date:20210309

Re: [clamav-users] Rate-limiting question

2021-03-09 Thread Joel Esler (jesler) via clamav-users

You shouldn’t be rate limited if Freshclam is operating correctly.  Can you 
give me an IP to look up?

Sent from my  iPhone

On Mar 9, 2021, at 16:58, Jimmy Tigert via clamav-users 
 wrote:


Greetings,

We are experiencing the results of the current rate-limits due to some parties’ 
activities (error 429) – reference: 
https://www.mail-archive.com/clamav-users@lists.clamav.net/msg49810.html.

Per guidance, we have always used freshclam as part of our automated refresh 
(cronjob) on a 24-hour basis (1x per day). We’ve extended the cronjob to only 
run once every 48 hours to help mitigate any issues on your end.

Is there a preferred frequency of updating via freshclam we should follow to 
avoid over-burdening your servers and network? Is 24 hours too often?

We appreciate your assistance and the service provided.

Regards,

James R. Tigert


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Rate-limiting question

2021-03-09 Thread Jimmy Tigert via clamav-users

Greetings,

We are experiencing the results of the current rate-limits due to some parties' 
activities (error 429) - reference: 
https://www.mail-archive.com/clamav-users@lists.clamav.net/msg49810.html.

Per guidance, we have always used freshclam as part of our automated refresh 
(cronjob) on a 24-hour basis (1x per day). We've extended the cronjob to only 
run once every 48 hours to help mitigate any issues on your end.

Is there a preferred frequency of updating via freshclam we should follow to 
avoid over-burdening your servers and network? Is 24 hours too often?

We appreciate your assistance and the service provided.

Regards,

James R. Tigert


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam network unreachable

2021-03-09 Thread Paul Kosinski via clamav-users

"Out of procedural curiosity, why would someone want to disable ipv6?"

Although our FIOS connection supports IPv6, our firewall/gateway complex, which 
I custom built from scratch 16+ years ago using iptables etc., doesn't. Since 
this firewall/gateway also does lots of inter-LAN routing and blocking (not to 
mention some source-based iproute2 stuff), it would have to be rewritten 
extensively. I don't have time to do this, especially given that there is still 
(after all these years) nothing critical that is IPv6 only.

P.S. It would have been nice if the designers of IPv6 hadn't made it almost 
totally incompatible with IPv4 (unlike x64 vs x86). What if, when Ma Bell 
introduced direct distance dialing in the 1960s, they had made the new 
area-code scheme require that every customer who wanted to use area-codes get a 
new phone number with a totally different format, and replace their telephone 
handset?

On Tue, 9 Mar 2021 14:37:59 +
"Joel Esler \(jesler\) via clamav-users"  wrote:

> Out of procedural curiosity, why would someone want to disable ipv6?
> 
> > On Mar 8, 2021, at 6:40 PM, G.W. Haywood via clamav-users 
> >  wrote:
> > 
> > Hi there,
> > 
> > On Mon, 8 Mar 2021, Adam Bashore via clamav-users wrote:
> >   
> >> I'm able to telnet to port 80 at db.local.clamav.net without issue. but I
> >> get a 403 forbidden when i try to download main.clv directly with wget 
> >> (wget
> >> http://db.local.clamav.net/main.cvd)  
> > 
> > There's been a flurry of recent activity on the mailing list about the
> > abuse of ClamAV DB service, see the archives for more detail but I
> > think Joel's reply has answered this part.
> >   
> >> I'm not convinced that it's a network issue. Can anyone explain why
> >> freshclam appears to be trying IPv6 even though the host only has an IPv4
> >> address on eth1?  
> > 
> > I think it is a network issue.  Most network software doesn't know
> > what interface it's going to use, it just asks the resolver for an
> > address.  Your resolver provides an IPv6 address and freshclam tries
> > to use it.
> > 
> > To build freshclam (and everything else) from source without IPv6
> > support you could (at least theoretically, I've never tried it myself)
> > use the 'configure' option '--disable-ipv6'.  Alternatively, which I'd
> > suggest is preferable, you can fix the network's IPv6 connectivity.
> > 
> > -- 
> > 
> > 73,
> > Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Rate Limiting Downloads

2021-03-09 Thread Joel Esler (jesler) via clamav-users

Yeah, 

We are going to do a blog post once we have a plan forward with Freshclam and 
seeing how everything settles out.  I think I have things in a semi stable 
state right now.  Still watching for abuse.  It’s pretty to spot at this point.

> On Mar 5, 2021, at 6:53 PM, G.W. Haywood via clamav-users 
>  wrote:
> 
> Hi there,
> 
> On Thu, 4 Mar 2021, Joel Esler (jesler) via clamav-users wrote:
> 
>> ...
>> Downloading using other than FreshClam has now been limited.
>> ...
> 
> Should this not have gone to the 'announce' list?
> 
> -- 
> 
> 73,
> Ged.
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam network unreachable

2021-03-09 Thread Joel Esler (jesler) via clamav-users

Thanks team, was just wondering.


On Mar 9, 2021, at 11:52 AM, Gene Heskett via clamav-users 
mailto:clamav-users@lists.clamav.net>> wrote:

On Tuesday 09 March 2021 09:37:59 Joel Esler (jesler) via clamav-users
wrote:

Out of procedural curiosity, why would someone want to disable ipv6?

zero support for it within 130 miles of me,  Well, maybe in Charleston
WV, but that is still 100 miles. ipv6 traffic is blocked at my cable
supplied modem sitting on a shelf at the other end of this smallish
room. So I obviously disable it to make ipv4 the default hookups here.

On Mar 8, 2021, at 6:40 PM, G.W. Haywood via clamav-users
mailto:clamav-users@lists.clamav.net>> wrote:

Hi there,

On Mon, 8 Mar 2021, Adam Bashore via clamav-users wrote:
I'm able to telnet to port 80 at 
db.local.clamav.net without issue.
but I get a 403 forbidden when i try to download main.clv directly
with wget (wget http://db.local.clamav.net/main.cvd)

There's been a flurry of recent activity on the mailing list about
the abuse of ClamAV DB service, see the archives for more detail but
I think Joel's reply has answered this part.

I'm not convinced that it's a network issue. Can anyone explain why
freshclam appears to be trying IPv6 even though the host only has
an IPv4 address on eth1?

I think it is a network issue.  Most network software doesn't know
what interface it's going to use, it just asks the resolver for an
address.  Your resolver provides an IPv6 address and freshclam tries
to use it.

To build freshclam (and everything else) from source without IPv6
support you could (at least theoretically, I've never tried it
myself) use the 'configure' option '--disable-ipv6'.  Alternatively,
which I'd suggest is preferable, you can fix the network's IPv6
connectivity.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam network unreachable

2021-03-09 Thread Gene Heskett via clamav-users

On Tuesday 09 March 2021 09:37:59 Joel Esler (jesler) via clamav-users 
wrote:

> Out of procedural curiosity, why would someone want to disable ipv6?

zero support for it within 130 miles of me,  Well, maybe in Charleston 
WV, but that is still 100 miles. ipv6 traffic is blocked at my cable 
supplied modem sitting on a shelf at the other end of this smallish 
room. So I obviously disable it to make ipv4 the default hookups here.

> > On Mar 8, 2021, at 6:40 PM, G.W. Haywood via clamav-users
> >  wrote:
> >
> > Hi there,
> >
> > On Mon, 8 Mar 2021, Adam Bashore via clamav-users wrote:
> >> I'm able to telnet to port 80 at db.local.clamav.net without issue.
> >> but I get a 403 forbidden when i try to download main.clv directly
> >> with wget (wget http://db.local.clamav.net/main.cvd)
> >
> > There's been a flurry of recent activity on the mailing list about
> > the abuse of ClamAV DB service, see the archives for more detail but
> > I think Joel's reply has answered this part.
> >
> >> I'm not convinced that it's a network issue. Can anyone explain why
> >> freshclam appears to be trying IPv6 even though the host only has
> >> an IPv4 address on eth1?
> >
> > I think it is a network issue.  Most network software doesn't know
> > what interface it's going to use, it just asks the resolver for an
> > address.  Your resolver provides an IPv6 address and freshclam tries
> > to use it.
> >
> > To build freshclam (and everything else) from source without IPv6
> > support you could (at least theoretically, I've never tried it
> > myself) use the 'configure' option '--disable-ipv6'.  Alternatively,
> > which I'd suggest is preferable, you can fix the network's IPv6
> > connectivity.
> >
> > --
> >
> > 73,
> > Ged.
> >
> > ___
> >
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam network unreachable

2021-03-09 Thread G.W. Haywood via clamav-users


Hi there,

On Tue, 9 Mar 2021, Joel Esler (jesler) via clamav-users wrote:


Out of procedural curiosity, why would someone want to disable ipv6?


Well, I think they don't want to, but they might think they do.  The
firewalling for example can be a whole can of worms, and there might
not even be an IPv6 route to the outside world.  I don't know how many
providers still don't offer native IPv6 on their broadband packages,
but I'm fairly sure many (including ours) don't.  We use he.net for
our IPv6 presence - it just needed some address/protocol juggling in
one of the firewalls.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam network unreachable

2021-03-09 Thread Joel Esler (jesler) via clamav-users

Out of procedural curiosity, why would someone want to disable ipv6?

> On Mar 8, 2021, at 6:40 PM, G.W. Haywood via clamav-users 
>  wrote:
> 
> Hi there,
> 
> On Mon, 8 Mar 2021, Adam Bashore via clamav-users wrote:
> 
>> I'm able to telnet to port 80 at db.local.clamav.net without issue. but I
>> get a 403 forbidden when i try to download main.clv directly with wget (wget
>> http://db.local.clamav.net/main.cvd)
> 
> There's been a flurry of recent activity on the mailing list about the
> abuse of ClamAV DB service, see the archives for more detail but I
> think Joel's reply has answered this part.
> 
>> I'm not convinced that it's a network issue. Can anyone explain why
>> freshclam appears to be trying IPv6 even though the host only has an IPv4
>> address on eth1?
> 
> I think it is a network issue.  Most network software doesn't know
> what interface it's going to use, it just asks the resolver for an
> address.  Your resolver provides an IPv6 address and freshclam tries
> to use it.
> 
> To build freshclam (and everything else) from source without IPv6
> support you could (at least theoretically, I've never tried it myself)
> use the 'configure' option '--disable-ipv6'.  Alternatively, which I'd
> suggest is preferable, you can fix the network's IPv6 connectivity.
> 
> -- 
> 
> 73,
> Ged.
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Blocked by Cloudflare

2021-03-09 Thread Joel Esler (jesler) via clamav-users

Hello ClamAV,

Thank you for your email.  As a result of events documented in places here:
https://lists.clamav.net/pipermail/clamav-users/2021-March/010577.html
and
https://lists.clamav.net/pipermail/clamav-users/2021-March/010543.html

We’ve been forced to take emergency measures to protect the ClamAV environment.

Please Immediately switch to using Freshclam or 
https://github.com/micahsnyder/cvdupdate to update your AV definitions.

Sorry for the inconvenience, but we are currently in emergency mode and have to 
make several drastic changes over the last several days.

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org


On Mar 9, 2021, at 8:23 AM, Bart Bania 
mailto:bart.ba...@jdplc.com>> wrote:

Hi,

The company I work for uses ClamAV as antivirus solution across our server 
suite. We grab the virus database updates from our central update server daily.

As it happened, our IPs (we're using proxy servers to connect to freshclam 
database mirrors) are getting blocked by Cloudflare, preventing us from 
updating the databases locally.

Today I found out that all our proxy IPs are unable to connect, which left us 
in the dark and without an ability to update the local database repositories.

Could I be advised on how to request a permanent whitelist for our proxy IPs, 
so we can continue using ClamAV as our antivirus solution and be able to fetch 
the database updates without interruption?

Regards,

Bart Bania
IT Linux System Administrator - Linux - IT department
JD Sports Fashion plc

This email is from JD Sports Fashion plc or one of its subsidiaries ("JD Sports 
Fashion Group"). The contents of this email and any attachments are 
confidential and are intended solely for the use of the intended recipient. The 
information in this email may not be used, copied or disclosed by any person 
other than the intended recipient. If you are not the intended recipient, 
please contact JD Sports Fashion plc at i...@jdplc.com, 
quoting the name of the sender and delete the message from your system. E-mails 
sent to and from the JD Sports Fashion Group may be monitored and read for 
legitimate business purposes. Emails cannot be guaranteed to be secure or 
error-free, and you should protect your systems. The JD Sports Fashion Group 
does not accept any liability arising from interception, corruption, loss or 
destruction of this e-mail, or if it arrives late or incomplete or with 
viruses. JD Sports Fashion plc - Registered in England No. 1888425. Registered 
Office: Hollinsbrook Way, Pilsworth, Bury, Lancashire, BL9 8RR.
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Rép. : Re: ASP : Forbidden 403 on download virus database

2021-03-09 Thread Joel Esler (jesler) via clamav-users

Hello Vincent,

Thank you for your email.  As a result of events documented in places here:
https://lists.clamav.net/pipermail/clamav-users/2021-March/010577.html
and
https://lists.clamav.net/pipermail/clamav-users/2021-March/010543.html

We’ve been forced to take emergency measures to protect the ClamAV environment.

Please Immediately switch to using Freshclam or 
https://github.com/micahsnyder/cvdupdate to update your AV definitions.

Sorry for the inconvenience, but we are currently in emergency mode and have to 
make several drastic changes over the last several days.

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org

On Mar 9, 2021, at 4:03 AM, Vincent ROL 
mailto:vincent@asp-public.fr>> wrote:

Joel,

We now have a 503 error on our attempts at 9:55 am (GMT +1).
I confirm that we present ourselves well with the IP 217.109.233.245.
Do you see our attempts ?

Best regards.

2 rue du Maupas
87040 Limoges cedex 1
tel : 05 55 12 00 00
www.asp-public.fr

Soyons eco-responsables,
n imprimons nos courriels que si necessaire.

>>> "Joel Esler (jesler)" mailto:jes...@cisco.com>> 
>>> 08/03/2021 16:37 >>>
Vincent,

I don’t show that IP in our logs.

However, check out: 
https://lists.clamav.net/pipermail/clamav-users/2021-March/010577.html

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com
 | 
https://www.snort.org

On Mar 8, 2021, at 5:12 AM, Vincent ROL 
mailto:vincent@asp-public.fr>> wrote:

Hello,

We are a French public administration, the Service and Payment Agency (ASP).
We download the main.cvd, daily.cvd and bytecode.cvd files every day at 7:45 am.
As of 03/06/2021, we are getting the 403 Forbidden error.
We go through a proxy, and we present ourselves with the IP 217.109.233.245, 
can you unblock us please?

Best Regards.

2 rue du Maupas
87040 Limoges cedex 1
tel : 05 55 12 00 00
www.asp-public.fr

Soyons eco-responsables,
n imprimons nos courriels que si necessaire.

---
Ce message peut contenir des INFORMATIONS CONFIDENTIELLES destinees a l'usage 
exclusif du destinataire. Si vous le recevez par erreur, merci de bien vouloir 
nous en avertir immediatement par telephone ou messagerie, de le detruire et de 
n'en divulguer le contenu a personne.

This message may contain CONFIDENTIAL INFORMATION intended only for use by the 
addressee. If you have received it by mistake, thank you for notifying us 
immediately by telephone or by e-mail, and please, delete it and do not deliver 
it to anyone else .
---

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

* MESSAGE IMPORTANT ***
*** La pièce jointe à ce courriel a été analysée ***
*** par un antivirus qui n'a rien détecté d'anormal. ***
*** Ceci étant, n'ouvrez pas de pièces jointes quand ***
*** vous ne connaissez pas l'expéditeur du courriel. ***
---
Ce message peut contenir des INFORMATIONS CONFIDENTIELLES destinees a l'usage 
exclusif du destinataire. Si vous le recevez par erreur, merci de bien vouloir 
nous en avertir immediatement par telephone ou messagerie, de le detruire et de 
n'en divulguer le contenu a personne.

This message may contain CONFIDENTIAL INFORMATION intended only for use by the 
addressee. If you have received it by mistake, thank you for notifying us 
immediately by telephone or by e-mail, and please, delete it and do not deliver 
it to anyone else .

[clamav-users] Blocked by Cloudflare

2021-03-09 Thread Bart Bania

Hi,

The company I work for uses ClamAV as antivirus solution across our server 
suite. We grab the virus database updates from our central update server daily.

As it happened, our IPs (we're using proxy servers to connect to freshclam 
database mirrors) are getting blocked by Cloudflare, preventing us from 
updating the databases locally.

Today I found out that all our proxy IPs are unable to connect, which left us 
in the dark and without an ability to update the local database repositories.

Could I be advised on how to request a permanent whitelist for our proxy IPs, 
so we can continue using ClamAV as our antivirus solution and be able to fetch 
the database updates without interruption?

Regards,

Bart Bania
IT Linux System Administrator - Linux - IT department
JD Sports Fashion plc

This email is from JD Sports Fashion plc or one of its subsidiaries ("JD Sports 
Fashion Group"). The contents of this email and any attachments are 
confidential and are intended solely for the use of the intended recipient. The 
information in this email may not be used, copied or disclosed by any person 
other than the intended recipient. If you are not the intended recipient, 
please contact JD Sports Fashion plc at i...@jdplc.com, quoting the name of the 
sender and delete the message from your system. E-mails sent to and from the JD 
Sports Fashion Group may be monitored and read for legitimate business 
purposes. Emails cannot be guaranteed to be secure or error-free, and you 
should protect your systems. The JD Sports Fashion Group does not accept any 
liability arising from interception, corruption, loss or destruction of this 
e-mail, or if it arrives late or incomplete or with viruses. JD Sports Fashion 
plc - Registered in England No. 1888425. Registered Office: Hollinsbrook Way, 
Pilsworth, Bury, Lancashire, BL9 8RR.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Rép. : Re: ASP : Forbidden 403 on download virus database

2021-03-09 Thread Vincent ROL

Joel,

We now have a 503 error on our attempts at 9:55 am (GMT +1).
I confirm that we present ourselves well with the IP 217.109.233.245.
Do you see our attempts ?

Best regards.

2 rue du Maupas
87040 Limoges cedex 1
tel : 05 55 12 00 00
www.asp-public.fr

Soyons eco-responsables,
n imprimons nos courriels que si necessaire.

>>> "Joel Esler (jesler)"  08/03/2021 16:37 >>>
Vincent,


I don’t show that IP in our logs.

However, check out:
https://lists.clamav.net/pipermail/clamav-users/2021-March/010577.html
(
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.clamav.net_pipermail_clamav-2Dusers_2021-2DMarch_010577.html=DwMGaQ=0kBPlhzP2Wk-mo3x7LnvXMg7O3oO8ENsbbGO1EExS8k=DUeGA6RLxWnPneyQ9cCt8DcrR3i8CGywI3xy_PaM9eY=PLPz-Ouf6_RerzE8b8nn3WeDsvx-rPMAz8kmBzfMBIk=UiOw0PN7fFl3p9u3jgYVu0g7WheeHsMba3pCOQ7zb40=)


-- 
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com
(
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.talosintelligence.com=DwMGaQ=0kBPlhzP2Wk-mo3x7LnvXMg7O3oO8ENsbbGO1EExS8k=DUeGA6RLxWnPneyQ9cCt8DcrR3i8CGywI3xy_PaM9eY=PLPz-Ouf6_RerzE8b8nn3WeDsvx-rPMAz8kmBzfMBIk=VEAvTbS-fIcsVZg0-VRocr_NRFFe7Fs7Fs2E2pU3QXI=)
 |https://www.snort.org
(
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.snort.org=DwMGaQ=0kBPlhzP2Wk-mo3x7LnvXMg7O3oO8ENsbbGO1EExS8k=DUeGA6RLxWnPneyQ9cCt8DcrR3i8CGywI3xy_PaM9eY=PLPz-Ouf6_RerzE8b8nn3WeDsvx-rPMAz8kmBzfMBIk=PrJZa7Z_GnuKHxBlpD7EHKJMm2UbEarXv1hsnziRLyI=)




On Mar 8, 2021, at 5:12 AM, Vincent ROL 
wrote:

Hello,

We are a French public administration, the Service and Payment Agency
(ASP).
We download the main.cvd, daily.cvd and bytecode.cvd files every day at
7:45 am.
As of 03/06/2021, we are getting the 403 Forbidden error.
We go through a proxy, and we present ourselves with the IP
217.109.233.245, can you unblock us please?

Best Regards.



2 rue du Maupas
87040 Limoges cedex 1
tel : 05 55 12 00 00
www.asp-public.fr

Soyons eco-responsables,
n imprimons nos courriels que si necessaire. 

---
Ce message peut contenir des INFORMATIONS CONFIDENTIELLES destinees a
l'usage exclusif du destinataire. Si vous le recevez par erreur, merci
de bien vouloir nous en avertir immediatement par telephone ou
messagerie, de le detruire et de n'en divulguer le contenu a personne.

This message may contain CONFIDENTIAL INFORMATION intended only for use
by the addressee. If you have received it by mistake, thank you for
notifying us immediately by telephone or by e-mail, and please, delete
it and do not deliver it to anyone else .
---

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

* MESSAGE IMPORTANT ***
*** La pièce jointe à ce courriel a été analysée ***
*** par un antivirus qui n'a rien détecté d'anormal. ***
*** Ceci étant, n'ouvrez pas de pièces jointes quand ***
*** vous ne connaissez pas l'expéditeur du courriel. ***

---
Ce message peut contenir des INFORMATIONS CONFIDENTIELLES destinees a l'usage 
exclusif du destinataire. Si vous le recevez par erreur, merci de bien vouloir 
nous en avertir immediatement par telephone ou messagerie, de le detruire et de 
n'en divulguer le contenu a personne.

This message may contain CONFIDENTIAL INFORMATION intended only for use by the 
addressee. If you have received it by mistake, thank you for notifying us 
immediately by telephone or by e-mail, and please, delete it and do not deliver 
it to anyone else .
---

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Rate-limiting question

[clamav-users] Rate-limiting question

Re: [clamav-users] Freshclam network unreachable

Re: [clamav-users] Rate Limiting Downloads

Re: [clamav-users] Freshclam network unreachable

Re: [clamav-users] Freshclam network unreachable

Re: [clamav-users] Freshclam network unreachable

Re: [clamav-users] Freshclam network unreachable

Re: [clamav-users] Blocked by Cloudflare

Re: [clamav-users] Rép. : Re: ASP : Forbidden 403 on download virus database

[clamav-users] Blocked by Cloudflare

[clamav-users] Rép. : Re: ASP : Forbidden 403 on download virus database

12 matches

Site Navigation

Mail list logo

Footer information