Hello all,

Been browsing through similar previous occurrences but found nothing conclusive 
to our particular scenario.

We've installed ClamAV on a Centos7 server somewhere in our infrastructure, 
which was supposed to get its updates through a Squid proxy.
We've set freshclam.conf to check for updates hourly. For the first 6 hours 
freshclam outputted no error and everything went fine.
After that, we seemingly started getting our connection blocked with:
Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from 
database.clamav.net: HTTP/1.0 403
Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download 
daily-25222.cdiff from database.clamav.net
Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from 
database.clamav.net: HTTP/1.0 403
Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download 
daily-25222.cdiff from database.clamav.net
Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from 
database.clamav.net: HTTP/1.0 403
Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download 
daily-25222.cdiff from database.clamav.net
Dec 21 11:08:47 dcp2tac freshclam[68187]: Incremental update failed, trying to 
download daily.cvd
Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from 
database.clamav.net: HTTP/1.0 403
Dec 21 11:08:47 dcp2tac freshclam[68187]: Can't download daily.cvd from 
database.clamav.net
Dec 21 11:08:47 dcp2tac freshclam[68187]: Giving up on database.clamav.net...
Dec 21 11:08:47 dcp2tac freshclam[68187]: Update failed. Your network may be 
down or none of the mirrors listed in /etc/freshclam.conf is working. Check 
https://www.clamav.net

Additionally, please see below sendspace link for a curl dump running curl -x 
http://10.128.38.250:8080 -L --trace curl-dump 
http://database.clamav.net/daily.cvd

  *   https://www.sendspace.com/file/j8jqjq

Moreover, what seems to lead to the same conclusion (our connection getting 
blocked) is we've managed getting freshclam to work through another Squid proxy 
going through a completely different external IP address in our infrastructure 
- which worked.

Does this happen due to repeated connections to database.clamav.net after 
having set updates hourly?
Can this be tackled from your side in any way? Or should we go for a local web 
server?

Thanks in advance,
Claudiu ALBU

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to