phoning home

Michael Richardson mcr at
Sat Jun 11 23:29:37 UTC 2011

>>>>> "Paul" == Paul Vixie <vixie at> writes:
    Paul> today i noticed the following in my syslog:

    Paul> freshclam daemon 0.97 (OS: freebsd8.2, ARCH: amd64, CPU: amd64)
    Paul> ClamAV update process started at Sat Jun 11 19:38:55 2011
    Paul> WARNING: Your ClamAV installation is OUTDATED!
    Paul> WARNING: Local version: 0.97 Recommended version: 0.97.1
    Paul> DON'T PANIC! Read

Not sure how CLAMAV is finding out about newer versions.
It could be as invasive as an HTTP POST to, which would tell
the clamav people what versions are out there, and what IP addresses
they are at. 

Or it could be as simple as doing a DNS query for a TXT record that has
version info in it.  That doesn't leak what version you are running, and
after caching and a layer of recursive DNS server, doesn't tell anyone
who is running it.

So information doesn't have to be leaked, but it might be a good thing
for the world if we knew how many "old" resolvers and authoritative
servers there were out there.  But, maybe we can extrapolate from surveys
that observe the CHAOS in the world.

]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr at |device driver[
   Kyoto Plus: watch the video <>
	               then sign the petition. 

More information about the bind-workers mailing list