subject:"Re\: \[clamav\-users\] IP Blacklisted by Mirror"

Re: [clamav-users] IP Blacklisted by Mirror

2020-04-24 Thread Kamil Wójcik via clamav-users

Thanks all for replies. I manage to find root cause of the issue. 

My infrastructure is hosted on EC2 with EC2 instance having public IP assigned. 
I’m using dockerized version of clamav. Due to OOM, container got into kind of 
CrashLoopBackOff situation. It was crashing during signature update and 
starting again. This caused frequent requests for signatures to mirror which at 
some point caused IP blacklisting. 

 In my situation upgrade of ec2 to bigger will cause allocation of new IP 
addressed. Solving issue.

This would have been avoided with proper clamav monitoring. 

Regards Kamil

> On 23 Apr 2020, at 17:28, Joel Esler (jesler) via clamav-users 
>  wrote:
> 
> Team —
> 
> I control Cloudflare.  Who is blocked and who is not is literally up to me.  
> If you are being blocked, feel free to write me 1:1, share your IP with me, 
> and I’ll tell you why you’re blocked.  A ticket can also be filed on 
> bugzilla.clamav.net <http://bugzilla.clamav.net/> under “mirrors”
> 
> 
> 
>> On Apr 23, 2020, at 10:46 AM, web...@manfbraun.de 
>> <mailto:web...@manfbraun.de> wrote:
>> 
>> Hello!
>> 
>> I reported that exakt problem years ago.
>> 
>> There is NO direct solution.
>> 
>> It's that, that cloudflaire is not interested
>> in requests of users - it' "a engine".
>> They are even blocking the tor network and
>> redirect to google, to solve a pscholical
>> fingerprint to identify you, it's just nothing
>> else then IT-Oligarchism.
>> 
>> I was never able to contact them but came
>> to the lucky situation to have another box,
>> a VPS. So I installed a proxy there and configured
>> clam to use it. Problem fixed.
>> 
>> Has, at least, nothing to do with the amount
>> of request, which are 24/day for my case.
>> 
>> Best regards,
>> Manfred
>> 
>> 
>>> -Original Message-
>>> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net 
>>> <mailto:clamav-users-boun...@lists.clamav.net>] On
>>> Behalf Of Matus UHLAR - fantomas
>>> Sent: Thursday, April 23, 2020 4:09 PM
>>> To: clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
>>> Subject: Re: [clamav-users] IP Blacklisted by Mirror
>>> 
>>> On 23.04.20 15:24, Kamil Wójcik via clamav-users wrote:
>>>> I have clamav configured with freshclam for signature updates.
>>>> I found that freshclam is failing to update signatures with error "Wed
>>> Apr 22 10:12:34 2020 -> ^getpatch: Can't download daily-25717.cdiff from
>>> db.local.clamav.net <http://db.local.clamav.net/> 
>>> <http://db.local.clamav.net/ <http://db.local.clamav.net/>>”
>>>> 
>>>> I checked with curl and I’m getting HTTP 403 with response "error code:
>>> 1006”. I believe this is cloudflare error indicating that  ip was
>>> blacklisted. Is there any other public mirror that I could use instead ?
>>>> What should I do to get ip removed from blacklist ?
>>> 
>>> how often do you mirror? 50 times a day.
>>> Aren't you by any chance behind NAT, maybe with more machines?
>>> --
>>> Matus UHLAR - fantomas, uh...@fantomas.sk <mailto:uh...@fantomas.sk> ; 
>>> http://www.fantomas.sk/ <http://www.fantomas.sk/>
>>> Warning: I wish NOT to receive e-mail advertising to this address.
>>> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>>> Windows 2000: 640 MB ought to be enough for anybody
>>> 
>>> ___
>>> 
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>> 
>>> 
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> 
>>> http://www.clamav.net/contact.html#ml
>> 
>> 
>> ___
>> 
>> clamav-users mailing list
>> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] IP Blacklisted by Mirror

2020-04-23 Thread Joel Esler (jesler) via clamav-users

Team —

I control Cloudflare.  Who is blocked and who is not is literally up to me.  If 
you are being blocked, feel free to write me 1:1, share your IP with me, and 
I’ll tell you why you’re blocked.  A ticket can also be filed on 
bugzilla.clamav.net <http://bugzilla.clamav.net/> under “mirrors”



> On Apr 23, 2020, at 10:46 AM, web...@manfbraun.de wrote:
> 
> Hello!
> 
> I reported that exakt problem years ago.
> 
> There is NO direct solution.
> 
> It's that, that cloudflaire is not interested
> in requests of users - it' "a engine".
> They are even blocking the tor network and
> redirect to google, to solve a pscholical
> fingerprint to identify you, it's just nothing
> else then IT-Oligarchism.
> 
> I was never able to contact them but came
> to the lucky situation to have another box,
> a VPS. So I installed a proxy there and configured
> clam to use it. Problem fixed.
> 
> Has, at least, nothing to do with the amount
> of request, which are 24/day for my case.
> 
> Best regards,
> Manfred
> 
> 
>> -Original Message-
>> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On
>> Behalf Of Matus UHLAR - fantomas
>> Sent: Thursday, April 23, 2020 4:09 PM
>> To: clamav-users@lists.clamav.net
>> Subject: Re: [clamav-users] IP Blacklisted by Mirror
>> 
>> On 23.04.20 15:24, Kamil Wójcik via clamav-users wrote:
>>> I have clamav configured with freshclam for signature updates.
>>> I found that freshclam is failing to update signatures with error "Wed
>> Apr 22 10:12:34 2020 -> ^getpatch: Can't download daily-25717.cdiff from
>> db.local.clamav.net <http://db.local.clamav.net/>”
>>> 
>>> I checked with curl and I’m getting HTTP 403 with response "error code:
>> 1006”. I believe this is cloudflare error indicating that  ip was
>> blacklisted. Is there any other public mirror that I could use instead ?
>>> What should I do to get ip removed from blacklist ?
>> 
>> how often do you mirror? 50 times a day.
>> Aren't you by any chance behind NAT, maybe with more machines?
>> --
>> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
>> Warning: I wish NOT to receive e-mail advertising to this address.
>> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>> Windows 2000: 640 MB ought to be enough for anybody
>> 
>> ___
>> 
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml



smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] IP Blacklisted by Mirror

2020-04-23 Thread webman

Hello!

I reported that exakt problem years ago.

There is NO direct solution.

It's that, that cloudflaire is not interested
in requests of users - it' "a engine".
They are even blocking the tor network and
redirect to google, to solve a pscholical
fingerprint to identify you, it's just nothing
else then IT-Oligarchism.

I was never able to contact them but came
to the lucky situation to have another box,
a VPS. So I installed a proxy there and configured
clam to use it. Problem fixed.

Has, at least, nothing to do with the amount
of request, which are 24/day for my case.

Best regards,
Manfred


> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On
> Behalf Of Matus UHLAR - fantomas
> Sent: Thursday, April 23, 2020 4:09 PM
> To: clamav-users@lists.clamav.net
> Subject: Re: [clamav-users] IP Blacklisted by Mirror
> 
> On 23.04.20 15:24, Kamil Wójcik via clamav-users wrote:
> >I have clamav configured with freshclam for signature updates.
> >I found that freshclam is failing to update signatures with error "Wed
> Apr 22 10:12:34 2020 -> ^getpatch: Can't download daily-25717.cdiff from
> db.local.clamav.net <http://db.local.clamav.net/>”
> >
> >I checked with curl and I’m getting HTTP 403 with response "error code:
> 1006”. I believe this is cloudflare error indicating that  ip was
> blacklisted. Is there any other public mirror that I could use instead ?
> >What should I do to get ip removed from blacklist ?
> 
> how often do you mirror? 50 times a day.
> Aren't you by any chance behind NAT, maybe with more machines?
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Windows 2000: 640 MB ought to be enough for anybody
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] IP Blacklisted by Mirror

2020-04-23 Thread Matus UHLAR - fantomas


On 23.04.20 15:24, Kamil Wójcik via clamav-users wrote:

I have clamav configured with freshclam for signature updates.
I found that freshclam is failing to update signatures with error "Wed Apr 22 10:12:34 
2020 -> ^getpatch: Can't download daily-25717.cdiff from db.local.clamav.net 
”

I checked with curl and I’m getting HTTP 403 with response "error code: 1006”. 
I believe this is cloudflare error indicating that  ip was blacklisted. Is there any 
other public mirror that I could use instead ?
What should I do to get ip removed from blacklist ?


how often do you mirror? 50 times a day.
Aren't you by any chance behind NAT, maybe with more machines?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] IP Blacklisted by Mirror

Re: [clamav-users] IP Blacklisted by Mirror

Re: [clamav-users] IP Blacklisted by Mirror

Re: [clamav-users] IP Blacklisted by Mirror

4 matches

Site Navigation

Mail list logo

Footer information