New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
Sign in
to your account
Comments
Hello team,
we are consistently getting above error for most of our hosts for Clamav.
The error persist for few hours and gets resolved automatically and again come back after some time and this is happening since past few days.
Though our clamav is up-to-date then also we are getting this error.
Please look into this issue as soon as possible!!
The error which we are getting is:
WARNING: FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN).
This means that you have been rate limited or blocked by the CDN.
- Verify that you’re running a supported ClamAV version.
See https://docs.clamav.net/faq/faq-eol.html for details. - Run FreshClam no more than once an hour to check for updates.
FreshClam should check DNS first to see if an update is needed. - If you have more than 10 hosts on your network attempting to download,
it is recommended that you set up a private mirror on your network using
cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the
CDN and your own network. - Please do not open a ticket asking for an exemption from the rate limit,
it will not be granted.
Thanks,
I’ve also been consistently receiving this message several times per day from several of our environments. It looks to have started on or around 5/19/2022. ClamAV 0.103.5. I realize this message seems to be due to rate limiting, but we did not receive the error message prior to 5/19/2022, and had not made any changes to our environments at that time.
freshclam -vvv
Current working dir is /var/lib/clamav/
Loaded freshclam.dat:
version: 1
uuid: 7aa37448-e07f-469d-a2ab-bd90e798dfe2
retry-after: 2022-05-24 13:42:05
ClamAV update process started at Tue May 24 09:44:14 2022
Current working dir is /var/lib/clamav/
Querying current.cvd.clamav.net
TTL: 1642
WARNING: DNS record is older than 3 hours.
WARNING: FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN).
This means that you have been rate limited or blocked by the CDN.
- Verify that you’re running a supported ClamAV version.
See https://docs.clamav.net/faq/faq-eol.html for details. - Run FreshClam no more than once an hour to check for updates.
FreshClam should check DNS first to see if an update is needed. - If you have more than 10 hosts on your network attempting to download,
it is recommended that you set up a private mirror on your network using
cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the
CDN and your own network. - Please do not open a ticket asking for an exemption from the rate limit,
it will not be granted.
WARNING: You are still on cool-down until after: 2022-05-24 13:42:05
I am also getting same error while performing the very first database downloading using freshclam. Please fix the issue.
Hi @smaceno @roushanrjqikfox @Independant7077,
Some others have reported this issue as well in #588
What appears to be new is this message:
Trying to retrieve CVD header from https://database.clamav.net/main.cvd
WARNING: remote_cvdhead: Malformed CVD header (too short)
WARNING: Failed to get main database version information from server: https://database.clamav.net
ERROR: check_for_new_database_version: Failed to find main database using server https://database.clamav.net.
Can you confirm if you are also seeing «remote_cvdhead: Malformed CVD header (too short)», before your freshclam was rate-limited?
I have a feeling the issue is bug in our Cloudflare CDN, because we haven’t changed main.cvd is a long time. I am going to ask our Ops team to clear cache in our Cloudflare admin dashboard to see if that clears up issues for the users running into this.
Regards,
Micah
@micahsnyder Yes, here’s an excerpt from one of my error messages if it helps, though I see the same errors, and more often for ‘daily database’.
ERROR: check_for_new_database_version: Failed to find main database using server https://database.clamav.net/.
ERROR: check_for_new_database_version: Failed to find main database using server https://database.clamav.net/.
ERROR: remote_cvdhead: Malformed CVD header (too short)
ERROR: check_for_new_database_version: Failed to find main database using server https://database.clamav.net/.
ERROR: Update failed for database: main
ERROR: Database update process failed: HTTP GET failed
ERROR: Update failed.
«Daily database» error:
ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net/.
ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net/.
ERROR: remote_cvdhead: Malformed CVD header (too short)
ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net/.
ERROR: Update failed for database: daily
ERROR: Database update process failed: HTTP GET failed
ERROR: Update failed.
Hm so it’s not just main, it’s daily too. I’m still working with our cloudflare admins to investigate. Cloudflare themselves seem to think everything is o.k., other than some redirections: https://www.cloudflarestatus.com/
Can you please try using freshclam --verbose to get more detail about the failure?
Another question — what OS are you using? How did you install ClamAV? It sounds like maybe DNS isn’t being used to check the CVD version.
@micahsnyder errors have been less frequent over the last couple of days. Was worst between 5/19 & 5/25. Actually has been pretty clean since then for the most part. I’m using CentOS 7, and clam is installed via yum from the EPEL repository. Configuration is standard. We’ve been using it for a long time without incident until the date range noted.
Thanks @smaceno that helps. I just figured out the source of the issue. If the clamav build fails to detect libresolv, it will build with DNS disabled. Then every check for updated databases will count towards getting rate-limited.
Issues in freshclam are two-fold:
- Now that we’re rate-limiting HTTP requests, we really shouldn’t allow the build to continue if
libresolvcan’t be detected. - The
remote_cvdhead()function isn’t smart enough to know it got a 429 rate-limiting response, so the error message is super misleading.
I suspect that one or more packages were recently built with DNS disabled, hence the influx of users running into this bug. You said EPEL, which is very popular, which would really explain it. I’ll go test the EPEL package and see what’s up. Maybe I can reach out to EPEL maintainers to see if we can get it fixed in an update to the package.
Then in some future clamav patch version, we can make it so libfreshclam can’t be built without DNS support.
My suspicion about DNS being disabled in the new packages was incorrect. I confirmed that using DNS for the CVD version checks is working in the EPEL and ubuntu 0.103.6 packages. I’m still unsure why a number of people saw it attempt to download the CVD header for the version check instead of using the DNS entry. Perhaps a local DNS issue?
Anyways… last week we also cleared cloudflare’s cache of the main.cvd and daily.cvd files. I haven’t heard any new complaints since then on this issue.
@smaceno, @Independant7077, @roushanrjqikfox are you still having issues or does it appear to be working again?
I noticed last week that I didn’t receive updates for a very long time. After I compiled the packages myself from the source package of Debian unstable, I could download again. But then I ran in a time-out. For some reason the download time-out in my freshclam.conf was set on 30 seconds, which is too short for my slow internet connection. With «ReceiveTimeout 60» I receive all updates again, including main.cvd.
I noticed last week that I didn’t receive updates for a very long time. After I compiled the packages myself from the source package of Debian unstable, I could download again. But then I ran in a time-out. For some reason the download time-out in my freshclam.conf was set on 30 seconds, which is too short for my slow internet connection. With «ReceiveTimeout 60» I receive all updates again, including main.cvd.
Good to hear. The ReceiveTimeout 30 setting in the config is provided by some distribution packages. If you remove the option, it will use the default which is 0 (disabled).
Thanks, I will. Maybe compiling wasn’t needed after all. It is possible that I got rate limited because my Freshclam kept trying to download main.cvd, but didn’t succeed within 30 seconds.
It looks to me like the event where cloudflare was serving up smaller files requested which was causing freshclam to retry and then get rate-limited has been resolved. I’m going to close this issue.
If you observe this message again in advance of rate limiting:
WARNING: remote_cvdhead: Malformed CVD header (too short)
then feel free to re-open the issue.
Interesting, I have incorporated a mirror yet the error still appears
# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package
DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 30
ReceiveTimeout 0
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
Bytecode true
NotifyClamd /etc/clamav/clamd.conf
# Check for new database 24 times a day
Checks 24
DatabaseMirror http://192.168.2.230:8080
DatabaseMirror http://192.168.2.230:8080
+ sudo sed -i 's/^DatabaseMirror .*$/DatabaseMirror http://192.168.2.230:8080/' /etc/clamav/freshclam.conf
+ sudo freshclam -v --config-file=/etc/clamav/freshclam.conf
Sat Jul 23 16:25:42 2022 -> *Current working dir is /var/lib/clamav/
Sat Jul 23 16:25:42 2022 -> *Loaded freshclam.dat:
Sat Jul 23 16:25:42 2022 -> * version: 1
Sat Jul 23 16:25:42 2022 -> * uuid: 35124cff-65be-4985-b34b-6c82c507acee
Sat Jul 23 16:25:42 2022 -> * retry-after: 2022-07-24 00:00:36
Sat Jul 23 16:25:42 2022 -> ClamAV update process started at Sat Jul 23 16:25:42 2022
Sat Jul 23 16:25:42 2022 -> *Current working dir is /var/lib/clamav/
Sat Jul 23 16:25:42 2022 -> *Querying current.cvd.clamav.net
Sat Jul 23 16:25:42 2022 -> *TTL: 101
Sat Jul 23 16:25:42 2022 -> *fc_dns_query_update_info: Software version from DNS: 0.103.6
Sat Jul 23 16:25:42 2022 -> ^FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN).
Sat Jul 23 16:25:42 2022 -> This means that you have been rate limited or blocked by the CDN.
Sat Jul 23 16:25:42 2022 -> 1. Verify that you're running a supported ClamAV version.
Sat Jul 23 16:25:42 2022 -> See https://docs.clamav.net/faq/faq-eol.html for details.
Sat Jul 23 16:25:42 2022 -> 2. Run FreshClam no more than once an hour to check for updates.
Sat Jul 23 16:25:42 2022 -> FreshClam should check DNS first to see if an update is needed.
Sat Jul 23 16:25:42 2022 -> 3. If you have more than 10 hosts on your network attempting to download,
Sat Jul 23 16:25:42 2022 -> it is recommended that you set up a private mirror on your network using
Sat Jul 23 16:25:42 2022 -> cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the
Sat Jul 23 16:25:42 2022 -> CDN and your own network.
Sat Jul 23 16:25:42 2022 -> 4. Please do not open a ticket asking for an exemption from the rate limit,
Sat Jul 23 16:25:42 2022 -> it will not be granted.
Sat Jul 23 16:25:42 2022 -> ^You are still on cool-down until after: 2022-07-24 00:00:36
+ sudo systemctl start clamav-freshclam
is current.cvd.clamav.net doing the rate limiting? How can we get around this as i have dozens of VMs behind nat so all appear from same IP.
@jessequinn Freshclam’s freshclam.dat file in the database directory records a timestamp to so prevent re-trying connections when freshclam knows it is being rate limited. The reason was we found that we were serving up a considerable amount of data in just 429 and 403 responses. So it is self-limiting for a time before it tries again.
So if you just swapped over to the private mirror, you may need to delete the freshclam.dat file and try again.
My network is slow, cant download the daily.cvd file before getting locked out
sudo freshclam
Tue Sep 13 23:13:34 2022 -> ClamAV update process started at Tue Sep 13 23:13:34 2022
Tue Sep 13 23:13:34 2022 -> ^Can't query current.cvd.clamav.net
Tue Sep 13 23:13:34 2022 -> ^Invalid DNS reply. Falling back to HTTP mode.
Tue Sep 13 23:13:34 2022 -> ^FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN).
Tue Sep 13 23:13:34 2022 -> This means that you have been rate limited or blocked by the CDN.
Tue Sep 13 23:13:34 2022 -> 1. Verify that you're running a supported ClamAV version.
Tue Sep 13 23:13:34 2022 -> See https://docs.clamav.net/faq/faq-eol.html for details.
Tue Sep 13 23:13:34 2022 -> 2. Run FreshClam no more than once an hour to check for updates.
Tue Sep 13 23:13:34 2022 -> FreshClam should check DNS first to see if an update is needed.
Tue Sep 13 23:13:34 2022 -> 3. If you have more than 10 hosts on your network attempting to download,
Tue Sep 13 23:13:34 2022 -> it is recommended that you set up a private mirror on your network using
Tue Sep 13 23:13:34 2022 -> cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the
Tue Sep 13 23:13:34 2022 -> CDN and your own network.
Tue Sep 13 23:13:34 2022 -> 4. Please do not open a ticket asking for an exemption from the rate limit,
Tue Sep 13 23:13:34 2022 -> it will not be granted.
Tue Sep 13 23:13:34 2022 -> ^You are still on cool-down until after: 2022-09-14 16:52:32
@isaac-machakata you can disable the «ReceiveTimeout» option in your freshclam.conf by setting
This should enable you to download the entire file.
Содержание
- Тема: Перестал обновляться ClamAV установленный из панели
- Перестал обновляться ClamAV установленный из панели
- FreshClam rate limited because built without DNS support (resolv.h detection issue) #340
- Comments
- Describe the bug
- How to reproduce the problem
- Attachments
- FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN)
- freshclam fails after HTTP 403 response for CLD file (instead of 404) even though CVD download successful #395
- Comments
- configuration
- Config file: clamd.d/scan.conf
- Config file: freshclam.conf
- Config file: mail/clamav-milter.conf
- Software settings
- Database information
- Platform information
- Build information
- Freshclam errors on new instantiated instance:
Тема: Перестал обновляться ClamAV установленный из панели
Опции темы
Поиск по теме
Перестал обновляться ClamAV установленный из панели
freshclam выдает в логах ошибки, с 5 марта, скажите пож-та, как исправить проблему?
Wed Mar 16 00:51:18 2022 -> Received signal: wake up
Wed Mar 16 00:51:18 2022 -> ClamAV update process started at Wed Mar 16 00:51:18 2022
Wed Mar 16 00:51:18 2022 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Mar 16 00:51:18 2022 -> WARNING: Local version: 0.103.4 Recommended version: 0.103.5
Wed Mar 16 00:51:18 2022 -> DON’T PANIC! Read https://docs.clamav.net/manual/Installing.html
Wed Mar 16 00:51:18 2022 -> WARNING: Cool-down expired, ok to try again.
Wed Mar 16 00:51:18 2022 -> daily database available for update (local version: 26475, remote version: 26482)
Wed Mar 16 00:51:19 2022 -> WARNING: downloadPatch: Can’t download daily-26476.cdiff from https://database.clamav.net/daily-26476.cdiff
Wed Mar 16 00:51:19 2022 -> WARNING: Incremental update failed, trying to download daily.cvd
Wed Mar 16 00:51:20 2022 -> WARNING: Can’t download daily.cvd from https://database.clamav.net/daily.cvd
Wed Mar 16 00:51:20 2022 -> WARNING: FreshClam received error code 403 from the ClamAV Content Delivery Network (CDN).
Wed Mar 16 00:51:20 2022 -> This could mean several things:
Wed Mar 16 00:51:20 2022 -> 1. You are running an out-of-date version of ClamAV / FreshClam.
Wed Mar 16 00:51:20 2022 -> Ensure you are the most updated version by visiting https://www.clamav.net/downloads
Wed Mar 16 00:51:20 2022 -> 2. Your network is explicitly denied by the FreshClam CDN.
Wed Mar 16 00:51:20 2022 -> In order to rectify this please check that you are:
Wed Mar 16 00:51:20 2022 -> a. Running an up-to-date version of FreshClam
Wed Mar 16 00:51:20 2022 -> b. Running FreshClam no more than once an hour
Wed Mar 16 00:51:20 2022 -> c. If you have checked (a) and (b), please open a ticket at
Wed Mar 16 00:51:20 2022 -> https://github.com/Cisco-Talos/clamav/issues
Wed Mar 16 00:51:20 2022 -> and we will investigate why your network is blocked.
Wed Mar 16 00:51:20 2022 -> WARNING: You are on cool-down until after: 2022-03-17 00:51:20
Wed Mar 16 00:51:20 2022 -> ERROR: Database update process failed: Forbidden; Blocked by CDN
Wed Mar 16 00:51:20 2022 -> ERROR: Update failed.
Wed Mar 16 00:51:20 2022 -> WARNING: FreshClam was forbidden from downloading a database.
Wed Mar 16 00:51:20 2022 -> WARNING: This is fatal. Retrying later won’t help. Exiting now.
Они запретили доступ с российских IP к обновлениям и своему домену.
Чтобы сети и серверы не остались без актуальной антивирусной защиты можно использовать следующий способ для обновления баз:
Скачайте через Tor или VPN файлы:
Поместите их в папку ClamAVdb (наименование может незначительно отличаться в зависимости от используемой ОС).
Перезапустите сервис ClamAV.
Источник
FreshClam rate limited because built without DNS support (resolv.h detection issue) #340
Describe the bug
After upgrading to ClamAV 0.104.0 freshclam stopped using DNS for detecting signature upgrades and switched to HTTP(S).
After a while freshclam got ratelimited:
How to reproduce the problem
I had following config for many years:
After noticing DNS is not used I’ve looked at freshclam.conf(5) manual page and modified config yesterday to:
but that didn’t help and DNS was still not used by frechclam. Eventually I got ratelimited.
Attachments
The text was updated successfully, but these errors were encountered:
Not sure why DNS is not used :/
Hi @kucharskim did you compile ClamAV yourself? If so, can you check the clamav-config.h from your build directory to see if HAVE_RESOLV_H is defined?
My guess is that HAVE_RESOLV_H is not defined and that either the new CMake build system doesn’t know how to find /usr/include/resolv.h or /usr/local/include/resolv.h on your system, or perhaps it really isn’t present.
I did not compile ClamAV myself, but reported it to OpenBSD ports devs:
The cmake check fails because it tries to compile a file which includes resolv.h standalone, on BSDs other headers are needed (at least netinet/in.h).
If lack of DNS lookups causes enough problems that it’s necessary to block clients who don’t use them, wouldn’t it be better to prevent building freshclam if the required files aren’t detected?
Not very satisfying but this is slightly better..
If lack of DNS lookups causes enough problems that it’s necessary to block clients who don’t use them, wouldn’t it be better to prevent building freshclam if the required files aren’t detected?
I think that’s a good idea. DNS lookup support should be mandatory for the build to work.
@sthen Your suggestion seems like it would work, even if it isn’t very satisfying. But if we’re going to make it required, we may as well remove the HAVE_RESOLV_H check and preprocessor checks entirely and have it fail to compile if #include fails.
Источник
FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN)
we are consistently getting above error for most of our hosts for Clamav.
The error persist for few hours and gets resolved automatically and again come back after some time and this is happening since past few days.
Though our clamav is up-to-date then also we are getting this error.
Please look into this issue as soon as possible!!
The error which we are getting is:
WARNING: FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN).
This means that you have been rate limited or blocked by the CDN.
- Verify that you’re running a supported ClamAV version.
See https://docs.clamav.net/faq/faq-eol.html for details. - Run FreshClam no more than once an hour to check for updates.
FreshClam should check DNS first to see if an update is needed. - If you have more than 10 hosts on your network attempting to download,
it is recommended that you set up a private mirror on your network using
cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the
CDN and your own network. - Please do not open a ticket asking for an exemption from the rate limit,
it will not be granted.
I’ve also been consistently receiving this message several times per day from several of our environments. It looks to have started on or around 5/19/2022. ClamAV 0.103.5. I realize this message seems to be due to rate limiting, but we did not receive the error message prior to 5/19/2022, and had not made any changes to our environments at that time.
freshclam -vvv
Current working dir is /var/lib/clamav/
Loaded freshclam.dat:
version: 1
uuid: 7aa37448-e07f-469d-a2ab-bd90e798dfe2
retry-after: 2022-05-24 13:42:05
ClamAV update process started at Tue May 24 09:44:14 2022
Current working dir is /var/lib/clamav/
Querying current.cvd.clamav.net
TTL: 1642
WARNING: DNS record is older than 3 hours.
WARNING: FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN).
This means that you have been rate limited or blocked by the CDN.
- Verify that you’re running a supported ClamAV version.
See https://docs.clamav.net/faq/faq-eol.html for details. - Run FreshClam no more than once an hour to check for updates.
FreshClam should check DNS first to see if an update is needed. - If you have more than 10 hosts on your network attempting to download,
it is recommended that you set up a private mirror on your network using
cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the
CDN and your own network. - Please do not open a ticket asking for an exemption from the rate limit,
it will not be granted.
WARNING: You are still on cool-down until after: 2022-05-24 13:42:05
I am also getting same error while performing the very first database downloading using freshclam. Please fix the issue.
Источник
freshclam fails after HTTP 403 response for CLD file (instead of 404) even though CVD download successful #395
Long time user with numerous private instances in AWS, all configured with latest Centos 7 clamav version: ClamAV 0.103.4/26369/Tue Nov 30 04:18:45 2021. Every instance has the freshclam.conf PrivateMirror setting pointing to a private S3 bucket containing latest downloads of daily.cvd and main.cvd. Last clamav patch was Nov 15, 2021 and since then every instance is rate limited by CDN, even though all instances are using a private S3 bucket for downloads. It appears that freshclam is being rate limited and stuck in cool-down for no reason. These instances should be able to update as often as we want. I have reviewed all configurations and would like information how to stop rate limiting when using PrivateMirror.
/var/log/yum.log:Nov 15 07:25:09 Updated: clamav-filesystem-0.103.4-1.el7.noarch
/var/log/yum.log:Nov 15 07:25:09 Updated: clamav-lib-0.103.4-1.el7.x86_64
/var/log/yum.log:Nov 15 07:25:09 Updated: clamav-update-0.103.4-1.el7.x86_64
/var/log/yum.log:Nov 15 07:25:09 Updated: clamav-0.103.4-1.el7.x86_64
/var/log/yum.log:Nov 15 07:25:09 Updated: clamd-0.103.4-1.el7.x86_64
/var/log/yum.log:Nov 15 07:25:09 Updated: clamav-devel-0.103.4-1.el7.x86_64
/var/log/yum.log:Nov 15 07:25:09 Updated: clamav-milter-0.103.4-1.el7.x86_64
/var/log/yum.log:Nov 15 07:25:13 Updated: clamav-data-0.103.4-1.el7.noarch
configuration
clamconf -n
Checking configuration files in /etc
Config file: clamd.d/scan.conf
LogFile = «/var/log/clamav/clamav.log»
LogTime = «yes»
LogRotate = «yes»
TCPSocket = «3310»
Config file: freshclam.conf
LogFileMaxSize = «2097152»
LogTime = «yes»
LogSyslog = «yes»
LogRotate = «yes»
UpdateLogFile = «/var/log/freshclam.log»
PrivateMirror = «https://redacted.private.s3.bucket.url.amazonaws.com»
Checks 12
MaxAttempts = «1»
NotifyClamd = «/etc/clamd.conf»
ConnectTimeout = «600»
ReceiveTimeout = «3600»
Bytecode no
Config file: mail/clamav-milter.conf
ERROR: Please edit the example config file /etc/mail/clamav-milter.conf
Software settings
Database information
Database directory: /var/lib/clamav
bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 10:21:51 2021
daily.cvd: version 26369, sigs: 1948295, built on Tue Nov 30 04:18:45 2021
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 08:32:42 2021
Total number of signatures: 8595814
Platform information
uname: Linux 3.10.0-1160.45.1.el7.x86_64 #1 SMP Wed Oct 13 17:20:51 UTC 2021 x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
zlib version: 1.2.7 (1.2.7), compile flags: a9
Build information
GNU C: 4.8.5 20150623 (Red Hat 4.8.5-44) (4.8.5)
Engine flevel: 125, dconf: 125
Freshclam errors on new instantiated instance:
WARNING: You are still on cool-down until after: 2021-12-02 07:45:48
Wed Dec 1 11:02:45 2021 -> —————————————
Wed Dec 1 11:02:45 2021 -> Current working dir is /var/lib/clamav/
Wed Dec 1 11:02:45 2021 -> Can’t open freshclam.dat in /var/lib/clamav
Wed Dec 1 11:02:45 2021 -> It probably doesn’t exist yet. That’s ok.
Wed Dec 1 11:02:45 2021 -> Failed to load freshclam.dat; will create a new freshclam.dat
Wed Dec 1 11:02:45 2021 -> Creating new freshclam.dat
Wed Dec 1 11:02:45 2021 -> Saved freshclam.dat
Wed Dec 1 11:02:45 2021 -> ClamAV update process started at Wed Dec 1 11:02:45 2021
Wed Dec 1 11:02:45 2021 -> Current working dir is /var/lib/clamav/
Wed Dec 1 11:02:45 2021 -> WARNING: DNS Update Info disabled. Falling back to HTTP mode.
Wed Dec 1 11:02:45 2021 -> Current working dir is /var/lib/clamav/
Wed Dec 1 11:02:45 2021 -> check_for_new_database_version: Local copy of daily found: daily.cvd.
Wed Dec 1 11:02:45 2021 -> Trying to retrieve CVD header from https://redacted.private.s3.bucket.url.amazonaws.com/daily.cld
Wed Dec 1 11:02:45 2021 -> Saved freshclam.dat
Wed Dec 1 11:02:45 2021 -> ERROR: remote_cvdhead: Malformed CVD header (too short)
Wed Dec 1 11:02:45 2021 -> Trying to retrieve CVD header from https://redacted.private.s3.bucket.url.amazonaws.com/daily.cvd
Wed Dec 1 11:02:45 2021 -> OK
Wed Dec 1 11:02:45 2021 -> daily database version obtained using HTTP GET: 26369
Wed Dec 1 11:02:45 2021 -> daily.cvd database is up-to-date (version: 26369, sigs: 1948295, f-level: 90, builder: xxxxxxx)
Wed Dec 1 11:02:45 2021 -> fc_update_database: daily.cvd already up-to-date.
Wed Dec 1 11:02:45 2021 -> Current working dir is /var/lib/clamav/
Wed Dec 1 11:02:45 2021 -> check_for_new_database_version: Local copy of main found: main.cvd.
Wed Dec 1 11:02:45 2021 -> Trying to retrieve CVD header from https://redacted.private.s3.bucket.url.amazonaws.com/main.cld
Wed Dec 1 11:02:45 2021 -> Saved freshclam.dat
Wed Dec 1 11:02:45 2021 -> ERROR: remote_cvdhead: Malformed CVD header (too short)
Wed Dec 1 11:02:45 2021 -> Trying to retrieve CVD header from https://redacted.private.s3.bucket.url.amazonaws.com/main.cvd
Wed Dec 1 11:02:45 2021 -> OK
Wed Dec 1 11:02:45 2021 -> main database version obtained using HTTP GET: 62
Wed Dec 1 11:02:45 2021 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: xxxxxxxx)
Wed Dec 1 11:02:45 2021 -> fc_update_database: main.cvd already up-to-date.
Wed Dec 1 11:03:05 2021 -> —————————————
Wed Dec 1 11:03:05 2021 -> freshclam daemon 0.103.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Wed Dec 1 11:03:05 2021 -> ClamAV update process started at Wed Dec 1 11:03:05 2021
Wed Dec 1 11:03:05 2021 -> WARNING: DNS Update Info disabled. Falling back to HTTP mode.
Wed Dec 1 11:03:05 2021 -> WARNING: FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN).
Wed Dec 1 11:03:05 2021 -> This means that you have been rate limited or blocked by the CDN.
Wed Dec 1 11:03:05 2021 -> 1. Verify that you’re running a supported ClamAV version.
Wed Dec 1 11:03:05 2021 -> See https://docs.clamav.net/faq/faq-eol.html for details.
Wed Dec 1 11:03:05 2021 -> 2. Run FreshClam no more than once an hour to check for updates.
Wed Dec 1 11:03:05 2021 -> FreshClam should check DNS first to see if an update is needed.
Wed Dec 1 11:03:05 2021 -> 3. If you have more than 10 hosts on your network attempting to download,
Wed Dec 1 11:03:05 2021 -> it is recommended that you set up a private mirror on your network using
Wed Dec 1 11:03:05 2021 -> cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the
Wed Dec 1 11:03:05 2021 -> CDN and your own network.
Wed Dec 1 11:03:05 2021 -> 4. Please do not open a ticket asking for an exemption from the rate limit,
Wed Dec 1 11:03:05 2021 -> it will not be granted.
Wed Dec 1 11:03:05 2021 -> WARNING: You are still on cool-down until after: 2021-12-02 11:02:45
Wed Dec 1 11:03:05 2021 -> —————————————
The text was updated successfully, but these errors were encountered:
Источник
16.03.2022, 12:15
#1
Member
Перестал обновляться ClamAV установленный из панели
Перестал обновляться ClamAV установленный из панелиfreshclam выдает в логах ошибки, с 5 марта, скажите пож-та, как исправить проблему?
Wed Mar 16 00:51:18 2022 -> Received signal: wake up
Wed Mar 16 00:51:18 2022 -> ClamAV update process started at Wed Mar 16 00:51:18 2022
Wed Mar 16 00:51:18 2022 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Mar 16 00:51:18 2022 -> WARNING: Local version: 0.103.4 Recommended version: 0.103.5
Wed Mar 16 00:51:18 2022 -> DON’T PANIC! Read https://docs.clamav.net/manual/Installing.html
Wed Mar 16 00:51:18 2022 -> WARNING: Cool-down expired, ok to try again.
Wed Mar 16 00:51:18 2022 -> daily database available for update (local version: 26475, remote version: 26482)
Wed Mar 16 00:51:19 2022 -> WARNING: downloadPatch: Can’t download daily-26476.cdiff from https://database.clamav.net/daily-26476.cdiff
Wed Mar 16 00:51:19 2022 -> WARNING: Incremental update failed, trying to download daily.cvd
Wed Mar 16 00:51:20 2022 -> WARNING: Can’t download daily.cvd from https://database.clamav.net/daily.cvd
Wed Mar 16 00:51:20 2022 -> WARNING: FreshClam received error code 403 from the ClamAV Content Delivery Network (CDN).
Wed Mar 16 00:51:20 2022 -> This could mean several things:
Wed Mar 16 00:51:20 2022 -> 1. You are running an out-of-date version of ClamAV / FreshClam.
Wed Mar 16 00:51:20 2022 -> Ensure you are the most updated version by visiting https://www.clamav.net/downloads
Wed Mar 16 00:51:20 2022 -> 2. Your network is explicitly denied by the FreshClam CDN.
Wed Mar 16 00:51:20 2022 -> In order to rectify this please check that you are:
Wed Mar 16 00:51:20 2022 -> a. Running an up-to-date version of FreshClam
Wed Mar 16 00:51:20 2022 -> b. Running FreshClam no more than once an hour
Wed Mar 16 00:51:20 2022 -> c. If you have checked (a) and (b), please open a ticket at
Wed Mar 16 00:51:20 2022 -> https://github.com/Cisco-Talos/clamav/issues
Wed Mar 16 00:51:20 2022 -> and we will investigate why your network is blocked.
Wed Mar 16 00:51:20 2022 -> WARNING: You are on cool-down until after: 2022-03-17 00:51:20
Wed Mar 16 00:51:20 2022 -> ERROR: Database update process failed: Forbidden; Blocked by CDN
Wed Mar 16 00:51:20 2022 -> ERROR: Update failed.
Wed Mar 16 00:51:20 2022 -> WARNING: FreshClam was forbidden from downloading a database.
Wed Mar 16 00:51:20 2022 -> WARNING: This is fatal. Retrying later won’t help. Exiting now.
Tue Mar 22 09:20:16 2022 -> *Current working dir is /var/lib/clamav/
Tue Mar 22 09:20:16 2022 -> *Loaded freshclam.dat:
Tue Mar 22 09:20:16 2022 -> * version: 1
Tue Mar 22 09:20:16 2022 -> * uuid: dd0512fc—399b—46af—8bd3—3ef86b3a37d6
Tue Mar 22 09:20:16 2022 -> ClamAV update process started at Tue Mar 22 09:20:16 2022
Tue Mar 22 09:20:16 2022 -> *Current working dir is /var/lib/clamav/
Tue Mar 22 09:20:16 2022 -> ^DNS Update Info disabled. Falling back to HTTP mode.
Tue Mar 22 09:20:16 2022 -> *Current working dir is /var/lib/clamav/
Tue Mar 22 09:20:16 2022 -> *check_for_new_database_version: Local copy of daily found: daily.cvd.
Tue Mar 22 09:20:16 2022 -> Trying to retrieve CVD header from http://clmvupd.deltamoby.ru/daily.cld
* Trying 88.84.222.213:80…
* Connected to clmvupd.deltamoby.ru (88.84.222.213) port 80 (#0)
> GET /daily.cld HTTP/1.1
Host: clmvupd.deltamoby.ru
Range: bytes=0—511
User—Agent: ClamAV/0.104.1 (OS: Linux, ARCH: x86_64, CPU: x86_64, UUID: dd0512fc—399b—46af—8bd3—3ef86b3a37d6)
Accept: */*
If—Modified—Since: Mon, 21 Mar 2022 08:28:19 GMT
Connection: close
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 22 Mar 2022 06:20:16 GMT
< Server: Apache
< Location: https://clmvupd.deltamoby.ru/daily.cld
< Content—Length: 246
< Connection: close
< Content—Type: text/html; charset=iso-8859-1
<
* Closing connection 0
* Issue another request to this URL: ‘https://clmvupd.deltamoby.ru/daily.cld’
* Trying 88.84.222.213:443…
* Connected to clmvupd.deltamoby.ru (88.84.222.213) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca—certificates.crt
* CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / ECDHE—RSA—AES256—GCM—SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=clmvupd.deltamoby.ru
* start date: Mar 22 05:06:49 2022 GMT
* expire date: Jun 20 05:06:48 2022 GMT
* subjectAltName: host «clmvupd.deltamoby.ru» matched cert‘s «clmvupd.deltamoby.ru»
* issuer: C=US; O=Let’s Encrypt; CN=R3
* SSL certificate verify ok.
> GET /daily.cld HTTP/1.1
Host: clmvupd.deltamoby.ru
Range: bytes=0—511
User—Agent: ClamAV/0.104.1 (OS: Linux, ARCH: x86_64, CPU: x86_64, UUID: dd0512fc—399b—46af—8bd3—3ef86b3a37d6)
Accept: */*
If—Modified—Since: Mon, 21 Mar 2022 08:28:19 GMT
Connection: close
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Date: Tue, 22 Mar 2022 06:20:16 GMT
< Server: Apache
< Content—Length: 196
< Connection: close
< Content—Type: text/html; charset=iso-8859-1
<
* Closing connection 1
Tue Mar 22 09:20:16 2022 -> ^remote_cvdhead: file not found: http://clmvupd.deltamoby.ru/daily.cld
Tue Mar 22 09:20:16 2022 -> Trying to retrieve CVD header from http://clmvupd.deltamoby.ru/daily.cvd
* Trying 88.84.222.213:80…
* Connected to clmvupd.deltamoby.ru (88.84.222.213) port 80 (#0)
> GET /daily.cvd HTTP/1.1
Host: clmvupd.deltamoby.ru
Range: bytes=0—511
User—Agent: ClamAV/0.104.1 (OS: Linux, ARCH: x86_64, CPU: x86_64, UUID: dd0512fc—399b—46af—8bd3—3ef86b3a37d6)
Accept: */*
If—Modified—Since: Mon, 21 Mar 2022 08:28:19 GMT
Connection: close
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 22 Mar 2022 06:20:16 GMT
< Server: Apache
< Location: https://clmvupd.deltamoby.ru/daily.cvd
< Content—Length: 246
< Connection: close
< Content—Type: text/html; charset=iso-8859-1
<
* Closing connection 0
* Issue another request to this URL: ‘https://clmvupd.deltamoby.ru/daily.cvd’
* Trying 88.84.222.213:443…
* Connected to clmvupd.deltamoby.ru (88.84.222.213) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca—certificates.crt
* CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / ECDHE—RSA—AES256—GCM—SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=clmvupd.deltamoby.ru
* start date: Mar 22 05:06:49 2022 GMT
* expire date: Jun 20 05:06:48 2022 GMT
* subjectAltName: host «clmvupd.deltamoby.ru» matched cert‘s «clmvupd.deltamoby.ru»
* issuer: C=US; O=Let’s Encrypt; CN=R3
* SSL certificate verify ok.
> GET /daily.cvd HTTP/1.1
Host: clmvupd.deltamoby.ru
Range: bytes=0—511
User—Agent: ClamAV/0.104.1 (OS: Linux, ARCH: x86_64, CPU: x86_64, UUID: dd0512fc—399b—46af—8bd3—3ef86b3a37d6)
Accept: */*
If—Modified—Since: Mon, 21 Mar 2022 08:28:19 GMT
Connection: close
* Mark bundle as not supporting multiuse
< HTTP/1.1 206 Partial Content
< Date: Tue, 22 Mar 2022 06:20:16 GMT
< Server: Apache
< Last—Modified: Tue, 22 Mar 2022 05:51:55 GMT
< ETag: «3765084-5dac835e045da»
< Accept—Ranges: bytes
< Content—Length: 512
< Content—Range: bytes 0—511/58085508
< Connection: close
<
* Closing connection 1
Tue Mar 22 09:20:16 2022 -> OK
Tue Mar 22 09:20:16 2022 -> *daily database version obtained using HTTP GET: 26488
Tue Mar 22 09:20:16 2022 -> daily.cvd database is up—to—date (version: 26488, sigs: 1976522, f—level: 90, builder: raynman)
Tue Mar 22 09:20:16 2022 -> *fc_update_database: daily.cvd already up—to—date.
Tue Mar 22 09:20:16 2022 -> *Current working dir is /var/lib/clamav/
Tue Mar 22 09:20:16 2022 -> *check_for_new_database_version: Local copy of main found: main.cvd.
Tue Mar 22 09:20:16 2022 -> Trying to retrieve CVD header from http://clmvupd.deltamoby.ru/main.cld
* Trying 88.84.222.213:80…
* Connected to clmvupd.deltamoby.ru (88.84.222.213) port 80 (#0)
> GET /main.cld HTTP/1.1
Host: clmvupd.deltamoby.ru
Range: bytes=0—511
User—Agent: ClamAV/0.104.1 (OS: Linux, ARCH: x86_64, CPU: x86_64, UUID: dd0512fc—399b—46af—8bd3—3ef86b3a37d6)
Accept: */*
If—Modified—Since: Thu, 16 Sep 2021 12:32:42 GMT
Connection: close
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 22 Mar 2022 06:20:16 GMT
< Server: Apache
< Location: https://clmvupd.deltamoby.ru/main.cld
< Content—Length: 245
< Connection: close
< Content—Type: text/html; charset=iso-8859-1
<
* Closing connection 0
* Issue another request to this URL: ‘https://clmvupd.deltamoby.ru/main.cld’
* Trying 88.84.222.213:443…
* Connected to clmvupd.deltamoby.ru (88.84.222.213) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca—certificates.crt
* CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / ECDHE—RSA—AES256—GCM—SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=clmvupd.deltamoby.ru
* start date: Mar 22 05:06:49 2022 GMT
* expire date: Jun 20 05:06:48 2022 GMT
* subjectAltName: host «clmvupd.deltamoby.ru» matched cert‘s «clmvupd.deltamoby.ru»
* issuer: C=US; O=Let’s Encrypt; CN=R3
* SSL certificate verify ok.
> GET /main.cld HTTP/1.1
Host: clmvupd.deltamoby.ru
Range: bytes=0—511
User—Agent: ClamAV/0.104.1 (OS: Linux, ARCH: x86_64, CPU: x86_64, UUID: dd0512fc—399b—46af—8bd3—3ef86b3a37d6)
Accept: */*
If—Modified—Since: Thu, 16 Sep 2021 12:32:42 GMT
Connection: close
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Date: Tue, 22 Mar 2022 06:20:16 GMT
< Server: Apache
< Content—Length: 196
< Connection: close
< Content—Type: text/html; charset=iso-8859-1
<
* Closing connection 1
Tue Mar 22 09:20:16 2022 -> ^remote_cvdhead: file not found: http://clmvupd.deltamoby.ru/main.cld
Tue Mar 22 09:20:16 2022 -> Trying to retrieve CVD header from http://clmvupd.deltamoby.ru/main.cvd
* Trying 88.84.222.213:80…
* Connected to clmvupd.deltamoby.ru (88.84.222.213) port 80 (#0)
> GET /main.cvd HTTP/1.1
Host: clmvupd.deltamoby.ru
Range: bytes=0—511
User—Agent: ClamAV/0.104.1 (OS: Linux, ARCH: x86_64, CPU: x86_64, UUID: dd0512fc—399b—46af—8bd3—3ef86b3a37d6)
Accept: */*
If—Modified—Since: Thu, 16 Sep 2021 12:32:42 GMT
Connection: close
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 22 Mar 2022 06:20:16 GMT
< Server: Apache
< Location: https://clmvupd.deltamoby.ru/main.cvd
< Content—Length: 245
< Connection: close
< Content—Type: text/html; charset=iso-8859-1
<
* Closing connection 0
* Issue another request to this URL: ‘https://clmvupd.deltamoby.ru/main.cvd’
* Trying 88.84.222.213:443…
* Connected to clmvupd.deltamoby.ru (88.84.222.213) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca—certificates.crt
* CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / ECDHE—RSA—AES256—GCM—SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=clmvupd.deltamoby.ru
* start date: Mar 22 05:06:49 2022 GMT
* expire date: Jun 20 05:06:48 2022 GMT
* subjectAltName: host «clmvupd.deltamoby.ru» matched cert‘s «clmvupd.deltamoby.ru»
* issuer: C=US; O=Let’s Encrypt; CN=R3
* SSL certificate verify ok.
> GET /main.cvd HTTP/1.1
Host: clmvupd.deltamoby.ru
Range: bytes=0—511
User—Agent: ClamAV/0.104.1 (OS: Linux, ARCH: x86_64, CPU: x86_64, UUID: dd0512fc—399b—46af—8bd3—3ef86b3a37d6)
Accept: */*
If—Modified—Since: Thu, 16 Sep 2021 12:32:42 GMT
Connection: close
* Mark bundle as not supporting multiuse
< HTTP/1.1 206 Partial Content
< Date: Tue, 22 Mar 2022 06:20:16 GMT
< Server: Apache
< Last—Modified: Tue, 22 Mar 2022 05:51:56 GMT
< ETag: «a2950ad-5dac835e5859b»
< Accept—Ranges: bytes
< Content—Length: 512
< Content—Range: bytes 0—511/170479789
< Connection: close
<
* Closing connection 1
Tue Mar 22 09:20:16 2022 -> OK
Tue Mar 22 09:20:16 2022 -> *main database version obtained using HTTP GET: 62
Tue Mar 22 09:20:16 2022 -> main.cvd database is up—to—date (version: 62, sigs: 6647427, f—level: 90, builder: sigmgr)
Tue Mar 22 09:20:16 2022 -> *fc_update_database: main.cvd already up—to—date.
Tue Mar 22 09:20:16 2022 -> *Current working dir is /var/lib/clamav/
Tue Mar 22 09:20:16 2022 -> *check_for_new_database_version: Local copy of bytecode found: bytecode.cld.
Tue Mar 22 09:20:16 2022 -> Trying to retrieve CVD header from http://clmvupd.deltamoby.ru/bytecode.cld
* Trying 88.84.222.213:80…
* Connected to clmvupd.deltamoby.ru (88.84.222.213) port 80 (#0)
> GET /bytecode.cld HTTP/1.1
Host: clmvupd.deltamoby.ru
Range: bytes=0—511
User—Agent: ClamAV/0.104.1 (OS: Linux, ARCH: x86_64, CPU: x86_64, UUID: dd0512fc—399b—46af—8bd3—3ef86b3a37d6)
Accept: */*
If—Modified—Since: Mon, 08 Mar 2021 15:21:51 GMT
Connection: close
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 22 Mar 2022 06:20:16 GMT
< Server: Apache
< Location: https://clmvupd.deltamoby.ru/bytecode.cld
< Content—Length: 249
< Connection: close
< Content—Type: text/html; charset=iso-8859-1
<
* Closing connection 0
* Issue another request to this URL: ‘https://clmvupd.deltamoby.ru/bytecode.cld’
* Trying 88.84.222.213:443…
* Connected to clmvupd.deltamoby.ru (88.84.222.213) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca—certificates.crt
* CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / ECDHE—RSA—AES256—GCM—SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=clmvupd.deltamoby.ru
* start date: Mar 22 05:06:49 2022 GMT
* expire date: Jun 20 05:06:48 2022 GMT
* subjectAltName: host «clmvupd.deltamoby.ru» matched cert‘s «clmvupd.deltamoby.ru»
* issuer: C=US; O=Let’s Encrypt; CN=R3
* SSL certificate verify ok.
> GET /bytecode.cld HTTP/1.1
Host: clmvupd.deltamoby.ru
Range: bytes=0—511
User—Agent: ClamAV/0.104.1 (OS: Linux, ARCH: x86_64, CPU: x86_64, UUID: dd0512fc—399b—46af—8bd3—3ef86b3a37d6)
Accept: */*
If—Modified—Since: Mon, 08 Mar 2021 15:21:51 GMT
Connection: close
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Date: Tue, 22 Mar 2022 06:20:16 GMT
< Server: Apache
< Content—Length: 196
< Connection: close
< Content—Type: text/html; charset=iso-8859-1
<
* Closing connection 1
Tue Mar 22 09:20:16 2022 -> ^remote_cvdhead: file not found: http://clmvupd.deltamoby.ru/bytecode.cld
Tue Mar 22 09:20:16 2022 -> Trying to retrieve CVD header from http://clmvupd.deltamoby.ru/bytecode.cvd
* Trying 88.84.222.213:80…
* Connected to clmvupd.deltamoby.ru (88.84.222.213) port 80 (#0)
> GET /bytecode.cvd HTTP/1.1
Host: clmvupd.deltamoby.ru
Range: bytes=0—511
User—Agent: ClamAV/0.104.1 (OS: Linux, ARCH: x86_64, CPU: x86_64, UUID: dd0512fc—399b—46af—8bd3—3ef86b3a37d6)
Accept: */*
If—Modified—Since: Mon, 08 Mar 2021 15:21:51 GMT
Connection: close
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 22 Mar 2022 06:20:16 GMT
< Server: Apache
< Location: https://clmvupd.deltamoby.ru/bytecode.cvd
< Content—Length: 249
< Connection: close
< Content—Type: text/html; charset=iso-8859-1
<
* Closing connection 0
* Issue another request to this URL: ‘https://clmvupd.deltamoby.ru/bytecode.cvd’
* Trying 88.84.222.213:443…
* Connected to clmvupd.deltamoby.ru (88.84.222.213) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca—certificates.crt
* CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / ECDHE—RSA—AES256—GCM—SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=clmvupd.deltamoby.ru
* start date: Mar 22 05:06:49 2022 GMT
* expire date: Jun 20 05:06:48 2022 GMT
* subjectAltName: host «clmvupd.deltamoby.ru» matched cert‘s «clmvupd.deltamoby.ru»
* issuer: C=US; O=Let’s Encrypt; CN=R3
* SSL certificate verify ok.
> GET /bytecode.cvd HTTP/1.1
Host: clmvupd.deltamoby.ru
Range: bytes=0—511
User—Agent: ClamAV/0.104.1 (OS: Linux, ARCH: x86_64, CPU: x86_64, UUID: dd0512fc—399b—46af—8bd3—3ef86b3a37d6)
Accept: */*
If—Modified—Since: Mon, 08 Mar 2021 15:21:51 GMT
Connection: close
* Mark bundle as not supporting multiuse
< HTTP/1.1 206 Partial Content
< Date: Tue, 22 Mar 2022 06:20:16 GMT
< Server: Apache
< Last—Modified: Tue, 22 Mar 2022 05:59:45 GMT
< ETag: «47b26-5dac851d8ffa7»
< Accept—Ranges: bytes
< Content—Length: 512
< Content—Range: bytes 0—511/293670
< Connection: close
<
* Closing connection 1
Tue Mar 22 09:20:16 2022 -> OK
Tue Mar 22 09:20:16 2022 -> *bytecode database version obtained using HTTP GET: 333
Tue Mar 22 09:20:16 2022 -> bytecode.cld database is up—to—date (version: 333, sigs: 92, f—level: 63, builder: awillia2)
Tue Mar 22 09:20:16 2022 -> *fc_update_database: bytecode.cld already up—to—date.
Recently installed ClamAV on Manjaro, and I’m unable to update the virus definitions with freshclam. When I attempt to run «sudo freshclam», I receive the following error:
WARNING: Can't download main.cvd from https://database.clamav.net/main.cvd
WARNING: FreshClam received error code 429 from the ClamAV Content Delivery Network (CDN).
This means that you have been rate limited by the CDN.
This happened right after I installed ClamAV, which I found odd but decided to wait until the cool-down period had passed. When I tried again, I got
WARNING: Cool-down expired, ok to try again.
daily database available for download (remote version: 26289)
Time: 0.2s, ETA: 0.0s [========================>] 16B/16B
WARNING: Can't download daily.cvd from https://database.clamav.net/daily.cvd
WARNING: FreshClam received error code 429 from the ClamAV Content Delivery Network (CDN).
This means that you have been rate limited by the CDN.
I’m not entirely sure what’s going on, as I’m not constantly trying to update the definitions so I don’t know why I’m being rate-limited by ClamAV’s CDN.
I tried again this morning, and again this afternoon and I keep getting the same error. C/P’d the full output of the attempts this afternoon below, as I don’t know how I can include a screenshot within a text post without uploading to imgur or other 3rd party host.
sudo freshclam
[sudo] password for kaos7heory:
ClamAV update process started at Thu Sep 9 14:05:46 2021
WARNING: FreshClam previously received error code 429 from the ClamAV Content Delivery Network (CDN).
This means that you have been rate limited by the CDN.
1. Run FreshClam no more than once an hour to check for updates. FreshClam should check DNS first to see if an update is needed.
2. If you have more than 10 hosts on your network attempting to download, it is recommended that you set up a private mirror on your network using cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the CDN and your own network.
3. Please do not open a ticket asking for an exemption from the rate limit, it will not be granted.
WARNING: You are still on cool-down until after: 2021-09-09 14:27:24
sudo freshclam ✔ 4s
[sudo] password for kaos7heory:
ClamAV update process started at Thu Sep 9 14:29:54 2021
WARNING: Cool-down expired, ok to try again.
daily database available for download (remote version: 26289)
Time: 0.2s, ETA: 0.0s [========================>] 16B/16B
WARNING: Can't download daily.cvd from https://database.clamav.net/daily.cvd
WARNING: FreshClam received error code 429 from the ClamAV Content Delivery Network (CDN).
This means that you have been rate limited by the CDN.
1. Run FreshClam no more than once an hour to check for updates. FreshClam should check DNS first to see if an update is needed.
2. If you have more than 10 hosts on your network attempting to download, it is recommended that you set up a private mirror on your network using cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the CDN and your own network.
3. Please do not open a ticket asking for an exemption from the rate limit,
it will not be granted.
WARNING: You are on cool-down until after: 2021-09-09 18:29:54
main database available for download (remote version: 61)
Time: 0.1s, ETA: 0.0s [========================>] 16B/16B
WARNING: Can't download main.cvd from https://database.clamav.net/main.cvd
WARNING: FreshClam received error code 429 from the ClamAV Content Delivery Network (CDN).
This means that you have been rate limited by the CDN.
1. Run FreshClam no more than once an hour to check for updates. FreshClam should check DNS first to see if an update is needed.
2. If you have more than 10 hosts on your network attempting to download, it is recommended that you set up a private mirror on your network using cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the CDN and your own network.
3. Please do not open a ticket asking for an exemption from the rate limit, it will not be granted.
WARNING: You are on cool-down until after: 2021-09-09 18:29:54
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
I have not submitted anything to the ClamAV team as I don’t know which of their categories this would fall under.