Mailing List Archive: Anyone else having trouble reaching the ClamAV website?

Anyone else having trouble reaching the ClamAV website?

kdeugau at vianet

Jan 5, 2023, 7:18 AM

Post #1 of 6 (161 views)

I went to load a semi-bookmarked page for signature writing
(https://docs.clamav.net/manual/Signatures.html), but it failed and kept
reloading Cloudflare's "security check" voodoo.

(Side question to pass up the chain at Cisco/Talos - is there a knob
that can be twisted somewhere to force that check to run exactly once,
then stop? I can't imagine any scenario where running it over and over
and over has any benefit to anyone. [.And for bonus points, display an
error message that gives some sliver of a hint what
beyond-the-bleeding-edge headacheware the site or its security provider
insist on relying on this week.])

I then tried to load the main site, https://www.clamav.net, which also
went into the same loop.

I usually use Seamonkey (all-in-one Mozilla suite). I tried Konqueror
which seemed to load things up fine.

Since starting to write this and putting it aside, I've come across a
small handful of other sites with the same issue, including one case
where the base site triggered the issue but a directory under the base
site did not. Since I'm *not* seeing it across a large number of sites,
it's pretty clearly some specific security option in Cloudflare causing
the failure.

-kgd
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: Anyone else having trouble reaching the ClamAV website? [ In reply to ]

uhlar at fantomas

Jan 5, 2023, 8:30 AM

Post #2 of 6 (161 views)

On 05.01.23 10:18, Kris Deugau wrote:
>I went to load a semi-bookmarked page for signature writing
>(https://docs.clamav.net/manual/Signatures.html), but it failed and
>kept reloading Cloudflare's "security check" voodoo.

I often get this results with seamonkey browser.
firefox is usually OK.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam = (S)tupid (P)eople's (A)dvertising (M)ethod
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: Anyone else having trouble reaching the ClamAV website? [ In reply to ]

clamav.mbourne at spamgourmet

Jan 5, 2023, 8:59 AM

Post #3 of 6 (161 views)

Kris Deugau wrote:
> I went to load a semi-bookmarked page for signature writing
> (https://docs.clamav.net/manual/Signatures.html), but it failed and kept
> reloading Cloudflare's "security check" voodoo.
>
> (Side question to pass up the chain at Cisco/Talos - is there a knob
> that can be twisted somewhere to force that check to run exactly once,
> then stop? I can't imagine any scenario where running it over and over
> and over has any benefit to anyone. [.And for bonus points, display an
> error message that gives some sliver of a hint what
> beyond-the-bleeding-edge headacheware the site or its security provider
> insist on relying on this week.])
>
> I then tried to load the main site, https://www.clamav.net, which also
> went into the same loop.
>
> I usually use Seamonkey (all-in-one Mozilla suite). I tried Konqueror
> which seemed to load things up fine.
>
> Since starting to write this and putting it aside, I've come across a
> small handful of other sites with the same issue, including one case
> where the base site triggered the issue but a directory under the base
> site did not. Since I'm *not* seeing it across a large number of sites,
> it's pretty clearly some specific security option in Cloudflare causing
> the failure.
>
> -kgd

ClamAV's site works for me, using SeaMonkey 2.53.14 - I'd been looking
at those pages before sending my earlier reply. It seems to be affected
by Edit > Preferences > Advanced > HTTP Networking. I usually have that
set to just identify as SeaMonkey. With it set to identify as SeaMonkey
and advertise Firefox compatibility, I see the looping effect you
describe (at least when I enable Javascript, which is usually blocked by
NoScript).

I've also had sites protected by another system (Akamai, I think) block
access if Javascript is disabled. With those, just enabling Javascript
and reloading doesn't work, as they seem to set some sort of cookie
remembering that you're blocked - so have to also delete the cookie
before reloading.

--
Mark.

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: Anyone else having trouble reaching the ClamAV website? [ In reply to ]

kdeugau at vianet

Jan 5, 2023, 10:35 AM

Post #4 of 6 (161 views)

clamav.mbourne@spamgourmet.com wrote:
> Kris Deugau wrote:
>> I went to load a semi-bookmarked page for signature writing
>> (https://docs.clamav.net/manual/Signatures.html), but it failed and
>> kept reloading Cloudflare's "security check" voodoo.

> ClamAV's site works for me, using SeaMonkey 2.53.14 - I'd been looking
> at those pages before sending my earlier reply. It seems to be affected
> by Edit > Preferences > Advanced > HTTP Networking. I usually have that
> set to just identify as SeaMonkey. With it set to identify as SeaMonkey
> and advertise Firefox compatibility, I see the looping effect you
> describe (at least when I enable Javascript, which is usually blocked by
> NoScript).

Thanks! I don't even recall that setting, might be worth my time to
trawl through everything and see what's new.

*rolls eyes at browser-sniffing* Now to see what *other* sites break
after changing that setting... And maybe install a browser identifier
plugin set to $firefox-recent. *sigh*

-kgd
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: Anyone else having trouble reaching the ClamAV website? [ In reply to ]

clamav-users at lists

Jan 6, 2023, 1:54 PM

Post #5 of 6 (160 views)

I occasionally see a similar message from sites other than clamav.net saying something equivalent to Cloudflare's "review the security of your connection".

The phrasing is pure gaslighting. It isn't for *connection* security -- HTTPS provides *that*. What it really means is that the site is trying to search your computer by running some Javascript (which I block by default via NoScript, thus causing the message). They assume, probably correctly, that most visitors will think it's for *their* benefit After all, security is good, isn't it?

Why can't Cloudflare et al be honest and say that they're trying to avoid Denial of Service attacks and other bandwidth overload?

On Thu, 5 Jan 2023 10:18:38 -0500
Kris Deugau <kdeugau@vianet.ca> wrote:

> I went to load a semi-bookmarked page for signature writing
> (https://docs.clamav.net/manual/Signatures.html), but it failed and kept
> reloading Cloudflare's "security check" voodoo.
>
> (Side question to pass up the chain at Cisco/Talos - is there a knob
> that can be twisted somewhere to force that check to run exactly once,
> then stop? I can't imagine any scenario where running it over and over
> and over has any benefit to anyone. [.And for bonus points, display an
> error message that gives some sliver of a hint what
> beyond-the-bleeding-edge headacheware the site or its security provider
> insist on relying on this week.])
>
> I then tried to load the main site, https://www.clamav.net, which also
> went into the same loop.
>
> I usually use Seamonkey (all-in-one Mozilla suite). I tried Konqueror
> which seemed to load things up fine.
>
> Since starting to write this and putting it aside, I've come across a
> small handful of other sites with the same issue, including one case
> where the base site triggered the issue but a directory under the base
> site did not. Since I'm *not* seeing it across a large number of sites,
> it's pretty clearly some specific security option in Cloudflare causing
> the failure.
>
> -kgd
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: Anyone else having trouble reaching the ClamAV website? [ In reply to ]

clamav-users at lists

Jan 9, 2023, 10:33 AM

Post #6 of 6 (156 views)

The system is probably set up that way on purpose to discourage automated bots from pounding on the site constantly, and ensure that the browser visiting the site is actually a human.

—
Sent from my ? iPad

> On Jan 6, 2023, at 14:55, Paul Kosinski via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> ?I occasionally see a similar message from sites other than clamav.net saying something equivalent to Cloudflare's "review the security of your connection".
>
> The phrasing is pure gaslighting. It isn't for *connection* security -- HTTPS provides *that*. What it really means is that the site is trying to search your computer by running some Javascript (which I block by default via NoScript, thus causing the message). They assume, probably correctly, that most visitors will think it's for *their* benefit After all, security is good, isn't it?
>
> Why can't Cloudflare et al be honest and say that they're trying to avoid Denial of Service attacks and other bandwidth overload?
>
>
>
>> On Thu, 5 Jan 2023 10:18:38 -0500
>> Kris Deugau <kdeugau@vianet.ca> wrote:
>>
>> I went to load a semi-bookmarked page for signature writing
>> (https://docs.clamav.net/manual/Signatures.html), but it failed and kept
>> reloading Cloudflare's "security check" voodoo.
>>
>> (Side question to pass up the chain at Cisco/Talos - is there a knob
>> that can be twisted somewhere to force that check to run exactly once,
>> then stop? I can't imagine any scenario where running it over and over
>> and over has any benefit to anyone. [.And for bonus points, display an
>> error message that gives some sliver of a hint what
>> beyond-the-bleeding-edge headacheware the site or its security provider
>> insist on relying on this week.])
>>
>> I then tried to load the main site, https://www.clamav.net, which also
>> went into the same loop.
>>
>> I usually use Seamonkey (all-in-one Mozilla suite). I tried Konqueror
>> which seemed to load things up fine.
>>
>> Since starting to write this and putting it aside, I've come across a
>> small handful of other sites with the same issue, including one case
>> where the base site triggered the issue but a directory under the base
>> site did not. Since I'm *not* seeing it across a large number of sites,
>> it's pretty clearly some specific security option in Cloudflare causing
>> the failure.
>>
>> -kgd
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat