[clamav-users] Issue with freshclam in an IBM Cloud Private environment

Joel Esler (jesler) jesler at cisco.com
Thu Nov 15 12:59:34 UTC 2018


This says you are running 0.93?  Is that correct?

What is the IP you are coming from?

On Nov 14, 2018, at 5:19 PM, Mark Johnson <mark.johnson256 at gmail.com<mailto:mark.johnson256 at gmail.com>> wrote:

Hey everyone,  We are trying to run clamAV in an IBM Cloud Private (ICP) environment.  The issue that we are running into is freshclam is unable to update its virus definitions while running in this environment.    We are able to run curl and wget to access the main.cfd and daily.cfd using either database.clamav.net<http://database.clamav.net/> or db.us.clamav.net<http://db.us.clamav.net/> but when running freshclam the update fails.

We currently have a service entry allowing access to database.clamav.net<http://database.clamav.net/> and db.us.clamav.net<http://db.us.clamav.net/> on port 80 thus the reason that we are able to us curl and wget to pull down the databases manually.   Are there other hosts that need to be added to this service entry for access?

To note, this docker image is able to successfully run freshclam outside of the ICP environment with no issues.

Here is a the start of verbose output of the freshclam runs.

Current working dir is /var/lib/clamav
Max retries == 3
ClamAV update process started at Wed Nov 14 21:08:17 2018
Using IPv6 aware code
Querying current.cvd.clamav.net<http://current.cvd.clamav.net/>
TTL: 1305
Software version from DNS: 0.100.2
main.cvd version from DNS: 58
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
daily.cvd version from DNS: 25120
Retrieving http://db.us.clamav.net/daily-25076.cdiff
Trying to download http://db.us.clamav.net/daily-25076.cdiff (IP: 104.16.188.138)
WARNING: getfile: Unknown response from db.us.clamav.net<http://db.us.clamav.net/> (IP: 104.16.188.138): HTTP/1.1 426
WARNING: getpatch: Can't download daily-25076.cdiff from db.us.clamav.net<http://db.us.clamav.net/>
Querying daily.25076.93.0.0.6810BC8A.ping.clamav.net
Retrieving http://db.us.clamav.net/daily-25076.cdiff
Trying to download http://db.us.clamav.net/daily-25076.cdiff (IP: 104.16.188.138)
WARNING: getfile: Unknown response from db.us.clamav.net<http://db.us.clamav.net/> (IP: 104.16.188.138): HTTP/1.1 426
WARNING: getpatch: Can't download daily-25076.cdiff from db.us.clamav.net<http://db.us.clamav.net/>
Querying daily.25076.93.0.0.6810BC8A.ping.clamav.net
Retrieving http://db.us.clamav.net/daily-25076.cdiff
Trying to download http://db.us.clamav.net/daily-25076.cdiff (IP: 104.16.186.138)
WARNING: getfile: Unknown response from db.us.clamav.net<http://db.us.clamav.net/> (IP: 104.16.186.138): HTTP/1.1 426
WARNING: getpatch: Can't download daily-25076.cdiff from db.us.clamav.net<http://db.us.clamav.net/>
Querying daily.25076.93.0.0.6810BA8A.ping.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://db.us.clamav.net/daily.cvd
Ignoring mirror 104.16.188.138 (due to previous errors)
Trying to download http://db.us.clamav.net/daily.cvd (IP: 104.16.187.138)
WARNING: getfile: Unknown response from db.us.clamav.net<http://db.us.clamav.net/> (IP: 104.16.187.138): HTTP/1.1 426
WARNING: Can't download daily.cvd from db.us.clamav.net<http://db.us.clamav.net/>
Querying daily.0.93.0.0.6810BB8A.ping.clamav.net
Trying again in 5 secs...
ClamAV update process started at Wed Nov 14 21:08:23 2018
Using IPv6 aware code
Querying current.cvd.clamav.net<http://current.cvd.clamav.net/>

———— SNIP ———

Thanks in advance for any help

Mark Johnson

_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181115/f4da91fd/attachment.htm>


More information about the clamav-users mailing list