Hello all,

 

 

Been browsing through similar previous occurrences but found nothing conclusive to our particular scenario.

 

We’ve installed ClamAV on a Centos7 server somewhere in our infrastructure, which was supposed to get its updates through a Squid proxy.

We’ve set freshclam.conf to check for updates hourly. For the first 6 hours freshclam outputted no error and everything went fine.

After that, we seemingly started getting our connection blocked with:

Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from database.clamav.net: HTTP/1.0 403

Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download daily-25222.cdiff from database.clamav.net

Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from database.clamav.net: HTTP/1.0 403

Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download daily-25222.cdiff from database.clamav.net

Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from database.clamav.net: HTTP/1.0 403

Dec 21 11:08:47 dcp2tac freshclam[68187]: getpatch: Can't download daily-25222.cdiff from database.clamav.net

Dec 21 11:08:47 dcp2tac freshclam[68187]: Incremental update failed, trying to download daily.cvd

Dec 21 11:08:47 dcp2tac freshclam[68187]: getfile: Unknown response from database.clamav.net: HTTP/1.0 403

Dec 21 11:08:47 dcp2tac freshclam[68187]: Can't download daily.cvd from database.clamav.net

Dec 21 11:08:47 dcp2tac freshclam[68187]: Giving up on database.clamav.net...

Dec 21 11:08:47 dcp2tac freshclam[68187]: Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check https://www.clamav.net

 

Additionally, please see below sendspace link for a curl dump running curl -x http://10.128.38.250:8080 -L --trace curl-dump http://database.clamav.net/daily.cvd

• https://www.sendspace.com/file/j8jqjq

 

Moreover, what seems to lead to the same conclusion (our connection getting blocked) is we’ve managed getting freshclam to work through another Squid proxy going through a completely different external IP address in our infrastructure – which worked.

 

Does this happen due to repeated connections to database.clamav.net after having set updates hourly?

Can this be tackled from your side in any way? Or should we go for a local web server?

 

Thanks in advance,

Claudiu ALBU