Thanks all for replies. I manage to find root cause of the issue. My infrastructure is hosted on EC2 with EC2 instance having public IP assigned. I’m using dockerized version of clamav. Due to OOM, container got into kind of CrashLoopBackOff situation. It was crashing during signature update and starting again. This caused frequent requests for signatures to mirror which at some point caused IP blacklisting.
In my situation upgrade of ec2 to bigger will cause allocation of new IP addressed. Solving issue. This would have been avoided with proper clamav monitoring. Regards Kamil > On 23 Apr 2020, at 17:28, Joel Esler (jesler) via clamav-users > <clamav-users@lists.clamav.net> wrote: > > Team — > > I control Cloudflare. Who is blocked and who is not is literally up to me. > If you are being blocked, feel free to write me 1:1, share your IP with me, > and I’ll tell you why you’re blocked. A ticket can also be filed on > bugzilla.clamav.net <http://bugzilla.clamav.net/> under “mirrors” > > > >> On Apr 23, 2020, at 10:46 AM, web...@manfbraun.de >> <mailto:web...@manfbraun.de> wrote: >> >> Hello! >> >> I reported that exakt problem years ago. >> >> There is NO direct solution. >> >> It's that, that cloudflaire is not interested >> in requests of users - it' "a engine". >> They are even blocking the tor network and >> redirect to google, to solve a pscholical >> fingerprint to identify you, it's just nothing >> else then IT-Oligarchism. >> >> I was never able to contact them but came >> to the lucky situation to have another box, >> a VPS. So I installed a proxy there and configured >> clam to use it. Problem fixed. >> >> Has, at least, nothing to do with the amount >> of request, which are 24/day for my case. >> >> Best regards, >> Manfred >> >> >>> -----Original Message----- >>> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net >>> <mailto:clamav-users-boun...@lists.clamav.net>] On >>> Behalf Of Matus UHLAR - fantomas >>> Sent: Thursday, April 23, 2020 4:09 PM >>> To: clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> >>> Subject: Re: [clamav-users] IP Blacklisted by Mirror >>> >>> On 23.04.20 15:24, Kamil Wójcik via clamav-users wrote: >>>> I have clamav configured with freshclam for signature updates. >>>> I found that freshclam is failing to update signatures with error "Wed >>> Apr 22 10:12:34 2020 -> ^getpatch: Can't download daily-25717.cdiff from >>> db.local.clamav.net <http://db.local.clamav.net/> >>> <http://db.local.clamav.net/ <http://db.local.clamav.net/>>” >>>> >>>> I checked with curl and I’m getting HTTP 403 with response "error code: >>> 1006”. I believe this is cloudflare error indicating that ip was >>> blacklisted. Is there any other public mirror that I could use instead ? >>>> What should I do to get ip removed from blacklist ? >>> >>> how often do you mirror? 50 times a day. >>> Aren't you by any chance behind NAT, maybe with more machines? >>> -- >>> Matus UHLAR - fantomas, uh...@fantomas.sk <mailto:uh...@fantomas.sk> ; >>> http://www.fantomas.sk/ <http://www.fantomas.sk/> >>> Warning: I wish NOT to receive e-mail advertising to this address. >>> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. >>> Windows 2000: 640 MB ought to be enough for anybody >>> >>> _______________________________________________ >>> >>> clamav-users mailing list >>> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> >>> https://lists.clamav.net/mailman/listinfo/clamav-users >>> >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml >> >> >> _______________________________________________ >> >> clamav-users mailing list >> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> >> https://lists.clamav.net/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
