More Kaminsky
2008-07-24 11:09So there's another form of attack which is closer to the Matasano description but still different in significant ways.
$ md5 <~/doc/kaminsky2 d4b70e6abfa3e7d49e159d75b5fc277b
2008-07-24
ClamAV aargh
2008-07-24 13:30We're being hammered by loads of vicious email trojans, which mutate fast. I've resorted to adding manual blocks in Exim because ClamAV isn't keeping up.
Just now I was very puzzled that freshclam wasn't downloading the latest version of the virus database. It turns out that although I have told it to poll 100 times a day (about every 15 minutes), freshclam uses the DNS to check what is the latest version, and the TTL on the relevant DNS record is 30 minutes.
Just now I was very puzzled that freshclam wasn't downloading the latest version of the virus database. It turns out that although I have told it to poll 100 times a day (about every 15 minutes), freshclam uses the DNS to check what is the latest version, and the TTL on the relevant DNS record is 30 minutes.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}