Hi Micah, Here’s the output you requested. Let me know if you require anymore information. ___________________________
Proxy request sent, awaiting response... ---response begin--- HTTP/1.1 403 Forbidden Date: Thu, 07 Mar 2024 20:27:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: max-age=15 Expires: Thu, 07 Mar 2024 20:27:15 GMT Vary: Accept-Encoding X-Content-Type-Options: nosniff Server: cloudflare CF-RAY: 860d52e20d2136c2-YYZ Connection: keep-alive Set-Cookie: __cf_bm=8o9Hb87idaC8xpij0R4xZRG9WqRYEBHVILTongzCv74-1709843220-1.0.1.1-Q0OQ6No68PXQfGlECq97wLXsjdx8pT2z5y63XiSVNKGwes07ndBgODPddF55.Q0rustRtsVRRRuXYaA4iGs4WQ; path=/; expires=Thu, 07-Mar-24 20:57:00 GMT; domain=.clamav.net; HttpOnly; SameSite=None ---response end--- 403 Forbidden cdm: 1 ___________________________ Thanks, John On Thu, Mar 7, 2024 at 3:20 PM Micah Snyder (micasnyd) via clamav-users < [email protected]> wrote: > It feels like the proxy may not be forwarding freshclam's HTTP > User-Agent header. We use that header to block unsupported software (like > curl, wget, firefox, chrome, etc) from downloading the database files. I > don't know why that would change with just an in-place upgrade of the > system to RHEL 8, however. > > John, if you can get the HTTP "cf-ray" header value from the HTTP 403 > response to the proxy, our Cloudflare admin can look for the firewall event > logs in Cloudflare to confirm the reason for the 403 response. > > Regards, > Micah > > > Micah Snyder (they/them) > ClamAV Development > Talos > Cisco Systems, Inc. > ------------------------------ > *From:* clamav-users <[email protected]> on behalf of > Joel Esler via clamav-users <[email protected]> > *Sent:* Thursday, March 7, 2024 2:44 PM > *To:* ClamAV users ML <[email protected]> > *Cc:* Joel Esler <[email protected]> > *Subject:* Re: [clamav-users] Unable to download daily.cvd after upgrade > to RHEL 8 > > Looks like you’re trying to connect through a proxy. Not directly. > — > Sent from my iPhone > > On Mar 7, 2024, at 13:34, John Paul Guay via clamav-users < > [email protected]> wrote: > > > Hello, > > We have performed an In-Place upgrade to RHEL 8 on our system that ClamAV > resides on and afterwards we are no longer able to download the daily.cvd. > > Just a little history. The system is in a lab behind a corporate proxy and > it requires proxy rules to be able to reach database.clamav.net and > clamav.net. Prior to the upgrade there were no issues in downloading the > signatures on an hourly basis. We have verified that the rules on the proxy > are still valid and the system is able to reach the proxy but it seems like > it’s being blocked at database.clamav.net. > > I’ve included some output below: > > Thu Mar 7 11:52:47 2024 -> WARNING: Can't download daily.cvd from > https://database.clamav.net/daily.cvd > > Thu Mar 7 11:52:47 2024 -> Trying again in 5 secs... > > Thu Mar 7 11:52:52 2024 -> daily database available for update (local > version: 27075, remote version: 27207) > > Thu Mar 7 11:52:52 2024 -> ERROR: Download failed (35) Thu Mar 7 > 11:52:52 2024 -> ERROR: Message: SSL connect error > > Thu Mar 7 11:52:52 2024 -> ERROR: Can't download daily.cvd from > https://database.clamav.net/daily.cvd > > Thu Mar 7 11:52:52 2024 -> Giving up onhttps://database.clamav.net... > > Thu Mar 7 11:52:52 2024 -> ERROR: Update failed for database: daily > > Thu Mar 7 11:52:52 2024 -> ERROR: Database update process failed: > Connection failed > > Thu Mar 7 11:52:52 2024 -> ERROR: Update failed. > > Thu Mar 7 11:52:52 2024 -> -------------------------------------- > > Thu Mar 7 11:53:06 2024 -> Update process terminated > > Thu Mar 7 11:53:08 2024 -> -------------------------------------- > > Thu Mar 7 11:53:08 2024 -> ClamAV update process started at Thu Mar 7 > 11:53:08 2024 > > Thu Mar 7 11:53:08 2024 -> daily database available for update (local > version: 27075, remote version: 27207) > > Thu Mar 7 11:53:08 2024 -> WARNING: Download failed (35) Thu Mar 7 > 11:53:08 2024 -> WARNING: Message: SSL connect error > > > > [root@seti026 ~]# wget http://database.clamav.net/ > > URL transformed to HTTPS due to an HSTS policy > > --2024-03-07 13:26:55-- https://database.clamav.net/ > > Resolving proxy.xxxxx.xxx-xxx.net (proxy.xxxxx.xxx-xxx.net)... 7.xx.xx.xx > > Connecting to proxy.xxxxx.xxx-xxx.net(proxy.xxxxx.xxx-xxx.net)| > 7.xx.xx.xx |:8080... connected. > > Proxy request sent, awaiting response... 403 Forbidden > > 2024-03-07 13:26:55 ERROR 403: Forbidden. > > Let me know if you require anything else. > Thanks, > John > > _______________________________________________ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat > > _______________________________________________ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat > _______________________________________________ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat >
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
