Thanks for the prompt reply,

IP is: 193.181.246.98

ClamAV version is:

"WARNING: Local version: 0.100.2 Recommended version: 0.101.0"

After some reading, this seems to be the latest version in a stable CentOS EPEL stable repo - correct?

Regards,

Claudiu ALBU

On Fri, 21 Dec 2018 at 14:37, Joel Esler (jesler) <jesler@cisco.com> wrote:

What IP are you coming from? What version ClamAV are you using?

Sent from my  iPhone

On Dec 21, 2018, at 06:27, Claudiu Albu <claudiu.albu88@gmail.com> wrote:

Hello all,

Been browsing through similar previous occurrences but found nothing conclusive to our particular scenario.

We’ve installed ClamAV on a Centos7 server somewhere in our infrastructure, which was supposed to get its updates through a Squid proxy.

We’ve set freshclam.conf to check for updates hourly. For the first 6 hours freshclam outputted no error and everything went fine.

After that, we seemingly started getting our connection blocked with:

Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from database.clamav.net: HTTP/1.0 403

Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download daily-25222.cdiff from database.clamav.net

Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from database.clamav.net: HTTP/1.0 403

Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download daily-25222.cdiff from database.clamav.net

Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from database.clamav.net: HTTP/1.0 403

Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download daily-25222.cdiff from database.clamav.net

Dec 21 11:08:47 dcp2tac freshclam[68187]: Incremental update failed, trying to download daily.cvd

Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from database.clamav.net: HTTP/1.0 403

Dec 21 11:08:47 dcp2tac freshclam[68187]: Can't download daily.cvd from database.clamav.net

Dec 21 11:08:47 dcp2tac freshclam[68187]: Giving up on database.clamav.net...

Dec 21 11:08:47 dcp2tac freshclam[68187]: Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check https://www.clamav.net

Additionally, please see below sendspace link for a curl dump running curl -x http://10.128.38.250:8080 -L --trace curl-dump http://database.clamav.net/daily.cvd

https://www.sendspace.com/file/j8jqjq

Moreover, what seems to lead to the same conclusion (our connection getting blocked) is we’ve managed getting freshclam to work through another Squid proxy going through a completely different external IP address in our infrastructure – which worked.

Does this happen due to repeated connections to database.clamav.net after having set updates hourly?

Can this be tackled from your side in any way? Or should we go for a local web server?

Thanks in advance,

Claudiu ALBU

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml