Hello all,




Been browsing through similar previous occurrences but found nothing
conclusive to our particular scenario.



We’ve installed ClamAV on a Centos7 server somewhere in our infrastructure,
which was supposed to *get its updates through a Squid proxy*.

We’ve set freshclam.conf to *check for updates hourly*. For the first 6
hours freshclam outputted no error and everything went fine.

After that, we seemingly *started getting our connection blocked* with:

Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from
database.clamav.net: HTTP/1.0 403

Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download
daily-25222.cdiff from database.clamav.net

Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from
database.clamav.net: HTTP/1.0 403

Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download
daily-25222.cdiff from database.clamav.net

Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from
database.clamav.net: HTTP/1.0 403

Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download
daily-25222.cdiff from database.clamav.net

Dec 21 11:08:47 dcp2tac freshclam[68187]: Incremental update failed, trying
to download daily.cvd

Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from
database.clamav.net: HTTP/1.0 403

Dec 21 11:08:47 dcp2tac freshclam[68187]: Can't download daily.cvd from
database.clamav.net

Dec 21 11:08:47 dcp2tac freshclam[68187]: Giving up on
database.clamav.net...

Dec 21 11:08:47 dcp2tac freshclam[68187]: Update failed. Your network may
be down or none of the mirrors listed in /etc/freshclam.conf is working.
Check https://www.clamav.net



Additionally, please see below sendspace link for a curl dump running curl
-x http://10.128.38.250:8080 -L --trace curl-dump
http://database.clamav.net/daily.cvd

   - https://www.sendspace.com/file/j8jqjq



Moreover, what seems to lead to the same conclusion (our connection getting
blocked) is we’ve managed getting freshclam to work through another Squid
proxy going through a completely different external IP address in our
infrastructure – which worked.



Does this happen due to repeated connections to database.clamav.net *after
having set updates hourly*?

Can this be tackled from your side in any way? Or should we go for a local
web server?



Thanks in advance,

*Claudiu ALBU*
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to