[clamav-users] Freshclam update HTTP Error 403 Forbidden

Claudiu Albu claudiu.albu88 at gmail.com
Fri Dec 21 06:26:36 EST 2018


Hello all,





Been browsing through similar previous occurrences but found nothing
conclusive to our particular scenario.



We’ve installed ClamAV on a Centos7 server somewhere in our infrastructure,
which was supposed to *get its updates through a Squid proxy*.

We’ve set freshclam.conf to *check for updates hourly*. For the first 6
hours freshclam outputted no error and everything went fine.

After that, we seemingly *started getting our connection blocked* with:

Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from
database.clamav.net: HTTP/1.0 403

Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download
daily-25222.cdiff from database.clamav.net

Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from
database.clamav.net: HTTP/1.0 403

Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download
daily-25222.cdiff from database.clamav.net

Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from
database.clamav.net: HTTP/1.0 403

Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download
daily-25222.cdiff from database.clamav.net

Dec 21 11:08:47 dcp2tac freshclam[68187]: Incremental update failed, trying
to download daily.cvd

Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from
database.clamav.net: HTTP/1.0 403

Dec 21 11:08:47 dcp2tac freshclam[68187]: Can't download daily.cvd from
database.clamav.net

Dec 21 11:08:47 dcp2tac freshclam[68187]: Giving up on
database.clamav.net...

Dec 21 11:08:47 dcp2tac freshclam[68187]: Update failed. Your network may
be down or none of the mirrors listed in /etc/freshclam.conf is working.
Check https://www.clamav.net



Additionally, please see below sendspace link for a curl dump running curl
-x http://10.128.38.250:8080 -L --trace curl-dump
http://database.clamav.net/daily.cvd

   - https://www.sendspace.com/file/j8jqjq



Moreover, what seems to lead to the same conclusion (our connection getting
blocked) is we’ve managed getting freshclam to work through another Squid
proxy going through a completely different external IP address in our
infrastructure – which worked.



Does this happen due to repeated connections to database.clamav.net *after
having set updates hourly*?

Can this be tackled from your side in any way? Or should we go for a local
web server?



Thanks in advance,

*Claudiu ALBU*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181221/cedf2375/attachment.html>


More information about the clamav-users mailing list