From: Vladimir Karpinsky <vvkarpinsky@yandex.ru> To: ALT Linux Community general discussions <community@lists.altlinux.org> Subject: [Comm] freshclam Date: Sun, 14 Jun 2020 17:44:30 +0300 Message-ID: <047c49e3-dec6-5b9b-3fc7-479584f11de0@yandex.ru> (raw) Добрый день! После недавнего обновления ежедневно в 16:33 (уже 3 раза) стал получать письма от Cron'а, запускающего freshclam: $ cat /etc/cron.d/clamav-freshclam 33 * * * * root /usr/bin/freshclam --quiet --daemon-notify Вопросы: 1. Насколько я понял, ключевая фраза из письма: "old SSL session ID is stale, removing" (полный текст см. ниже). Почему, что делать, кто виноват? 2. Почему именно в 16:33? В другие часы всё проходит молча. Может что-то именно в это время происходит с базой, и имеет смысл запускать реже (*/2, */4,...). Содержание письма: * Trying 104.16.218.84:443... * TCP_NODELAY set * Connected to database.clamav.net (104.16.218.84) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /usr/share/ca-certificates/ca-bundle.crt CApath: none * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=CA; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com * start date: Apr 6 00:00:00 2020 GMT * expire date: Oct 9 12:00:00 2020 GMT * subjectAltName: host "database.clamav.net" matched cert's "database.clamav.net" * issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x8c508d0) > GET /daily-25843.cdiff HTTP/2 Host: database.clamav.net User-Agent: ClamAV/0.102.3 (OS: linux-gnu, ARCH: i386, CPU: i586) Accept: */* Connection: close * old SSL session ID is stale, removing * Connection state changed (MAX_CONCURRENT_STREAMS == 256)! < HTTP/2 200 < date: Sun, 14 Jun 2020 13:33:07 GMT < content-type: application/octet-stream < content-length: 160368 < set-cookie: __cfduid=d5a833db656f0e68a3db8d5ea1d6d25e01592141587; expires=Tue, 14-Jul-20 13:33:07 GMT; path=/; domain=.clamav.net; HttpOnly; SameSite=Lax < last-modified: Sun, 14 Jun 2020 12:53:00 GMT < etag: "5ee61dac-27270" < expires: Mon, 14 Jun 2021 13:26:42 GMT < cache-control: public, max-age=31535615 < cf-cache-status: HIT < age: 2021 < accept-ranges: bytes < cf-request-id: 0354a1bc510000d8f5b5b9c200000001 < expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" < strict-transport-security: max-age=15552000 < x-content-type-options: nosniff < server: cloudflare < cf-ray: 5a346bda1b80d8f5-AMS < * Connection #0 to host database.clamav.net left intact -- С уважением, Владимир.
next reply other threads:[~2020-06-14 14:44 UTC|newest] Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-06-14 14:44 Vladimir Karpinsky [this message] 2020-06-16 20:33 ` Sergey 2020-06-18 21:12 ` Vladimir Karpinsky 2020-06-19 5:43 ` Sergey 2020-06-19 5:51 ` Vladimir Karpinsky 2020-10-08 10:59 ` Sergey 2020-10-08 11:38 ` Vladimir Karpinsky
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=047c49e3-dec6-5b9b-3fc7-479584f11de0@yandex.ru \ --to=vvkarpinsky@yandex.ru \ --cc=community@lists.altlinux.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Community general discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 community community/ http://lore.altlinux.org/community \ mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com public-inbox-index community Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.community AGPL code for this site: git clone https://public-inbox.org/public-inbox.git