[clamav-users] Freshclam update HTTP Error 403 Forbidden

Joel Esler (jesler) jesler at cisco.com
Fri Dec 21 07:37:30 EST 2018


What IP are you coming from?  What version ClamAV are you using?

Sent from my  iPhone

> On Dec 21, 2018, at 06:27, Claudiu Albu <claudiu.albu88 at gmail.com> wrote:
> 
> Hello all,
>  
>  
> Been browsing through similar previous occurrences but found nothing conclusive to our particular scenario.
>  
> We’ve installed ClamAV on a Centos7 server somewhere in our infrastructure, which was supposed to get its updates through a Squid proxy.
> We’ve set freshclam.conf to check for updates hourly. For the first 6 hours freshclam outputted no error and everything went fine.
> After that, we seemingly started getting our connection blocked with:
> Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from database.clamav.net: HTTP/1.0 403
> Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download daily-25222.cdiff from database.clamav.net
> Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from database.clamav.net: HTTP/1.0 403
> Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download daily-25222.cdiff from database.clamav.net
> Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from database.clamav.net: HTTP/1.0 403
> Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download daily-25222.cdiff from database.clamav.net
> Dec 21 11:08:47 dcp2tac freshclam[68187]: Incremental update failed, trying to download daily.cvd
> Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from database.clamav.net: HTTP/1.0 403
> Dec 21 11:08:47 dcp2tac freshclam[68187]: Can't download daily.cvd from database.clamav.net
> Dec 21 11:08:47 dcp2tac freshclam[68187]: Giving up on database.clamav.net...
> Dec 21 11:08:47 dcp2tac freshclam[68187]: Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check https://www.clamav.net
>  
> Additionally, please see below sendspace link for a curl dump running curl -x http://10.128.38.250:8080 -L --trace curl-dump http://database.clamav.net/daily.cvd
> https://www.sendspace.com/file/j8jqjq
>  
> Moreover, what seems to lead to the same conclusion (our connection getting blocked) is we’ve managed getting freshclam to work through another Squid proxy going through a completely different external IP address in our infrastructure – which worked.
>  
> Does this happen due to repeated connections to database.clamav.net after having set updates hourly?
> Can this be tackled from your side in any way? Or should we go for a local web server?
>  
> Thanks in advance,
> Claudiu ALBU
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181221/1c0af068/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3010 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181221/1c0af068/attachment.bin>


More information about the clamav-users mailing list