[clamav-users] Error 403 downloading virus updates

David Copeland dave at davidcopeland.ca
Thu Feb 10 15:55:14 UTC 2022 

Hi Paul,

According to _https://docs.clamav.net/faq/faq-eol.html_ , version 102
reached EOL Jan 3, with database downloads no longer permitted.

Dave.

On 2022-02-10 10:25, Paul Furnival via clamav-users wrote:
> I am running CLAMAV on a number of servers running different linux distributions and, therefore, different versions of the clamav engine.  2 of the servers have started to give errors when trying to upload the definition files.  These errors came to light as emails I received,
>
> In following this through, it would appear that cloudfare is returning an "Error 1020" which ripples down to CLAMAV as a 403 error.
>
> Cloudfare say that this error is because the client has contravened a firewall rule but, as the client, I cannot see what this is so have no idea how to fix it.
>
> One test I have carried out is to download the file from another computer on the same network using the same firewall fro NAT (so the same ip address to the remote servers) using a web browser and the file downloads OK.  This would suggest that I am not being blocked due to a limit on how many requests can be delivered from a given IP address
>
> I have tried to update Clamav but there is no newer package for the distribution.  It is possible (although I can't prove ite) that cloudfare is checking the user agent and seeing my installation is too old?
>
> This is the email that warned me of the problem:
> ===========================================================================
> ERROR: downloadFile: Unexpected response (403) from database.clamav.net/daily-26440.cdiff
> ERROR: getpatch: Can't download daily-26440.cdiff from database.clamav.net/daily-26440.cdiff
> ERROR: downloadFile: Unexpected response (403) from database.clamav.net/daily.cvd
> ERROR: getcvd: Can't download daily.cvd from database.clamav.net/daily.cvd
> ERROR: Update failed for database: daily
> ERROR: Database update process failed: HTTP GET failed (11)
> ERROR: Update failed.
> ===========================================================================
>
>
>
> and this is the output from  freshclam --debug --verbose
> ===========================================================================
> ClamAV update process started at Thu Feb 10 15:21:42 2022
> Current working dir is /var/lib/clamav/
> Querying current.cvd.clamav.net
> TTL: 587
> fc_dns_query_update_info: Software version from DNS: 0.103.5
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.102.4 Recommended version: 0.103.5
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
> Current working dir is /var/lib/clamav/
> check_for_new_database_version: No local copy of "daily" database.
> query_remote_database_version: daily.cvd version from DNS: 26449
> daily database available for download (remote version: 26449)
> Retrieving https://database.clamav.net/daily.cvd
> downloadFile: Download source:      https://database.clamav.net/daily.cvd
> downloadFile: Download destination: /var/lib/clamav/tmp.d974a/clamav-57c27d81b66a259b02e9dc00177a1f51.tmp
> * About to connect() to database.clamav.net port 443 (#0)
> *   Trying 104.16.218.84...
> * Connected to database.clamav.net (104.16.218.84) port 443 (#0)
> * Initializing NSS with certpath: sql:/etc/pki/nssdb
> *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
>   CApath: none
> * SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
> * Server certificate:
> *       subject: CN=sni.cloudflaressl.com,O="Cloudflare, Inc.",L=San Francisco,ST=California,C=US
> *       start date: Jul 15 00:00:00 2021 GMT
> *       expire date: Jul 14 23:59:59 2022 GMT
> *       common name: sni.cloudflaressl.com
> *       issuer: CN=Cloudflare Inc ECC CA-3,O="Cloudflare, Inc.",C=US
>> GET /daily.cvd HTTP/1.1
> User-Agent: ClamAV/0.102.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
> Host: database.clamav.net
> Accept: */*
> Connection: close
>
> < HTTP/1.1 403 Forbidden
> < Date: Thu, 10 Feb 2022 15:21:42 GMT
> < Content-Type: text/plain; charset=UTF-8
> < Content-Length: 16
> < Connection: close
> < X-Frame-Options: SAMEORIGIN
> < Referrer-Policy: same-origin
> < Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
> < Expires: Thu, 01 Jan 1970 00:00:01 GMT
> < Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
> < Strict-Transport-Security: max-age=15552000
> < X-Content-Type-Options: nosniff
> < Server: cloudflare
> < CF-RAY: 6db6542848e5f3df-LHR
> <
> Time: 0.3s, ETA: 0.0s [=============================>] 16B/16B
> * Closing connection 0
> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily.cvd
> WARNING: getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
> Trying again in 5 secs...
> ======================================================================================================
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20220210/92e71e0d/attachment.htm>

More information about the clamav-users mailing list