Open matthj1 opened 1 year ago
Hi @matthj1 I'm sad to hear this issue is happening again.
I have an idea on what is actually happening. For some reason your freshclam
client is trying to determine the version of main.cvd
on the server by using HTTP to query the CVD header, rather than by using a DNS query. Frequent HTTP queries will trigger rate limiting, while DNS queries will not.
My question is, do you know if DNS may be failing or disabled in your environment or your freshclam config? I want to understand why it's falling back to HTTP.
If you can't get freshclam to use DNS instead, my advice would be to change the frequency that you run freshclam for updates to once or twice a day. That should get you below the rate limit threshold, and hopefully will make this go away.
On our side, we should alter freshclam to be understand rate limit responses in that HTTP CVD-header check, and put in some smarter logic to limit version check attempts when in HTTP-fallback mode.
@micahsnyder I think you're right, at least I've run into the same issue in an environment where DNS queries were not possible. As you suggested, lowering the update frequency works.
It doesn't seem entirely unreasonable to have clients interact with the DB server entirely via HTTP, particularly when using a HTTP proxy; though I totally understand that the DNS mechanism is certainly used for good reason.
As for this issue, perhaps it would be useful to just add a note to the docs for now.
Hi Team,
I've been getting the below error when running the freshclam command during the building of an AWS machine image using Packer. I've been using clam av without issue for a long time, this has only been observed for the first time today.
I believe it's the same issue as #https://github.com/Cisco-Talos/clamav/issues/588 and #https://github.com/Cisco-Talos/clamav/issues/592
Is this likely a legitimate hit of the rate limit or has something gone wrong between Cloudfare and yourselves as described in the above issues?
Many thanks!