Discussion:
database.clamav.net mirror
Fajar A. Nugraha
2003-12-12 08:38:48 UTC
Permalink
Hi all

Thought I just start a new thread here instead of adding the "Nude
links" thread

Although http://www.clamav.net/doc/mirrors/clamav-mirror-howto.txt
contains complete instructions on how to setup a database mirror, it
says nothing about web page mirror. Is it possible to setup a web page
mirror?

Another thing.

How does the current dns server for database.clamav.net works? Does it
simply choose a host at random (like Bind without zones does)?
It seems that way, judging from
"

database.clamav.net is a round robin record that tries
to equally balance the traffic between all the database
mirrors

"

You could get better performance using zones in Bind or by using
tinydns, to map certain host to certain client address.
That way, client in Europe would get mirror in Europe, and so on.

I'm signing up for the zone clamav.or.id, and I was hoping it could be
used as clamav web and database mirror in Indonesia.

Regards,

Fajar Nugraha


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
Thomas Lamy
2003-12-12 09:00:46 UTC
Permalink
I just registered clamav.de, with www.clamav.de being CNAME www.clamav.net

Thomas



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
Fajar A. Nugraha
2003-12-12 09:25:45 UTC
Permalink
That won't work right away. Folks at clamav.net / sourceforge should
also add www.clamav.de as their virtual host.
Otherwise, you'll get errors such as this :

bash-2.03# telnet 66.35.250.210 80
Trying 66.35.250.210...
Connected to 66.35.250.210.
Escape character is '^]'.
GET / HTTP/1.0
Host: www.clamav.de

HTTP/1.1 200 OK
Date: Fri, 12 Dec 2003 09:19:01 GMT
Server: Apache/1.3.26 (Unix) PHP/4.1.2
Last-Modified: Fri, 07 Sep 2001 18:23:40 GMT
ETag: "b5a9-264-3b9910ac"
Accept-Ranges: bytes
Content-Length: 612
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>SourceForge.Net</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<FONT FACE="ARIAL, HELVETICA, SANS SERIF">

*<P>You have probably reached this page in error.</P>*

//=================remaining html removed================


When you should get this :

bash-2.03# telnet 66.35.250.210 80
Trying 66.35.250.210...
Connected to 66.35.250.210.
Escape character is '^]'.
GET / HTTP/1.0
Host: www.clamav.net


HTTP/1.1 200 OK
Date: Fri, 12 Dec 2003 09:19:50 GMT
Server: Apache/1.3.26 (Unix) PHP/4.1.2
Last-Modified: Thu, 11 Dec 2003 13:27:22 GMT
ETag: "1912f4-1630-3fd870ba"
Accept-Ranges: bytes
Content-Length: 5680
Connection: close
Content-Type: text/html

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.o
rg/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1" />
<meta name="generator" content="WebMake/2.4" />
<meta name="description" content="An anti-virus toolkit for Unix" />
* <meta name="keywords" content="Clam, ClamAV, Anti, Virus,
AntiVirus, Free, Sun, Solaris, Freebsd, Linux, OpenSource" />*

//=================remaining html removed================


Fajar
Post by Thomas Lamy
I just registered clamav.de, with www.clamav.de being CNAME
www.clamav.net
Thomas
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Clamav-users mailing list
https://lists.sourceforge.net/lists/listinfo/clamav-users
Thomas Lamy
2003-12-12 09:52:25 UTC
Permalink
Post by Fajar A. Nugraha
That won't work right away. Folks at clamav.net / sourceforge should
also add www.clamav.de as their virtual host.
bash-2.03# telnet 66.35.250.210 80
Trying 66.35.250.210...
Connected to 66.35.250.210.
Escape character is '^]'.
GET / HTTP/1.0
Host: www.clamav.de
HTTP/1.1 200 OK
Date: Fri, 12 Dec 2003 09:19:01 GMT
Server: Apache/1.3.26 (Unix) PHP/4.1.2
Last-Modified: Fri, 07 Sep 2001 18:23:40 GMT
ETag: "b5a9-264-3b9910ac"
Accept-Ranges: bytes
Content-Length: 612
Connection: close
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>SourceForge.Net</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<FONT FACE="ARIAL, HELVETICA, SANS SERIF">
*<P>You have probably reached this page in error.</P>*
//=================remaining html removed================
bash-2.03# telnet 66.35.250.210 80
Trying 66.35.250.210...
Connected to 66.35.250.210.
Escape character is '^]'.
GET / HTTP/1.0
Host: www.clamav.net
HTTP/1.1 200 OK
Date: Fri, 12 Dec 2003 09:19:50 GMT
Server: Apache/1.3.26 (Unix) PHP/4.1.2
Last-Modified: Thu, 11 Dec 2003 13:27:22 GMT
ETag: "1912f4-1630-3fd870ba"
Accept-Ranges: bytes
Content-Length: 5680
Connection: close
Content-Type: text/html
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.o
rg/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1" />
<meta name="generator" content="WebMake/2.4" />
<meta name="description" content="An anti-virus toolkit for Unix" />
* <meta name="keywords" content="Clam, ClamAV, Anti, Virus,
AntiVirus, Free, Sun, Solaris, Freebsd, Linux, OpenSource" />*
//=================remaining html removed================
Fajar
Post by Thomas Lamy
I just registered clamav.de, with www.clamav.de being CNAME
www.clamav.net
Thomas
Ok, I'll set up a redirector.

In a hurry,
Thomas



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
l***@cathey.us
2003-12-12 14:45:07 UTC
Permalink
Why spend the money buying up all these domain names? Why not just use
the country codes in front of clamav.net?

Luca, we should add something to the unofficial debian packages to let
people select their country code if we decide to go this route. It
might be nice to have this as part of the config file or something.
This, however, probably belongs on clamav-devel and clamav-mirrors.

I'll try to get something done with the nagios plugin for handling
mirrors what we discussed. I've been a bit busy lately.

Cheers,

Mike



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
Eduardo Kaftanski
2003-12-12 17:32:40 UTC
Permalink
Post by l***@cathey.us
Why spend the money buying up all these domain names? Why not just use
the country codes in front of clamav.net?
very good idea.
Post by l***@cathey.us
Luca, we should add something to the unofficial debian packages to let
people select their country code if we decide to go this route. It
might be nice to have this as part of the config file or something.
This, however, probably belongs on clamav-devel and clamav-mirrors.
I'll try to get something done with the nagios plugin for handling
mirrors what we discussed. I've been a bit busy lately.
Cheers,
Mike
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Clamav-users mailing list
https://lists.sourceforge.net/lists/listinfo/clamav-users
--
Eduardo Kaftanski
***@linuxcenter.cl
Red Hat Certified Engineer/Instructor/Examiner
Gerente Ingenieria LinuxCenter S.A.
Canada 239 5to Piso, Providencia, Stgo de Chile.
http://www.linuxcenter.cl +56-2-2745000


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
Stewart MacLund
2003-12-12 15:15:35 UTC
Permalink
Post by Fajar A. Nugraha
That won't work right away. Folks at clamav.net / sourceforge should
also add www.clamav.de as their virtual host.
Yup. I had noticed this.

I've worked around the problem by pointing the DNS record at my own
server, and making an index.php with:

<?
header("Location: www.clamav.net");
?>

in it. Which will automagically redirect the domain. Just FYI for other
people who might not know that little trick.

SUndie...

ps - i just did it now, may take a few minites to start working. Someone
email me if they notice it NOT working.





-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
René Bellora
2003-12-23 16:10:00 UTC
Permalink
hi!

i upgraded from clam 0.65 to clam devel-20031223. After the upgrade,
i checked some archived infected mails. I found the '--mbox' option miss
some viruses it used to catch. Once unpacked, clamscan detects the virus

here is one sample (i couldn't say if it's always the same case,
there are many of them):

<http://rana.dyndns.org/mailpack>


testing with newer version:
# clamscan --version
clamscan / ClamAV version devel-20031223
# clamscan --mbox mailpack
mailpack: OK

----------- SCAN SUMMARY -----------
Known viruses: 11947
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.06 MB
I/O buffer size: 131072 bytes
Time: 4.763 sec (0 m 4 s)

testing with 0.65:
$ clamscan --version
clamscan / ClamAV version 0.65

$ clamscan --mbox mailpack
mailpack: Exploit.IFrame.Gen FOUND

----------- SCAN SUMMARY -----------
Known viruses: 10156
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
I/O buffer size: 131072 bytes
Time: 1.068 sec (0 m 1 s)



regards,
René


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
Nigel Horne
2003-12-23 22:16:00 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by René Bellora
hi!
i upgraded from clam 0.65 to clam devel-20031223. After the upgrade,
i checked some archived infected mails. I found the '--mbox' option miss
some viruses it used to catch. Once unpacked, clamscan detects the virus
I downloaded your file and got this:

[***@njh tmp]$ clamscan --mbox 2251.0.mailpack
2251.0.mailpack: W32/BugBear.A FOUND
[***@njh tmp]$ clamscan --version
clamscan / ClamAV version devel-20031223

- -Nigel

- --
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
***@despammed.com http://www.bandsman.co.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/6L6ghTUd3VwpF6IRApb3AJ0ff/rrR3YPTfffB8s1ErkO2OGurgCfT9iX
TIQlvoeE/A4tHf0M7lnyg+s=
=xAA9
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
René Bellora
2003-12-29 15:40:06 UTC
Permalink
Post by Nigel Horne
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by René Bellora
hi!
i upgraded from clam 0.65 to clam devel-20031223. After the upgrade,
i checked some archived infected mails. I found the '--mbox' option miss
some viruses it used to catch. Once unpacked, clamscan detects the virus
2251.0.mailpack: W32/BugBear.A FOUND
clamscan / ClamAV version devel-20031223
- -Nigel
I upgraded to devel-20031229, and that problem went away. But now, i
found the following, with another virus:

# clamscan --version
clamscan / ClamAV version devel-20031229

# freshclam -v
Current working dir is /usr/local/share/clamav
ClamAV update process started at Mon Dec 29 12:21:44 2003
Connected to database.clamav.net (209.204.175.217).
Reading CVD header (main.cvd): OK
Downloading main.cvd [*]
main.cvd updated (version: 12, sigs: 11867, f-level: 1, builder: tkojm)
Connected to database.clamav.net (209.204.175.217).
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
daily.cvd updated (version: 68, sigs: 115, f-level: 1, builder: ddm)
Database updated (11982 signatures) from database.clamav.net
(209.204.175.217).
Freeing option list...done

# clamscan desde.exe
desde.exe: OK

----------- SCAN SUMMARY -----------
Known viruses: 11982
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.07 MB
I/O buffer size: 131072 bytes
Time: 2.491 sec (0 m 2 s)


so, i went to report 'desde.exe', which i knew it was a Magistr variant,
but the test-clamav web interface do detect it... Then, i do another
'freshclam -v', tried again, but clamscan continues saying 'OK'


regards,
René


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
Tomasz Kojm
2003-12-30 04:02:42 UTC
Permalink
On Mon, 29 Dec 2003 12:40:06 -0300
Post by René Bellora
so, i went to report 'desde.exe', which i knew it was a Magistr
variant, but the test-clamav web interface do detect it... Then, i do
another 'freshclam -v', tried again, but clamscan continues saying
'OK'
Please submit the sample on our website and we will check it with the
latest version.

Best regards,
Tomasz Kojm
--
oo ..... ***@clamav.net www.ClamAV.net
(\/)\......... http://www.clamav.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Tue Dec 30 05:01:24 CET 2003
René Bellora
2003-12-30 12:55:29 UTC
Permalink
Post by Tomasz Kojm
On Mon, 29 Dec 2003 12:40:06 -0300
Post by René Bellora
so, i went to report 'desde.exe', which i knew it was a Magistr
variant, but the test-clamav web interface do detect it... Then, i do
another 'freshclam -v', tried again, but clamscan continues saying
'OK'
Please submit the sample on our website and we will check it with the
latest version.
i had already submitted to <http://www.gietl.com/test-clamav/>, and it
was correctly detected. But my recently compiled clamscan
(devel-20031229) doesn't detect it (it does detect others, but not all
of my archive)


regards,
René


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
Tomasz Kojm
2003-12-30 13:01:15 UTC
Permalink
On Tue, 30 Dec 2003 09:55:29 -0300
Post by René Bellora
i had already submitted to <http://www.gietl.com/test-clamav/>, and it
Please submit it on this page:
http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi

Best regards,
Tomasz Kojm
--
oo ..... ***@clamav.net www.ClamAV.net
(\/)\......... http://www.clamav.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Tue Dec 30 13:57:25 CET 2003
Loading...