On Mar 8, 2021, at 9:36 AM, Todd Aiken <todd.aiken@ubishops.ca> wrote:

> From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Lo Nelson via clamav-users <clamav-users@lists.clamav.net>

> Reply-To: ClamAV users ML <clamav-users@lists.clamav.net>

> Date: Monday, March 8, 2021 at 8:49 AM

> To: "clamav-users@lists.clamav.net" <clamav-users@lists.clamav.net>

> Cc: Lo Nelson <nelo_1990@hotmail.com>

> Subject: [EXTERNAL] [clamav-users] Not able to use curl to download the cvd files successfully

>

> Dear Clamav support,

>

> May I know why I am not able to use curl to download the cvd files successfully? The cvd files show error code 1020. Thank you.

This is Cloudfare "protecting" the ClamAV website. You can bypass it by sending a fake user agent string, like this:

curl -A "Mozilla/5.0" http://database.clamav.net/daily.cvd --output daily.cvd

or using wget:

wget --user-agent "Mozilla/5.0" http://database.clamav.net/daily.cvd''

No! Don’t “bypass” it.

And “protecting” does not need to be in quotes, it’s quite literally what we are doing. And people doing the above are the problem.

As I said in countless other emails, either use Freshclam or https://github.com/micahsnyder/cvdupdate. The more people that do the above will force us to take drastic measures.

Joel Esler

Manager, Communities Division

Cisco Talos Intelligence Group

http://www.talosintelligence.com | https://www.snort.org