Re: [clamav-users] False positive submission page down (for a few days now)?
* Luca Gibelli l...@clamav.net: Most likely your proxy is issuing a HTTP/1.0 request upstream? Could you PLEASE check the server's logs? We're definitely sending HTTP/1.1 requests with all the headers, see below: output from tcpdump: GET /sendfp.cgi HTTP/1.1 Host: cgi.clamav.net Pragma: no-cache User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.19 (KHTML, like Gecko) Ubuntu/12.04 Chromium/18.0.1025.168 Chrome/18.0.1025.168 Safari/535.19 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: de,en;q=0.8,en-US;q=0.6 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utma=165234925.7124351.1326790435.1336028009.1336053668.11; __utmz=165234925.1326790435.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) Via: 1.1 proxy-cbf-1 (squid/3.1.19-20120418-r10444) X-Forwarded-For: unknown Cache-Control: max-age=0 Connection: keep-alive answer: HTTP/1.1 503 Service Unavailable Server: Varnish Content-Type: text/html; charset=utf-8 Retry-After: 5 Content-Length: 284 Accept-Ranges: bytes Date: Fri, 04 May 2012 10:29:21 GMT X-Varnish: 221993613 Age: 0 Via: 1.1 varnish Connection: close -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False positive submission page down (for a few days now)?
* Luca Gibelli l...@clamav.net: Hello Ralf, $ telnet proxy.charite.de 8080 Trying 141.42.1.205... Connected to proxy.charite.de. Escape character is '^]'. GET http://cgi.clamav.net/sendfp.cgi HTTP/1.0 we use name based virtual hosting, you must switch to HTTP/1.1 and send a Host: header as well See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html and http://www8.org/w8-papers/5c-protocols/key/key.html Most likely your proxy is issuing a HTTP/1.0 request upstream? It's still not working and unfortunately your admin is not willing to check the logs to see whats being logged for my source IP. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False positive submission page down (for a few days now)?
On 04/19/2012 02:59 PM, Ralf Hildebrandt wrote: Is there an alternative way of submitting FP's? Are you using this page? http://www.clamav.net/lang/en/sendvirus/submit-fp/ Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False positive submission page down (for a few days now)?
* Török Edwin ed...@clamav.net: On 04/19/2012 02:59 PM, Ralf Hildebrandt wrote: Is there an alternative way of submitting FP's? Are you using this page? http://www.clamav.net/lang/en/sendvirus/submit-fp/ Yep. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False positive submission page down (for a few days now)?
W dniu 04/19/12 14:24, Ralf Hildebrandt pisze: * Török Edwin ed...@clamav.net: On 04/19/2012 02:59 PM, Ralf Hildebrandt wrote: Is there an alternative way of submitting FP's? Are you using this page? http://www.clamav.net/lang/en/sendvirus/submit-fp/ Yep. I just tested and it worked fine for me. What's exactly the problem on your side? -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Apr 19 14:57:05 CEST 2012 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False positive submission page down (for a few days now)?
Just tried it, works for me. -Alain On Apr 19, 2012, at 9:11 AM, Ralf Hildebrandt ralf.hildebra...@charite.de wrote: I just tested and it worked fine for me. What's exactly the problem on your side? I keep getting: Under maintenance. Try again later. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False positive submission page down (for a few days now)?
On 04/19/2012 04:10 PM, Ralf Hildebrandt wrote: I just tested and it worked fine for me. What's exactly the problem on your side? I keep getting: Under maintenance. Try again later. How big is the file that you're trying to upload? --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False positive submission page down (for a few days now)?
On Apr 19, 2012, at 8:24 AM, Ralf Hildebrandt wrote: * Török Edwin ed...@clamav.net: On 04/19/2012 02:59 PM, Ralf Hildebrandt wrote: Is there an alternative way of submitting FP's? Are you using this page? http://www.clamav.net/lang/en/sendvirus/submit-fp/ Yep. Works here in Safari and Chrome and Firefox. Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False positive submission page down (for a few days now)?
* Török Edwin ed...@clamav.net: On 04/19/2012 04:10 PM, Ralf Hildebrandt wrote: I just tested and it worked fine for me. What's exactly the problem on your side? I keep getting: Under maintenance. Try again later. How big is the file that you're trying to upload? I'm not getting a form, all I get is Under maintenance. Try again later. - must be a cachin issue somewhere -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False positive submission page down (for a few days now)?
How big is the file that you're trying to upload? I'm not getting a form, all I get is Under maintenance. Try again later. - must be a cachin issue somewhere Varnish (reverse proxy) is giving my this: $ telnet proxy.charite.de 8080 Trying 141.42.1.205... Connected to proxy.charite.de. Escape character is '^]'. GET http://cgi.clamav.net/sendfp.cgi HTTP/1.0 HTTP/1.0 503 Service Unavailable Server: Varnish Content-Type: text/html; charset=utf-8 Retry-After: 5 Content-Length: 284 Accept-Ranges: bytes Date: Thu, 19 Apr 2012 13:20:02 GMT X-Varnish: 216808379 Age: 0 X-Cache: MISS from proxy-cvk-1 Via: 1.1 varnish, 1.0 proxy-cvk-1 (squid/3.1.19-20120412-r10444) Connection: close ?xml version=1.0 encoding=utf-8 ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Strict//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd; html head titleMaintenance/title /head body h1Under maintenance. Try again later./h1 /body /html Connection closed by foreign host. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False positive submission page down (for a few days now)?
GET http://cgi.clamav.net/sendfp.cgi HTTP/1.0 HTTP/1.0 503 Service Unavailable Server: Varnish Content-Type: text/html; charset=utf-8 Retry-After: 5 Content-Length: 284 Accept-Ranges: bytes Date: Thu, 19 Apr 2012 13:20:02 GMT X-Varnish: 216808379 Age: 0 X-Cache: MISS from proxy-cvk-1 Via: 1.1 varnish, 1.0 proxy-cvk-1 (squid/3.1.19-20120412-r10444) Connection: close This happens if I access the site via a proxy. From the proxy machine itself, I'm getting this: GET http://cgi.clamav.net/sendfp.cgi HTTP/1.0 HTTP/1.1 200 OK Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g Vary: Accept-Encoding Content-Type: text/html; charset=ISO-8859-1 X-Cacheable: VarnishResNoCacheHost Content-Length: 2495 Accept-Ranges: bytes Date: Thu, 19 Apr 2012 13:23:34 GMT X-Varnish: 216809483 Age: 0 Via: 1.1 varnish Connection: close ... remained of page sent correctly ... The FP submission page used to work for us uptill now. Hm. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False positive submission page down (for a few days now)?
On 04/19/2012 04:21 PM, Ralf Hildebrandt wrote: How big is the file that you're trying to upload? I'm not getting a form, all I get is Under maintenance. Try again later. - must be a cachin issue somewhere Varnish (reverse proxy) is giving my this: $ telnet proxy.charite.de 8080 Trying 141.42.1.205... Connected to proxy.charite.de. Escape character is '^]'. GET http://cgi.clamav.net/sendfp.cgi HTTP/1.0 HTTP/1.0 503 Service Unavailable Can you try flushing your varnish cache, and trying again? Maybe for some reason it cached an older 503 page. I get this when connecting directly to cgi.clamav.net: GET http://cgi.clamav.net/sendfp.cgi HTTP/1.0 HTTP/1.1 200 OK Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g Vary: Accept-Encoding Content-Type: text/html; charset=ISO-8859-1 X-Cacheable: VarnishResNoCacheHost Content-Length: 2495 Accept-Ranges: bytes Date: Thu, 19 Apr 2012 13:25:30 GMT X-Varnish: 216809903 Age: 0 Via: 1.1 varnish Connection: close Server: Varnish Content-Type: text/html; charset=utf-8 Retry-After: 5 Content-Length: 284 Accept-Ranges: bytes Date: Thu, 19 Apr 2012 13:20:02 GMT X-Varnish: 216808379 Age: 0 X-Cache: MISS from proxy-cvk-1 Via: 1.1 varnish, 1.0 proxy-cvk-1 (squid/3.1.19-20120412-r10444) Connection: close ?xml version=1.0 encoding=utf-8 ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Strict//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd; html head titleMaintenance/title /head body h1Under maintenance. Try again later./h1 /body /html Connection closed by foreign host. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False positive submission page down (for a few days now)?
* Török Edwin ed...@clamav.net: Can you try flushing your varnish cache, and trying again? It's your varnish cache :) (we don't have any here) I already restarted my squid servers, no change. It's very odd. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False positive submission page down (for a few days now)?
* Ralf Hildebrandt ralf.hildebra...@charite.de: * Török Edwin ed...@clamav.net: Can you try flushing your varnish cache, and trying again? It's your varnish cache :) (we don't have any here) I already restarted my squid servers, no change. It's very odd. Now I emptied my cache partitions as well: Still the same. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False positive submission page down (for a few days now)?
Does it work if you append a random GET parameter to the URL (like ?unused=test). Nope, still the same. Maybe somebody configured varnish to give my IP address range (193.175.73.20x) a 503: Service Unavailable? $ wget -nd -S http://cgi.clamav.net/sendfp.cgi?unused=test; --2012-04-19 15:50:26-- http://cgi.clamav.net/sendfp.cgi?unused=test Resolving proxy.charite.de (proxy.charite.de)... 141.42.1.205 Connecting to proxy.charite.de (proxy.charite.de)|141.42.1.205|:8080... connected. Proxy request sent, awaiting response... HTTP/1.0 503 Service Unavailable Server: Varnish Content-Type: text/html; charset=utf-8 Retry-After: 5 Content-Length: 284 Accept-Ranges: bytes Date: Thu, 19 Apr 2012 13:50:26 GMT X-Varnish: 216817722 Age: 0 Via: 1.1 varnish X-Cache: MISS from proxy-cvk-1 Connection: keep-alive 2012-04-19 15:50:27 ERROR 503: Service Unavailable. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml