From: Vladimir Karpinsky <vvkarpinsky@yandex.ru>
To: ALT Linux Community general discussions <community@lists.altlinux.org>
Subject: [Comm] freshclam
Date: Sun, 14 Jun 2020 17:44:30 +0300
Message-ID: <047c49e3-dec6-5b9b-3fc7-479584f11de0@yandex.ru> (raw)
Добрый день!
После недавнего обновления ежедневно в 16:33 (уже 3 раза) стал получать
письма от Cron'а, запускающего freshclam:
$ cat /etc/cron.d/clamav-freshclam
33 * * * * root /usr/bin/freshclam --quiet --daemon-notify
Вопросы:
1. Насколько я понял, ключевая фраза из письма: "old SSL session ID is
stale, removing" (полный текст см. ниже). Почему, что делать, кто виноват?
2. Почему именно в 16:33? В другие часы всё проходит молча. Может что-то
именно в это время происходит с базой, и имеет смысл запускать реже (*/2,
*/4,...).
Содержание письма:
* Trying 104.16.218.84:443...
* TCP_NODELAY set
* Connected to database.clamav.net (104.16.218.84) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /usr/share/ca-certificates/ca-bundle.crt
CApath: none
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=CA; L=San Francisco; O=Cloudflare, Inc.;
CN=sni.cloudflaressl.com
* start date: Apr 6 00:00:00 2020 GMT
* expire date: Oct 9 12:00:00 2020 GMT
* subjectAltName: host "database.clamav.net" matched cert's
"database.clamav.net"
* issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare
Inc ECC CA-2
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade:
len=0
* Using Stream ID: 1 (easy handle 0x8c508d0)
> GET /daily-25843.cdiff HTTP/2
Host: database.clamav.net
User-Agent: ClamAV/0.102.3 (OS: linux-gnu, ARCH: i386, CPU: i586)
Accept: */*
Connection: close
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 200
< date: Sun, 14 Jun 2020 13:33:07 GMT
< content-type: application/octet-stream
< content-length: 160368
< set-cookie: __cfduid=d5a833db656f0e68a3db8d5ea1d6d25e01592141587;
expires=Tue, 14-Jul-20 13:33:07 GMT; path=/; domain=.clamav.net; HttpOnly;
SameSite=Lax
< last-modified: Sun, 14 Jun 2020 12:53:00 GMT
< etag: "5ee61dac-27270"
< expires: Mon, 14 Jun 2021 13:26:42 GMT
< cache-control: public, max-age=31535615
< cf-cache-status: HIT
< age: 2021
< accept-ranges: bytes
< cf-request-id: 0354a1bc510000d8f5b5b9c200000001
< expect-ct: max-age=604800,
report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< strict-transport-security: max-age=15552000
< x-content-type-options: nosniff
< server: cloudflare
< cf-ray: 5a346bda1b80d8f5-AMS
<
* Connection #0 to host database.clamav.net left intact
--
С уважением,
Владимир.
next reply other threads:[~2020-06-14 14:44 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-14 14:44 Vladimir Karpinsky [this message]
2020-06-16 20:33 ` Sergey
2020-06-18 21:12 ` Vladimir Karpinsky
2020-06-19 5:43 ` Sergey
2020-06-19 5:51 ` Vladimir Karpinsky
2020-10-08 10:59 ` Sergey
2020-10-08 11:38 ` Vladimir Karpinsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=047c49e3-dec6-5b9b-3fc7-479584f11de0@yandex.ru \
--to=vvkarpinsky@yandex.ru \
--cc=community@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git