Mailing List Archive

Probably banned IP
Hi,
some time ago I run freshclam on a lot of machines that are under one
public IP, therefore I generated a lot of requests and my company IP
was probably blocked. Now I created my own mirror of cvd, but it is on
the same IP address and it is not updating daily.cvd. I get:
cvdupdate-1.0.2 ERROR Failed to download daily.cvd from
https://database.clamav.net/daily.cvd?version=26821
I also run simple python request to database.clamav.net with my uuid,
and it worked fine from different IP address and from that blocked
address I get 403 forbidden. My local firewall is not an issue cause I
can make connection to database.clamav.net on port 443, so it must be
banned.

Can you please check if my IP address (91.220.164.241) is banned and un-ban it?

--
regards,
?ukasz Baniecki
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: Probably banned IP [ In reply to ]
have you read this?
https://docs.clamav.net/faq/faq-cvd.html?highlight=403#i-am-getting-error-codes-such-as-403-429-etc-when-freshclam-or-other-update-system-attempts-to-download-updates


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: ?ukasz Baniecki <mailto:baniecki.lukasz@gmail.com>
Gesendet / Sent: Freitag, Februar 24, 2023 um 12:55 (at 12:55 PM) +0100
Betreff / Subject: [clamav-users] Probably banned IP
> Hi,
> some time ago I run freshclam on a lot of machines that are under one
> public IP, therefore I generated a lot of requests and my company IP
> was probably blocked. Now I created my own mirror of cvd, but it is on
> the same IP address and it is not updating daily.cvd. I get:
> cvdupdate-1.0.2 ERROR Failed to download daily.cvd from
> https://database.clamav.net/daily.cvd?version=26821
> I also run simple python request to database.clamav.net with my uuid,
> and it worked fine from different IP address and from that blocked
> address I get 403 forbidden. My local firewall is not an issue cause I
> can make connection to database.clamav.net on port 443, so it must be
> banned.
>
> Can you please check if my IP address (91.220.164.241) is banned and un-ban it?
>

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: Probably banned IP [ In reply to ]
oh and by the way: if you are using an russian ip, it can also be blocked and will not be unblocked.
this you can find on a discussion on talos github


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: ?ukasz Baniecki <mailto:baniecki.lukasz@gmail.com>
Gesendet / Sent: Freitag, Februar 24, 2023 um 12:55 (at 12:55 PM) +0100
Betreff / Subject: [clamav-users] Probably banned IP
> Hi,
> some time ago I run freshclam on a lot of machines that are under one
> public IP, therefore I generated a lot of requests and my company IP
> was probably blocked. Now I created my own mirror of cvd, but it is on
> the same IP address and it is not updating daily.cvd. I get:
> cvdupdate-1.0.2 ERROR Failed to download daily.cvd from
> https://database.clamav.net/daily.cvd?version=26821
> I also run simple python request to database.clamav.net with my uuid,
> and it worked fine from different IP address and from that blocked
> address I get 403 forbidden. My local firewall is not an issue cause I
> can make connection to database.clamav.net on port 443, so it must be
> banned.
>
> Can you please check if my IP address (91.220.164.241) is banned and un-ban it?
>

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: Probably banned IP [ In reply to ]
Hi ?ukasz,

Looking at https://www.maxmind.com/en/geoip-demo, MaxMind seems to think your IP is in Poland.

I looked checked in our (Cisco's) own regional address lists used to comply with sanctions. I see
I don't see 91.220.164.0/24 block in the list. I do see that we block 91.220.163.0/24 and 91.220.166.0/24, but not 164.

My colleague checked our logs in Cloudflare and does not see your IP triggering any firewall events.

But it's possible that Cloudflare blocks it before it would arrive at our rules. Your IP is in a very similar IP range to some of those we block. And IP ranges do tend to change hands and change geolocations pretty frequently. So it's entirely likely that some filters believe your IP to be located in Russia.

We can't really tell any more than that unless you can share the Ray ID included in the HTTP response. Freshclam should show that information if you run it with the --verbose? option.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

________________________________
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of newcomer01 via clamav-users <clamav-users@lists.clamav.net>
Sent: Friday, February 24, 2023 10:53 AM
To: clamaV User Mailinglist <clamav-users@lists.clamav.net>
Cc: newcomer01 <newcomer01@posteo.de>
Subject: Re: [clamav-users] Probably banned IP

oh and by the way: if you are using an russian ip, it can also be blocked and will not be unblocked.
this you can find on a discussion on talos github


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: ?ukasz Baniecki <mailto:baniecki.lukasz@gmail.com>
Gesendet / Sent: Freitag, Februar 24, 2023 um 12:55 (at 12:55 PM) +0100
Betreff / Subject: [clamav-users] Probably banned IP
> Hi,
> some time ago I run freshclam on a lot of machines that are under one
> public IP, therefore I generated a lot of requests and my company IP
> was probably blocked. Now I created my own mirror of cvd, but it is on
> the same IP address and it is not updating daily.cvd. I get:
> cvdupdate-1.0.2 ERROR Failed to download daily.cvd from
> https://database.clamav.net/daily.cvd?version=26821
> I also run simple python request to database.clamav.net with my uuid,
> and it worked fine from different IP address and from that blocked
> address I get 403 forbidden. My local firewall is not an issue cause I
> can make connection to database.clamav.net on port 443, so it must be
> banned.
>
> Can you please check if my IP address (91.220.164.241) is banned and un-ban it?
>

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat