Mailing List Archive

On 02.09.23 17:04, Victor Sizov via clamav-users wrote:
>Perhaps my Ubuntu computer is infected with a virus that redirects
>html requests to "iyfbodn.com". To test it, I installed clamav (sudo
>apt install clamav clamav-daemon). When I updated it (sudo freshclam)
>I got the message:
>
>...
>Sat Sep 2 10:13:18 2023 -> DON'T PANIC! Read
>https://docs.clamav.net/manual/Installing.html
>Sat Sep 2 10:13:18 2023 -> ^FreshClam previously received error code
>429 or 403 from the ClamAV Content Delivery Network (CDN).
>Sat Sep 2 10:13:18 2023 -> This means that you have been rate limited
>or blocked by the CDN.
>Sat Sep 2 10:13:18 2023 -> 1. Verify that you're running a supported
>ClamAV version.
>Sat Sep 2 10:13:18 2023 -> See
>https://docs.clamav.net/faq/faq-eol.html for details.

Which clamav version do you have? versions older than 0.103 are not
supported.

>...
> I launched
>curl -IL docs.clamav.net
>and received:
>
>HTTP/1.1 403 Forbidden
>Date: Sat, 02 Sep 2023 07:19:15 GMT
>Content-Type: text/html; charset=UTF-8
>Connection: keep-alive
>X-Frame-Options: SAMEORIGIN
>Referrer-Policy: same-origin
>Cache-Control: max-age=15
>Expires: Sat, 02 Sep 2023 07:19:30 GMT
>Set-Cookie: __cf_bm=1MZmm2EcWi6S8fOiuha9zoaXngA5e44ph5LO2aXJchA-1693639155-0-AS7aYuYw1QJSTpioxNW76blxkMJKz2kTfvsaiUlH/kP9Z0sLbeMcLKgyf42ANBRqndUJQx
>2dXrePUzX9Aj+RnvA=; path=/; expires=Sat, 02-Sep-23 07:49:15 GMT;
>domain=.clamav.net; HttpOnly; SameSite=None
>X-Content-Type-Options: nosniff
>Server: cloudflare
>CF-RAY: 8003fbd3bbe89d6d-DME
>
>When I open https://docs.clamav.net in a browser, I get a message
>about blocking in cloudfare:
>
>Cloudflare Ray ID: 8005341f1fbc9daa • Your IP: 91.77.160.250
>
>1) How I can resolve this to get last clamav updates?

clamav web and virus DB are protected from automated fetching. You need
browser or freshclam new enough.

>2) Could you advise me how to make sure the presence/absence of a
>redirect to "iyfbodn.com"?

sorry, looks like a real virus targetting browsers.
Can you try searching from other computer?
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
REALITY.SYS corrupted. Press any key to reboot Universe.
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

I'm sorry to be late with the reply.

On Sat, Sep 2, 2023 at 6:02?PM Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
>
> On 02.09.23 17:04, Victor Sizov via clamav-users wrote:
> >Perhaps my Ubuntu computer is infected with a virus that redirects
> >html requests to "iyfbodn.com". To test it, I installed clamav (sudo
> >apt install clamav clamav-daemon). When I updated it (sudo freshclam)
> >I got the message:
> >
> >...
> >Sat Sep 2 10:13:18 2023 -> DON'T PANIC! Read
> >https://docs.clamav.net/manual/Installing.html
> >Sat Sep 2 10:13:18 2023 -> ^FreshClam previously received error code
> >429 or 403 from the ClamAV Content Delivery Network (CDN).
> >Sat Sep 2 10:13:18 2023 -> This means that you have been rate limited
> >or blocked by the CDN.
> >Sat Sep 2 10:13:18 2023 -> 1. Verify that you're running a supported
> >ClamAV version.
> >Sat Sep 2 10:13:18 2023 -> See
> >https://docs.clamav.net/faq/faq-eol.html for details.
>

> Which clamav version do you have? versions older than 0.103 are not
> supported.

I have 0.103.9 version.

>
>
> >...
> > I launched
> >curl -IL docs.clamav.net
> >and received:
> >
> >HTTP/1.1 403 Forbidden
> >Date: Sat, 02 Sep 2023 07:19:15 GMT
> >Content-Type: text/html; charset=UTF-8
> >Connection: keep-alive
> >X-Frame-Options: SAMEORIGIN
> >Referrer-Policy: same-origin
> >Cache-Control: max-age=15
> >Expires: Sat, 02 Sep 2023 07:19:30 GMT
> >Set-Cookie: __cf_bm=1MZmm2EcWi6S8fOiuha9zoaXngA5e44ph5LO2aXJchA-1693639155-0-AS7aYuYw1QJSTpioxNW76blxkMJKz2kTfvsaiUlH/kP9Z0sLbeMcLKgyf42ANBRqndUJQx
> >2dXrePUzX9Aj+RnvA=; path=/; expires=Sat, 02-Sep-23 07:49:15 GMT;
> >domain=.clamav.net; HttpOnly; SameSite=None
> >X-Content-Type-Options: nosniff
> >Server: cloudflare
> >CF-RAY: 8003fbd3bbe89d6d-DME
> >
> >
> >1) How I can resolve this to get last clamav updates?

>
> clamav web and virus DB are protected from automated fetching. You need
> browser or freshclam new enough.

Is freshclam 0.103.9 new enough?
I cannot use my brouser (Firefox 117 64 bit) because cloudflare blocks
my access to clamav.net.

>
>
> >2) Could you advise me how to make sure the presence/absence of a
> >redirect to "iyfbodn.com"?
>
> sorry, looks like a real virus targetting browsers.
> Can you try searching from other computer?

Yes, i tried installing clamav on another computer in my local network
and got the same errors when running freshclam and clamscan.

freshcalm error:
sizov@ironUbuntu:~$ sudo freshclam
Sun Sep 3 22:20:23 2023 -> ClamAV update process started at Sun Sep
3 22:20:23 2023
Sun Sep 3 22:20:23 2023 -> ^Your ClamAV installation is OUTDATED!
Sun Sep 3 22:20:23 2023 -> ^Local version: 0.103.9 Recommended
version: 0.103.10
Sun Sep 3 22:20:23 2023 -> DON'T PANIC! Read
https://docs.clamav.net/manual/Installing.html
Sun Sep 3 22:20:23 2023 -> ^FreshClam previously received error code
429 or 403 from the ClamAV Content Delivery Network (CDN).
Sun Sep 3 22:20:23 2023 -> This means that you have been rate limited
or blocked by the CDN.
Sun Sep 3 22:20:23 2023 -> 1. Verify that you're running a supported
ClamAV version.
Sun Sep 3 22:20:23 2023 -> See
https://docs.clamav.net/faq/faq-eol.html for details.
Sun Sep 3 22:20:23 2023 -> 2. Run FreshClam no more than once an
hour to check for updates.
Sun Sep 3 22:20:23 2023 -> FreshClam should check DNS first to
see if an update is needed.
Sun Sep 3 22:20:23 2023 -> 3. If you have more than 10 hosts on your
network attempting to download,
Sun Sep 3 22:20:23 2023 -> it is recommended that you set up a
private mirror on your network using
Sun Sep 3 22:20:23 2023 -> cvdupdate
(https://pypi.org/project/cvdupdate/) to save bandwidth on the
Sun Sep 3 22:20:23 2023 -> CDN and your own network.
Sun Sep 3 22:20:23 2023 -> 4. Please do not open a ticket asking for
an exemption from the rate limit,
Sun Sep 3 22:20:23 2023 -> it will not be granted.
Sun Sep 3 22:20:23 2023 -> ^You are still on cool-down until after:
2023-09-03 23:22:34
s

calscan error:
sizov@ironUbuntu:~$ sudo clamscan .
LibClamAV Error: cli_loaddbdir(): No supported database files found in
/var/lib/clamav
ERROR: Can't open file or directory

----------- SCAN SUMMARY -----------
Known viruses: 0
Engine version: 0.103.9
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.005 sec (0 m 0 s)
Start Date: 2023:09:03 22:02:04
End Date: 2023:09:03 22:02:04

Also, I can't access to clamav .net from any computer on my local
network because claudflare blocks me. I have access to it from a
smartphone only, it is on another network.


> --
> Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> REALITY.SYS corrupted. Press any key to reboot Universe.
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat

with regards,
Victor Sizov
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

>> On 02.09.23 17:04, Victor Sizov via clamav-users wrote:
>> >Perhaps my Ubuntu computer is infected with a virus that redirects
>> >html requests to "iyfbodn.com". To test it, I installed clamav (sudo
>> >apt install clamav clamav-daemon). When I updated it (sudo freshclam)
>> >I got the message:
>> >
>> >...
>> >Sat Sep 2 10:13:18 2023 -> DON'T PANIC! Read
>> >https://docs.clamav.net/manual/Installing.html
>> >Sat Sep 2 10:13:18 2023 -> ^FreshClam previously received error code
>> >429 or 403 from the ClamAV Content Delivery Network (CDN).
>> >Sat Sep 2 10:13:18 2023 -> This means that you have been rate limited
>> >or blocked by the CDN.

>On Sat, Sep 2, 2023 at 6:02?PM Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
>> Which clamav version do you have? versions older than 0.103 are not
>> supported.

On 03.09.23 22:36, Victor Sizov via clamav-users wrote:
>I have 0.103.9 version.

this is new enough.

>! > >When I open https://docs.clamav.net in a browser, I get a message
>! > >about blocking in cloudflare:
>! > >
>! > >Cloudflare Ray ID: 8005341f1fbc9daa • Your IP: 91.77.160.250

This ray ID could tell clamav people what to look for.

>I cannot use my brouser (Firefox 117 64 bit) because cloudflare blocks
>my access to clamav.net.


>> >2) Could you advise me how to make sure the presence/absence of a
>> >redirect to "iyfbodn.com"?
>>
>> sorry, looks like a real virus targetting browsers.
>> Can you try searching from other computer?
>
>Yes, i tried installing clamav on another computer in my local network
>and got the same errors when running freshclam and clamscan.


If you have clamav running on multiple computers in your network and if they
sit on a single IP behind NAT, this may be the reason why you are getting
denied.

You many need to set up local clamav database mirror not to overload clamav
network with repeated requests for databases.

https://github.com/Cisco-Talos/cvdupdate

https://packages.ubuntu.com/search?keywords=cvdupdate



>sizov@ironUbuntu:~$ sudo freshclam
>Sun Sep 3 22:20:23 2023 -> ClamAV update process started at Sun Sep
>3 22:20:23 2023
>Sun Sep 3 22:20:23 2023 -> ^Your ClamAV installation is OUTDATED!
>Sun Sep 3 22:20:23 2023 -> ^Local version: 0.103.9 Recommended
>version: 0.103.10
>Sun Sep 3 22:20:23 2023 -> DON'T PANIC! Read
>https://docs.clamav.net/manual/Installing.html
>Sun Sep 3 22:20:23 2023 -> ^FreshClam previously received error code
>429 or 403 from the ClamAV Content Delivery Network (CDN).
>Sun Sep 3 22:20:23 2023 -> This means that you have been rate limited
>or blocked by the CDN.


>calscan error:
>sizov@ironUbuntu:~$ sudo clamscan .
>LibClamAV Error: cli_loaddbdir(): No supported database files found in
>/var/lib/clamav
>ERROR: Can't open file or directory

This says there's no database loaded on that machine, apparently because of
being blocked.


--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a talented fool.
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

On 03.09.2023 22:36, Victor Sizov via clamav-users wrote:

> Cloudflare Ray ID: 8005341f1fbc9daa • Your IP: 91.77.160.250

https://github.com/Cisco-Talos/clamav/issues/500
ClamAV site and update database blocked by CDN in Russia
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat