[clamav-users] Freshclam update HTTP Error 403 Forbidden
Claudiu Albu
claudiu.albu88 at gmail.com
Fri Dec 21 11:26:36 UTC 2018
Hello all,
Been browsing through similar previous occurrences but found nothing
conclusive to our particular scenario.
We’ve installed ClamAV on a Centos7 server somewhere in our infrastructure,
which was supposed to *get its updates through a Squid proxy*.
We’ve set freshclam.conf to *check for updates hourly*. For the first 6
hours freshclam outputted no error and everything went fine.
After that, we seemingly *started getting our connection blocked* with:
Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from
database.clamav.net: HTTP/1.0 403
Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download
daily-25222.cdiff from database.clamav.net
Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from
database.clamav.net: HTTP/1.0 403
Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download
daily-25222.cdiff from database.clamav.net
Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from
database.clamav.net: HTTP/1.0 403
Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download
daily-25222.cdiff from database.clamav.net
Dec 21 11:08:47 dcp2tac freshclam[68187]: Incremental update failed, trying
to download daily.cvd
Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from
database.clamav.net: HTTP/1.0 403
Dec 21 11:08:47 dcp2tac freshclam[68187]: Can't download daily.cvd from
database.clamav.net
Dec 21 11:08:47 dcp2tac freshclam[68187]: Giving up on
database.clamav.net...
Dec 21 11:08:47 dcp2tac freshclam[68187]: Update failed. Your network may
be down or none of the mirrors listed in /etc/freshclam.conf is working.
Check https://www.clamav.net
Additionally, please see below sendspace link for a curl dump running curl
-x http://10.128.38.250:8080 -L --trace curl-dump
http://database.clamav.net/daily.cvd
- https://www.sendspace.com/file/j8jqjq
Moreover, what seems to lead to the same conclusion (our connection getting
blocked) is we’ve managed getting freshclam to work through another Squid
proxy going through a completely different external IP address in our
infrastructure – which worked.
Does this happen due to repeated connections to database.clamav.net *after
having set updates hourly*?
Can this be tackled from your side in any way? Or should we go for a local
web server?
Thanks in advance,
*Claudiu ALBU*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181221/cedf2375/attachment.htm>
More information about the clamav-users
mailing list