Hello all,
Been browsing through similar previous occurrences but found nothing conclusive to our particular scenario. We’ve installed ClamAV on a Centos7 server somewhere in our infrastructure, which was supposed to *get its updates through a Squid proxy*. We’ve set freshclam.conf to *check for updates hourly*. For the first 6 hours freshclam outputted no error and everything went fine. After that, we seemingly *started getting our connection blocked* with: Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from database.clamav.net: HTTP/1.0 403 Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download daily-25222.cdiff from database.clamav.net Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from database.clamav.net: HTTP/1.0 403 Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download daily-25222.cdiff from database.clamav.net Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from database.clamav.net: HTTP/1.0 403 Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download daily-25222.cdiff from database.clamav.net Dec 21 11:08:47 dcp2tac freshclam[68187]: Incremental update failed, trying to download daily.cvd Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from database.clamav.net: HTTP/1.0 403 Dec 21 11:08:47 dcp2tac freshclam[68187]: Can't download daily.cvd from database.clamav.net Dec 21 11:08:47 dcp2tac freshclam[68187]: Giving up on database.clamav.net... Dec 21 11:08:47 dcp2tac freshclam[68187]: Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check https://www.clamav.net Additionally, please see below sendspace link for a curl dump running curl -x http://10.128.38.250:8080 -L --trace curl-dump http://database.clamav.net/daily.cvd - https://www.sendspace.com/file/j8jqjq Moreover, what seems to lead to the same conclusion (our connection getting blocked) is we’ve managed getting freshclam to work through another Squid proxy going through a completely different external IP address in our infrastructure – which worked. Does this happen due to repeated connections to database.clamav.net *after having set updates hourly*? Can this be tackled from your side in any way? Or should we go for a local web server? Thanks in advance, *Claudiu ALBU*
_______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
