[clamav-users] Probably banned IP
Micah Snyder (micasnyd)
micasnyd at cisco.com
Fri Feb 24 21:36:53 UTC 2023
Hi Łukasz,
Looking at https://www.maxmind.com/en/geoip-demo, MaxMind seems to think your IP is in Poland.
I looked checked in our (Cisco's) own regional address lists used to comply with sanctions. I see
I don't see 91.220.164.0/24 block in the list. I do see that we block 91.220.163.0/24 and 91.220.166.0/24, but not 164.
My colleague checked our logs in Cloudflare and does not see your IP triggering any firewall events.
But it's possible that Cloudflare blocks it before it would arrive at our rules. Your IP is in a very similar IP range to some of those we block. And IP ranges do tend to change hands and change geolocations pretty frequently. So it's entirely likely that some filters believe your IP to be located in Russia.
We can't really tell any more than that unless you can share the Ray ID included in the HTTP response. Freshclam should show that information if you run it with the --verbose option.
Regards,
Micah
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-bounces at lists.clamav.net> on behalf of newcomer01 via clamav-users <clamav-users at lists.clamav.net>
Sent: Friday, February 24, 2023 10:53 AM
To: clamaV User Mailinglist <clamav-users at lists.clamav.net>
Cc: newcomer01 <newcomer01 at posteo.de>
Subject: Re: [clamav-users] Probably banned IP
oh and by the way: if you are using an russian ip, it can also be blocked and will not be unblocked.
this you can find on a discussion on talos github
Von / From: Clamav User Mailinglist <mailto:clamav-users at lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01 at posteo.de>
CC / CC: Łukasz Baniecki <mailto:baniecki.lukasz at gmail.com>
Gesendet / Sent: Freitag, Februar 24, 2023 um 12:55 (at 12:55 PM) +0100
Betreff / Subject: [clamav-users] Probably banned IP
> Hi,
> some time ago I run freshclam on a lot of machines that are under one
> public IP, therefore I generated a lot of requests and my company IP
> was probably blocked. Now I created my own mirror of cvd, but it is on
> the same IP address and it is not updating daily.cvd. I get:
> cvdupdate-1.0.2 ERROR Failed to download daily.cvd from
> https://database.clamav.net/daily.cvd?version=26821
> I also run simple python request to database.clamav.net with my uuid,
> and it worked fine from different IP address and from that blocked
> address I get 403 forbidden. My local firewall is not an issue cause I
> can make connection to database.clamav.net on port 443, so it must be
> banned.
>
> Can you please check if my IP address (91.220.164.241) is banned and un-ban it?
>
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20230224/af36b098/attachment.htm>
More information about the clamav-users
mailing list