Re: [clamav-users] error code 429
We are experimenting with a feature that we’ve been working with Cloudflare on, trying to isolate violators on a per host basis for the newest versions of ClamAV, instead of IP. — Sent from my iPhone > On Sep 4, 2021, at 18:52, Jim Popovitch via clamav-users > wrote: > > On Sat, 2021-09-04 at 14:41 -0400, Paul Kosinski wrote: >> >> Not rate limited (as we only check about once per hour, from each of 3 >> systems), but we're not getting updates. >> > > Seeing similar here now that the (3rd) cool-down has expired. I'm > starting to suspect this is a CloudFlare issue. Under the new ClamAV > CDN parlance, what exactly defines "a network". Are they expecting > service providers to setup clamav caches like major hosting providers do > for OS updates? > > -Jim P. > > > Sep 4 22:41:43 mx3 freshclam[1253]: Cool-down expired, ok to try again. > Sep 4 22:41:45 mx3 freshclam[1253]: downloadPatch: Can't download > daily-26284.cdiff from https://database.clamav.net/daily-26284.cdiff > Sep 4 22:41:45 mx3 freshclam[1253]: The database server doesn't have > the latest patch for the daily database (version 26284). The server will > likely have updated if you check again in a few hours. > > > > > > ___ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] error code 429
On Sat, 2021-09-04 at 14:41 -0400, Paul Kosinski wrote: > > Not rate limited (as we only check about once per hour, from each of 3 > systems), but we're not getting updates. > Seeing similar here now that the (3rd) cool-down has expired. I'm starting to suspect this is a CloudFlare issue. Under the new ClamAV CDN parlance, what exactly defines "a network". Are they expecting service providers to setup clamav caches like major hosting providers do for OS updates? -Jim P. Sep 4 22:41:43 mx3 freshclam[1253]: Cool-down expired, ok to try again. Sep 4 22:41:45 mx3 freshclam[1253]: downloadPatch: Can't download daily-26284.cdiff from https://database.clamav.net/daily-26284.cdiff Sep 4 22:41:45 mx3 freshclam[1253]: The database server doesn't have the latest patch for the daily database (version 26284). The server will likely have updated if you check again in a few hours. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] error code 429
On Sat, 4 Sep 2021 15:01:00 +0100 Paul Netpresto via clamav-users wrote: > Hi all > > Similar issue from Manchester UK. 4 mx's all failing to collect today's > update apparently first available 9:50 am today Not rate limited (as we only check about once per hour, from each of 3 systems), but we're not getting updates. In the past, I would have blamed it on Cloudflare's "BOS" mirror being uniquely slow to get updated (as was often the case), but with these other reports, it sounds like something more. Here is what we've seen today -- 8 hours with no update actually available. (Testclam-DNS retrieves the TXT record to see when an update is allegedly available; 26284 was supposed to be available at 6:05 AM.) -- Saturday 04 September 2021 at 05:05:01 -- /opt/clamav/bin/testclam-dns --> DNS D 26283/26283 M 61/61 B 333/333 -- Saturday 04 September 2021 at 06:05:01 -- /opt/clamav/bin/testclam-dns --> UPD D 26284/26283 M 61/61 B 333/333 /opt/clamav/bin/freshclam--stdout --on-update-execute=EXIT_1 ClamAV update process started at Sat Sep 4 06:05:05 2021 daily database available for update (local version: 26283, remote version: 26284) WARNING: downloadPatch: Can't download daily-26284.cdiff from https://database.clamav.net/daily-26284.cdiff The database server doesn't have the latest patch for the daily database (version 26284). The server will likely have updated if you check again in a few hours. main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr) bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) -- Saturday 04 September 2021 at 06:05:06 -- -- Saturday 04 September 2021 at 07:05:01 -- /opt/clamav/bin/testclam-dns --> UPD D 26284/26283 M 61/61 B 333/333 /opt/clamav/bin/freshclam--stdout --on-update-execute=EXIT_1 ClamAV update process started at Sat Sep 4 07:05:03 2021 daily database available for update (local version: 26283, remote version: 26284) WARNING: downloadPatch: Can't download daily-26284.cdiff from https://database.clamav.net/daily-26284.cdiff The database server doesn't have the latest patch for the daily database (version 26284). The server will likely have updated if you check again in a few hours. main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr) bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) -- Saturday 04 September 2021 at 07:05:04 -- ... [removed for brevity] -- Saturday 04 September 2021 at 14:05:01 -- /opt/clamav/bin/testclam-dns --> UPD D 26284/26283 M 61/61 B 333/333 /opt/clamav/bin/freshclam--stdout --on-update-execute=EXIT_1 ClamAV update process started at Sat Sep 4 14:05:03 2021 daily database available for update (local version: 26283, remote version: 26284) WARNING: downloadPatch: Can't download daily-26284.cdiff from https://database.clamav.net/daily-26284.cdiff The database server doesn't have the latest patch for the daily database (version 26284). The server will likely have updated if you check again in a few hours. main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr) bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) -- Saturday 04 September 2021 at 14:05:04 -- ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] error code 429
Hi all Similar issue from Manchester UK. 4 mx's all failing to collect today's update apparently first available 9:50 am today ClamAV update process started at Sat Sep 4 14:55:38 2021 daily database available for update (local version: 26283, remote version: 26284 ) WARNING: downloadPatch: Can't download daily-26284.cdiff from https://database.c lamav.net/daily-26284.cdiff The database server doesn't have the latest patch for the daily database (versio n 26284). The server will likely have updated if you check again in a few hours. main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builde r: sigmgr) bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builde r: awillia2) On 04/09/2021 14:20, Jim Popovitch via clamav-users wrote: Add me to the 429 list. I have 3 clamav installations (Debian Bullseye). All 3 are on separate networks (in separate datacenters, at separate hosting providers) ~$ for m in mx1 mx2 mx3; do echo -n "$m: "; ssh $m grep ^Check /etc/clamav/freshclam.conf; done mx1: Checks 12 mx2: Checks 12 mx3: Checks 12 All 3 MXes got this exact same set of messages, two times, over the past 4 hours. Sep 4 12:49:37 mx2 freshclam[1264]: FreshClam previously received error code 429 from the ClamAV Content Delivery Network (CDN). Sep 4 12:49:37 mx2 freshclam[1264]: This means that you have been rate limited by the CDN. Sep 4 12:49:37 mx2 freshclam[1264]: 1. Run FreshClam no more than once an hour to check for updates. Sep 4 12:49:37 mx2 freshclam[1264]: FreshClam should check DNS first to see if an update is needed. Sep 4 12:49:37 mx2 freshclam[1264]: 2. If you have more than 10 hosts on your network attempting to download, Sep 4 12:49:37 mx2 freshclam[1264]: it is recommended that you set up a private mirror on your network using Sep 4 12:49:37 mx2 freshclam[1264]: cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the Sep 4 12:49:37 mx2 freshclam[1264]: CDN and your own network. Sep 4 12:49:37 mx2 freshclam[1264]: 3. Please do not open a ticket asking for an exemption from the rate limit, Sep 4 12:49:37 mx2 freshclam[1264]: it will not be granted. Sep 4 12:49:37 mx2 freshclam[1264]: You are still on cool-down until after: 2021-09-04 14:49:37 Something is not right with the CDN. -Jim P. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] error code 429
Add me to the 429 list. I have 3 clamav installations (Debian Bullseye). All 3 are on separate networks (in separate datacenters, at separate hosting providers) ~$ for m in mx1 mx2 mx3; do echo -n "$m: "; ssh $m grep ^Check /etc/clamav/freshclam.conf; done mx1: Checks 12 mx2: Checks 12 mx3: Checks 12 All 3 MXes got this exact same set of messages, two times, over the past 4 hours. Sep 4 12:49:37 mx2 freshclam[1264]: FreshClam previously received error code 429 from the ClamAV Content Delivery Network (CDN). Sep 4 12:49:37 mx2 freshclam[1264]: This means that you have been rate limited by the CDN. Sep 4 12:49:37 mx2 freshclam[1264]: 1. Run FreshClam no more than once an hour to check for updates. Sep 4 12:49:37 mx2 freshclam[1264]: FreshClam should check DNS first to see if an update is needed. Sep 4 12:49:37 mx2 freshclam[1264]: 2. If you have more than 10 hosts on your network attempting to download, Sep 4 12:49:37 mx2 freshclam[1264]: it is recommended that you set up a private mirror on your network using Sep 4 12:49:37 mx2 freshclam[1264]: cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the Sep 4 12:49:37 mx2 freshclam[1264]: CDN and your own network. Sep 4 12:49:37 mx2 freshclam[1264]: 3. Please do not open a ticket asking for an exemption from the rate limit, Sep 4 12:49:37 mx2 freshclam[1264]: it will not be granted. Sep 4 12:49:37 mx2 freshclam[1264]: You are still on cool-down until after: 2021-09-04 14:49:37 Something is not right with the CDN. -Jim P. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml