Mailing List Archive

Re: [clamav-users] clamav-users Digest, Vol 202, Issue 17
Good Evening,

I’m not sure what changed, but I was able to confirm it is working today. Nothing changed on my firewall, ACL, or QNAP config since my initial email. It does appear the IP did change on the database.clamav.net. Below is a snapshot of the ACL that dynamically updates based on the DNS address. Thanks for the help and confirming others had this issue.



Thanks,
Gregory Poveda
OIT - Network Infrastructure
VBH M1D
Cell: (865) 250-0290
Office: (256) 824-7656
gap0005@uah.edu

> On Sep 22, 2021, at 7:00 AM, clamav-users-request@lists.clamav.net wrote:
>
> Send clamav-users mailing list submissions to
> clamav-users@lists.clamav.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.clamav.net/mailman/listinfo/clamav-users
> or, via email, send a message with subject or body 'help' to
> clamav-users-request@lists.clamav.net
>
> You can reach the person managing the list at
> clamav-users-owner@lists.clamav.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of clamav-users digest..."
> When responding, please don't respond with the entire Digest. Please trim your response.
> Today's Topics:
>
> 1. Re: QNAP Antivirus Updates (Paul Kosinski)
> 2. Re: QNAP Antivirus Updates (Liston, Daniel (DLISTON))
> 3. Re: QNAP Antivirus Updates (Joel Esler (jesler))
>
> From: Paul Kosinski <clamav-users@iment.com>
> Subject: Re: [clamav-users] QNAP Antivirus Updates
> Date: September 21, 2021 at 12:52:57 PM CDT
> To: clamav-users@lists.clamav.net
> Cc: Matus UHLAR - fantomas <uhlar@fantomas.sk>
>
>
> "how's this different from what Joel said?"
>
> My reading of the following (based on normal English convention)
>
>>> 104.16.218.84
>>> 104.16.219.84
>> That’s what they are for you. Cloudflare routes you to the closest pop to your network. Your mileage may vary
>
> is that "they" refers to the IP addresses, NOT the DNS names (which hadn't even been mentioned in my email at this point).
>
> Thus, what I inferred from Joel's statement is that "database.clamav.net" might resolve to different IPs for other users (which would be weird, given the use of Anycast). So I tested it the best I could (without traveling a lot, or setting up VMs in different countries).
>
>
> On Tue, 21 Sep 2021 13:21:20 +0200
> Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
>
>>> On Mon, 20 Sep 2021 17:17:34 +0000
>>> "Joel Esler (jesler)" <jesler@cisco.com> wrote:
>>>
>>>>> On Sep 20, 2021, at 13:08, Paul Kosinski via clamav-users <clamav-users@lists.clamav.net> wrote:
>>>>>
>>>>> These two IPs are Anycast addresses, and have been unchanged for well over 2 years. (Anycast addresses don't have to change even if the physical servers change, that's their point!) They are:
>>>>>
>>>>> 104.16.218.84
>>>>> 104.16.219.84
>>>> That’s what they are for you. Cloudflare routes you to the closest pop to your network. Your mileage may vary
>>
>> On 20.09.21 20:16, Paul Kosinski via clamav-users wrote:
>>> I thought the IP addresses, being Anycast, were what are routed to the closest POP.
>>
>> how's this different from what Joel said?
>>
>>> No matter, when I resolve "database.clamav.net" via various DNS servers,
>>> using TCP to bypass the default local DNS server (as our firewall blocks
>>> outbound UDP port 53 otherwise), I always get these same two IP addresses
>>> as results (see below)
>>
>> yes, becaue those two IP are anycast... they are router to the nearest POP.
>>
>>> Given that the servers at 1.1.1.1, 8.8.8.8 and 9.9.9.9 are "public", and
>>> likely Anycast, while 71.243.0.12 is local Verizon/FIOS, I suppose that
>>> the Authoritative server and the public (Anycast) servers could
>>> conceivably be distributing different IP addresses depending on who is
>>> querying. (BIND/named has become incredibly complicated these days.) But
>>> since the two IP addresses are themselves Anycast, what would be the
>>> point?
>>
>> the point is, not to provide different IPs via anycast DNS but to provide
>> anycast IPs via any DNS.
>>
>>> In any case, does anyone, anywhere, get IP addresses other than
>>>
>>> 104.16.218.84
>>> 104.16.219.84
>>>
>>> when resolving "database.clamav.net"?
>>
>
>
>
>
> From: "Liston, Daniel (DLISTON)" <DLISTON@arinc.com>
> Subject: Re: [clamav-users] QNAP Antivirus Updates
> Date: September 21, 2021 at 1:42:00 PM CDT
> To: "clamav-users@lists.clamav.net" <clamav-users@lists.clamav.net>
>
>
> I have already forgotten the point, but I did do some DNS
> queries from our datacenters in LON, TYO, and NYC. All
> reported the same results;
>
> Non-authoritative answer:
> database.clamav.net canonical name = database.clamav.net.cdn.cloudflare.net.
> Name: database.clamav.net.cdn.cloudflare.net
> Address: 104.16.218.84
> Name: database.clamav.net.cdn.cloudflare.net
> Address: 104.16.219.84
>
> It seems it should be safe to specify these 2 IP addresses
> in your firewall for the updates.
>
>
> L8r
> Dan
>
>
>
>
> From: "Joel Esler (jesler)" <jesler@cisco.com>
> Subject: Re: [clamav-users] QNAP Antivirus Updates
> Date: September 21, 2021 at 2:49:27 PM CDT
> To: ClamAV users ML <clamav-users@lists.clamav.net>
> Cc: "Liston, Daniel (DLISTON)" <DLISTON@arinc.com>
>
>
> And… there’s your answer. Thank you all! I think this thread is dead.
>
>> On Sep 21, 2021, at 2:42 PM, Liston, Daniel (DLISTON) via clamav-users <clamav-users@lists.clamav.net> wrote:
>>
>> I have already forgotten the point, but I did do some DNS
>> queries from our datacenters in LON, TYO, and NYC. All
>> reported the same results;
>>
>> Non-authoritative answer:
>> database.clamav.net canonical name = database.clamav.net.cdn.cloudflare.net.
>> Name: database.clamav.net.cdn.cloudflare.net
>> Address: 104.16.218.84
>> Name: database.clamav.net.cdn.cloudflare.net
>> Address: 104.16.219.84
>>
>> It seems it should be safe to specify these 2 IP addresses
>> in your firewall for the updates.
>>
>>
>> L8r
>> Dan
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml