Clamav Error Fail

anon70097136 · 14 June 2020 08:29

I’ve converted URLs for Clamav database (below) to IPs and entered that into Unrestricted connections/Web Proxy and entered the URLs into URL filter WhiteList.
The actual System Log: ClamAv reports database unto date. There is an appearance of a conflict.

System Logs: DNS Unbound:
SERVFAIL <database.clamav.net.localdomain. A IN>: all the configured stg b or forward servers failed, at zone .|
SERVFAIL <database.clamav.net. A IN>: all the configured stub or forward servers failed, at zone .|
SERVFAIL <database.clamav.net.localdomain. A IN>: all the configured stu b or forward servers failed, at zone .|
SERVFAIL <database.clamav.net. A IN>: all the configured stub or forward servers failed, at zone .|
SERVFAIL <current.cvd.clamav.net. TXT IN>: all the configured stub or fo rward servers failed, at zone .|

arne_f · 14 June 2020 14:01

The web proxy is not used for services like clamav that run local on the IPFire machine so such whitelist entries are useless.

Unbound reports that none of the configured servers cannot resolve the clamav.net urls. Check your dns config. You need uptream servers that support DNSSec!

anon70097136 · 14 June 2020 15:35

I’ve attached a picture of the DNS servers and DNSSEC chceck. That
appears correct.

pmueller · 15 June 2020 11:34

Hi,

just a footnote: 81.3.27.54 is configured twice.

Thanks, and best regards,
Peter Müller

anon70097136 · 15 June 2020 14:32

I’ll get to that. I configured it like that because
the recursive names are different and on the ipfire
Free Public DNS page they are listed twice.

Regarding the image sent. What does the ‘Green Working’
mean when referenced to the following quote from the
ipfire web site - it appears to read that even “Working”
may mean, not working:

Assign DNS Servers**
On the top of the page the current status of the systems DNS is displayed.
***This can be working or broken which means, the system is not able to
do any name resolution **
*and DNS is not working on the system and if you are using IPFire to
serve the DNS for your network also.
**Likewise a section of all currently configured and used DNS servers
will be shown.

arne_f · 15 June 2020 15:23

Did you run suricata (ids ?) sometimes this blocks DNS queries. I have not really found why but it is more often on slow internet connections.

anon70097136 · 15 June 2020 18:00

Suricata is running. A Find Search of the rules for clamav or
database returned nothing. There is a space to WhiteList an IP

but which IP might clamav update have: a search of clamav
web site did return several IPs associated with the processes.

Further examination of the System Log for Clamav finds that
clamav appears to update every two hours. Some updates or
processes appear to complete. Others appear not.

I’ll mark the case Resolved. Perhaps a future version
of ipfire should show the date/time/success/fail of the
most recent update.

: