Hello Adam,

Thank you for your email.  As a result of events documented in places here:
https://lists.clamav.net/pipermail/clamav-users/2021-March/010577.html
and
https://lists.clamav.net/pipermail/clamav-users/2021-March/010543.html

We’ve been forced to take emergency measures to protect the ClamAV environment.

Please Immediately switch to using Freshclam or https://github.com/micahsnyder/cvdupdate to update your AV definitions.

Sorry for the inconvenience, but we are currently in emergency mode and have to make several drastic changes over the several days.

-- 
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org


On Mar 8, 2021, at 2:16 PM, Adam Bashore via clamav-users <clamav-users@lists.clamav.net> wrote:

Below is the main problem:
 
# freshclam -v
Current working dir is /var/www/html
Max retries == 3
ClamAV update process started at Mon Mar  8 14:09:02 2021
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1674
Software version from DNS: 0.103.1
main.cvd version from DNS: 59
main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
daily.cvd version from DNS: 26102
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from db.local.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://db.local.clamav.net/daily.cvd
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
nonblock_connect: connect(): fd=5 errno=101: Network is unreachable
Can't connect to port 80 of host db.local.clamav.net (IP: 2606:4700::6810:db54)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Trying host db.local.clamav.net (2606:4700::6810:da54)...
nonblock_connect: connect(): fd=5 errno=101: Network is unreachable
Can't connect to port 80 of host db.local.clamav.net (IP: 2606:4700::6810:da54)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
WARNING: Can't download daily.cvd from db.local.clamav.net
Trying again in 5 secs...
ClamAV update process started at Mon Mar  8 14:09:10 2021
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1666
Software version from DNS: 0.103.1
main.cvd version from DNS: 59
main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
daily.cvd version from DNS: 26102
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from db.local.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://db.local.clamav.net/daily.cvd
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Trying host db.local.clamav.net (2606:4700::6810:da54)...
nonblock_connect: connect(): fd=5 errno=101: Network is unreachable
Can't connect to port 80 of host db.local.clamav.net (IP: 2606:4700::6810:da54)
Trying host db.local.clamav.net (2606:4700::6810:db54)...
nonblock_connect: connect(): fd=5 errno=101: Network is unreachable
Can't connect to port 80 of host db.local.clamav.net (IP: 2606:4700::6810:db54)
WARNING: Can't download daily.cvd from db.local.clamav.net
Trying again in 5 secs...
ClamAV update process started at Mon Mar  8 14:09:17 2021
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1659
Software version from DNS: 0.103.1
main.cvd version from DNS: 59
main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
daily.cvd version from DNS: 26102
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
ERROR: getpatch: Can't download daily-26098.cdiff from db.local.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://db.local.clamav.net/daily.cvd
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Trying host db.local.clamav.net (2606:4700::6810:da54)...
nonblock_connect: connect(): fd=5 errno=101: Network is unreachable
Can't connect to port 80 of host db.local.clamav.net (IP: 2606:4700::6810:da54)
Trying host db.local.clamav.net (2606:4700::6810:db54)...
nonblock_connect: connect(): fd=5 errno=101: Network is unreachable
Can't connect to port 80 of host db.local.clamav.net (IP: 2606:4700::6810:db54)
ERROR: Can't download daily.cvd from db.local.clamav.net
Giving up on db.local.clamav.net...
ClamAV update process started at Mon Mar  8 14:09:19 2021
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1657
Software version from DNS: 0.103.1
main.cvd version from DNS: 59
main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
daily.cvd version from DNS: 26102
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
WARNING: getpatch: Can't download daily-26098.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-26098.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 2606:4700::6810:db54 (due to previous errors)
Ignoring mirror 2606:4700::6810:da54 (due to previous errors)
ERROR: getpatch: Can't download daily-26098.cdiff from db.local.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://db.local.clamav.net/daily.cvd
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Trying host db.local.clamav.net (2606:4700::6810:da54)...
nonblock_connect: connect(): fd=5 errno=101: Network is unreachable
Can't connect to port 80 of host db.local.clamav.net (IP: 2606:4700::6810:da54)
Trying host db.local.clamav.net (2606:4700::6810:db54)...
nonblock_connect: connect(): fd=5 errno=101: Network is unreachable
Can't connect to port 80 of host db.local.clamav.net (IP: 2606:4700::6810:db54)
ERROR: Can't download daily.cvd from db.local.clamav.net
Giving up on db.local.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons.



I'm able to telnet to port 80 at db.local.clamav.net without issue. but I get a 403 forbidden when i try to download main.clv directly with wget (wget http://db.local.clamav.net/main.cvd)

I'm not convinced that it's a network issue. Can anyone explain why freshclam appears to be trying IPv6 even though the host only has an IPv4 address on eth1?

--
-Adam

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml