/YdpXNxvubnI01vb+323l5/ZSGRwrPFqpovvvdKk3vCDvNaw
VzraHEd3noQ0XJL2TLGIMt5ITI2qkw0afNWo0pIb/qxmcM+9gJMRpWq4ivFBkais
VKuWBh4QES0irJOz9koWweErElyr8wsr4lQG7+f87TyajFAdPsZnPSaZGef+JCTx
nkUjBVwHYpCRP31Rms1y/snNFxRRseWppUJeUHfBIvSXJN5Y2bsLTPhN71WLi081
jAjctgGq0uvml4XPpqoY3/hMl/KFcaf63O3FP7HMFrhHKCctDgg844s0GKF91sLN
nFAFoJTVtxmiXNY3u20RGKleJS5D/DiNnTCirgLrElPfeWeI+HZtZi+NVKIZWvtY
Y9w9IjjP/H+IfC36graritkvJfFOQUYL74pcE/CQYOYBlt33hdFzipNlkgntL0Aa
2HrLVOOq/QEwLKggeVL4zdYS8Qzh/Lj3ykHaFlMl4+z0wEr5gvaHgYDnlgkqCeDV
nHHYGthM3CMUYWErSMzJMh6cORsX5tws/Iu8KAJ1GAmPCpitdzQ2cW4KOh+Ji0Vr
K9KOB9ofqqUsAapB0uVRC/gMon2PX+afan39C15BYqnhckRtGiG+y6MzpjvOzbbz
J6C2swxZN9VAH0v2VdAXY67dsSfBxML4OqHFlR9X4mKLu5vdhs4=
=cBMy
-----END PGP SIGNATURE-----


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml