Hi,
We installed and configured ClamAV 0.102.3 on all of our AIX servers running on 7.1 version. We do have a centralized server in our environment where we installed a proxy server squid and then configured our clients to use it by setting the HTTPProxyServer parameter in freshclam.conf. This centralized server is the only server where the firewall is opened to download any updates from database.clamav.net. Below example, has XXXX server being the client and YYYY being the centralized proxy server where all clients are trying to download the updates.
But when running a freshclam, its throwing up the error as SSL peer certificate or SSH remote key was not OK. We never used SSL certificates before with any of the previous version of clamAV. I even tried resintalling back the previous version clamav 0.102.2 but this SSL peer certificate error still remains. Any help in guiding me to the correct configuration would be greatly appreciated as I have tried installing/reinstalling configuring the squid proxy server YYYY multiple times, but the error remains intact. We don't really have any certificates or SSL configured on the proxy server. Majority of the settings that we have in the squid.conf are by default.
root@XXXX/usr/local/etc # freshclam
LibClamAV Warning:
Connecting via YYYY.state.mo.us
Thu Jun 11 13:49:29 2020 -> ClamAV update process started at Thu Jun 11 13:49:29 2020
Thu Jun 11 13:49:29 2020 -> ^Can't query state.mo.us
Thu Jun 11 13:49:29 2020 -> ^Invalid DNS reply. Falling back to HTTP mode.
Thu Jun 11 13:49:29 2020 -> Reading CVD header (daily.cvd): Thu Jun 11 13:49:29 2020 -> ^remote_cvdhead: Download failed (60) Thu Jun 11 13:49:29 2020 -> ^ Message: SSL peer certificate or SSH remote key was not OK
Thu Jun 11 13:49:29 2020 -> ^Failed to get daily database version information from server: https://database.clamav.net
Thu Jun 11 13:49:29 2020 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Thu Jun 11 13:49:29 2020 -> Trying again in 5 secs...
Thu Jun 11 13:49:34 2020 -> Reading CVD header (daily.cvd): Thu Jun 11 13:49:34 2020 -> ^remote_cvdhead: Download failed (60) Thu Jun 11 13:49:34 2020 -> ^ Message: SSL peer certificate or SSH remote key was not OK
Thu Jun 11 13:49:34 2020 -> ^Failed to get daily database version information from server: https://database.clamav.net
Thu Jun 11 13:49:34 2020 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Thu Jun 11 13:49:34 2020 -> Trying again in 5 secs...
Thu Jun 11 13:49:39 2020 -> Reading CVD header (daily.cvd): Thu Jun 11 13:49:39 2020 -> !remote_cvdhead: Download failed (60) Thu Jun 11 13:49:39 2020 -> ! Message: SSL peer certificate or SSH remote key was not OK
Thu Jun 11 13:49:39 2020 -> ^Failed to get daily database version information from server: https://database.clamav.net
Thu Jun 11 13:49:39 2020 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Thu Jun 11 13:49:39 2020 -> Giving up on https://database.clamav.net...
Thu Jun 11 13:49:39 2020 -> !Update failed for database: daily
Thu Jun 11 13:49:39 2020 -> ^fc_update_databases: fc_update_database failed: HTTP GET failed (11)
Thu Jun 11 13:49:39 2020 -> !Database update process failed: HTTP GET failed (11)
Thu Jun 11 13:49:39 2020 -> !Update failed.
root@XXXX/usr/local/etc # freshclam -V
ClamAV 0.102.3
root@XXXX /usr/local/etc # telnet YYYY 3128
Trying...
Connected to YYYY.state.mo.us.
Escape character is '^]'.
root@XXXX/usr/local/etc # cat freshclam.conf | grep -v ^#
DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogTime yes
LogSyslog yes
LogRotate yes
DatabaseMirror database.clamav.net
HTTPProxyServer YYYY.state.mo.us
HTTPProxyPort 3128
Proxy server(YYYY)
[root@YYYY~]# freshclam -V
ClamAV 0.102.3/25840/Thu Jun 11 07:52:31 2020
[root@YYYY~]# cat /etc/squid/squid.conf | grep -v ^#
visible_hostname YYYY
acl localnet src state.mo.us
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl CONNECT method CONNECT
acl access_to_clamav_updates dstdomain "/etc/squid/clamavupdate.txt"
http_access allow access_to_clamav_updates
http_access deny all
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
cache_dir ufs /var/spool/squid 100 16 256
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
[root@YYYY~]# cat "/etc/squid/clamavupdate.txt"
db.US.clamav.net
database.clamav.net
[root@YYYY~]#
We installed and configured ClamAV 0.102.3 on all of our AIX servers running on 7.1 version. We do have a centralized server in our environment where we installed a proxy server squid and then configured our clients to use it by setting the HTTPProxyServer parameter in freshclam.conf. This centralized server is the only server where the firewall is opened to download any updates from database.clamav.net. Below example, has XXXX server being the client and YYYY being the centralized proxy server where all clients are trying to download the updates.
But when running a freshclam, its throwing up the error as SSL peer certificate or SSH remote key was not OK. We never used SSL certificates before with any of the previous version of clamAV. I even tried resintalling back the previous version clamav 0.102.2 but this SSL peer certificate error still remains. Any help in guiding me to the correct configuration would be greatly appreciated as I have tried installing/reinstalling configuring the squid proxy server YYYY multiple times, but the error remains intact. We don't really have any certificates or SSL configured on the proxy server. Majority of the settings that we have in the squid.conf are by default.
root@XXXX/usr/local/etc # freshclam
LibClamAV Warning:
Connecting via YYYY.state.mo.us
Thu Jun 11 13:49:29 2020 -> ClamAV update process started at Thu Jun 11 13:49:29 2020
Thu Jun 11 13:49:29 2020 -> ^Can't query state.mo.us
Thu Jun 11 13:49:29 2020 -> ^Invalid DNS reply. Falling back to HTTP mode.
Thu Jun 11 13:49:29 2020 -> Reading CVD header (daily.cvd): Thu Jun 11 13:49:29 2020 -> ^remote_cvdhead: Download failed (60) Thu Jun 11 13:49:29 2020 -> ^ Message: SSL peer certificate or SSH remote key was not OK
Thu Jun 11 13:49:29 2020 -> ^Failed to get daily database version information from server: https://database.clamav.net
Thu Jun 11 13:49:29 2020 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Thu Jun 11 13:49:29 2020 -> Trying again in 5 secs...
Thu Jun 11 13:49:34 2020 -> Reading CVD header (daily.cvd): Thu Jun 11 13:49:34 2020 -> ^remote_cvdhead: Download failed (60) Thu Jun 11 13:49:34 2020 -> ^ Message: SSL peer certificate or SSH remote key was not OK
Thu Jun 11 13:49:34 2020 -> ^Failed to get daily database version information from server: https://database.clamav.net
Thu Jun 11 13:49:34 2020 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Thu Jun 11 13:49:34 2020 -> Trying again in 5 secs...
Thu Jun 11 13:49:39 2020 -> Reading CVD header (daily.cvd): Thu Jun 11 13:49:39 2020 -> !remote_cvdhead: Download failed (60) Thu Jun 11 13:49:39 2020 -> ! Message: SSL peer certificate or SSH remote key was not OK
Thu Jun 11 13:49:39 2020 -> ^Failed to get daily database version information from server: https://database.clamav.net
Thu Jun 11 13:49:39 2020 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Thu Jun 11 13:49:39 2020 -> Giving up on https://database.clamav.net...
Thu Jun 11 13:49:39 2020 -> !Update failed for database: daily
Thu Jun 11 13:49:39 2020 -> ^fc_update_databases: fc_update_database failed: HTTP GET failed (11)
Thu Jun 11 13:49:39 2020 -> !Database update process failed: HTTP GET failed (11)
Thu Jun 11 13:49:39 2020 -> !Update failed.
root@XXXX/usr/local/etc # freshclam -V
ClamAV 0.102.3
root@XXXX /usr/local/etc # telnet YYYY 3128
Trying...
Connected to YYYY.state.mo.us.
Escape character is '^]'.
root@XXXX/usr/local/etc # cat freshclam.conf | grep -v ^#
DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogTime yes
LogSyslog yes
LogRotate yes
DatabaseMirror database.clamav.net
HTTPProxyServer YYYY.state.mo.us
HTTPProxyPort 3128
Proxy server(YYYY)
[root@YYYY~]# freshclam -V
ClamAV 0.102.3/25840/Thu Jun 11 07:52:31 2020
[root@YYYY~]# cat /etc/squid/squid.conf | grep -v ^#
visible_hostname YYYY
acl localnet src state.mo.us
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl CONNECT method CONNECT
acl access_to_clamav_updates dstdomain "/etc/squid/clamavupdate.txt"
http_access allow access_to_clamav_updates
http_access deny all
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
cache_dir ufs /var/spool/squid 100 16 256
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
[root@YYYY~]# cat "/etc/squid/clamavupdate.txt"
db.US.clamav.net
database.clamav.net
[root@YYYY~]#