2008-07-24 – ClamAV aargh

We’re being hammered by loads of vicious email trojans, which mutate fast. I’ve resorted to adding manual blocks in Exim because ClamAV isn’t keeping up.

Just now I was very puzzled that freshclam wasn’t downloading the latest version of the virus database. It turns out that although I have told it to poll 100 times a day (about every 15 minutes), freshclam uses the DNS to check what is the latest version, and the TTL on the relevant DNS record is 30 minutes.

⇐ 2008-07-23 ⇐ Kaminsky's DNS hack ⇐ ⇒ More Kaminsky ⇒ 2008-07-24 ⇒