Hi there,
On Fri, 29 Jan 2021, Gary R. Schmidt wrote:
> I've just noticed that freshclam has logged "DNS record is older than 3
> hours." twice in the last few days.
>
> It's not a problem, I just wonder that the underlying cause could be - is it
> just that DNS updates somewhere in there are slow on occasion??
It's probably not a problem for ClamAV, but if it keeps happening it
might indicate there's something which does need your attention.
Freshclam likes to know that things are up to date, and it's a little
unhappy about what it's found. I've seen this message just once, last
September. It seemed to coincide with a network outage. As it never
happened again and it depends on quite a few imponderables, apart from
checking that things were otherwise OK AFAICT, I ignored it.
If you look at the code in .../libfreshclam/libfreshclam_internal.c at
around lines 1590-1640 in the latest version you'll see that (1) this
part of the code is only compiled under some circumstances, (2) it is
a fallback for when the primary means of getting the database version
fails and (3) the warning is only emitted if the time provided by the
system and the timestamp on the DNS record differ by more than 10800
seconds (a rather nasty hard-coded value in the source).
My first check would be that the timestamps on all the log entries at
about the time that the messages were emitted make some sort of sense.
They will if your system clock is properly set at boot, before things
which rely on it can use it, and that it *stays* that way, reliably
providing the correct time, at all times. It's vital. The system
clock *must* be reliable. All my systems run chronyd (except for the
odd one or two which run the more capable but much more troublesome
ntpd), and Nagios/Icinga check that all the clocks stay within a few
milliseconds of UTC. For the sake of confidence I look at the graphs
now and then, and I'll investigate if any system seems to be going out
by more than 5ms for any length of time - which can happen to some VMs
if you aren't careful - and I'll get an email alert if the time on any
system goes way off the reservation. (In my view that means +/- 25ms.
Nuke it from orbit, it's the only way to be sure. :)
Assuming that I was satisfied that the system time was beyond reproach
my second check would be that DNS resolution is reliable. Do you run
a name server, or do you rely on some e.g. consumer firewall/router,
or something from an ISP, or....? Running nameservers is out of scope
for this list and a short email, but again things like Nagios can help
check the reliability of the service.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml