Mailing List Archive

> Date: Friday, March 05, 2021 09:58:52 -0800
> From: Ritch Parker <ritch@mixxum.com>
>
> Yesterday, for some reason, all my AWS VMs receive a 403 Forbidden
> response from clamav when attempting to pull the latest cvd files.
> I’ve tried from two different instances, from a lambda, and then
> from my local machine. All result in the same response:
>
> $ wget http://database.clamav.net/daily.cvd
> --2021-03-05 09:47:46-- http://database.clamav.net/daily.cvd
> Resolving database.clamav.net (database.clamav.net)...
> 104.16.218.84, 104.16.219.84 Connecting to database.clamav.net
> (database.clamav.net)|104.16.218.84|:80... connected. HTTP request
> sent, awaiting response... 403 Forbidden
> 2021-03-05 09:47:48 ERROR 403: Forbidden.
>
> Not sure how I can resolve this. Is this temporary? I been
> checking once every 4 hours and no change.
>

See the message(s) posted on this topic yesterday:

Rate Limiting Downloads


<https://lists.clamav.net/pipermail/clamav-users/2021-March/010559.html>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Are you using Freshclam to download the updates?

> On Mar 5, 2021, at 12:58 PM, Ritch Parker <ritch@mixxum.com> wrote:
>
> Hello,
>
> Yesterday, for some reason, all my AWS VMs receive a 403 Forbidden response from clamav when attempting to pull the latest cvd files. I’ve tried from two different instances, from a lambda, and then from my local machine. All result in the same response:
>
> $ wget http://database.clamav.net/daily.cvd
> --2021-03-05 09:47:46-- http://database.clamav.net/daily.cvd
> Resolving database.clamav.net (database.clamav.net)... 104.16.218.84, 104.16.219.84
> Connecting to database.clamav.net (database.clamav.net)|104.16.218.84|:80... connected.
> HTTP request sent, awaiting response... 403 Forbidden
> 2021-03-05 09:47:48 ERROR 403: Forbidden.
>
> Not sure how I can resolve this. Is this temporary? I been checking once every 4 hours and no change.
>
> Thanks
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

I originally tried to setup Freshclam but found that, like the scan, it consumes a large amount of memory. I have an instance large enough to run the scans, but it is on an internal subnet without external access… but downloading files takes almost no memory, so to save some cost I just setup a small instance on the public subnet to download the daily file… doing a once every four hour check, then move the file to the larger instance. Was going to update further to do a head request, but then it stopped working :( ...Really was just looking for an update solution that could be run with a very small amount of memory and resources and this seemed to be the best fit.


> On Mar 5, 2021, at 10:20 AM, Joel Esler (jesler) via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> Are you using Freshclam to download the updates?
>
>> On Mar 5, 2021, at 12:58 PM, Ritch Parker <ritch@mixxum.com> wrote:
>>
>> Hello,
>>
>> Yesterday, for some reason, all my AWS VMs receive a 403 Forbidden response from clamav when attempting to pull the latest cvd files. I’ve tried from two different instances, from a lambda, and then from my local machine. All result in the same response:
>>
>> $ wget http://database.clamav.net/daily.cvd
>> --2021-03-05 09:47:46-- http://database.clamav.net/daily.cvd
>> Resolving database.clamav.net (database.clamav.net)... 104.16.218.84, 104.16.219.84
>> Connecting to database.clamav.net (database.clamav.net)|104.16.218.84|:80... connected.
>> HTTP request sent, awaiting response... 403 Forbidden
>> 2021-03-05 09:47:48 ERROR 403: Forbidden.
>>
>> Not sure how I can resolve this. Is this temporary? I been checking once every 4 hours and no change.
>>
>> Thanks
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Is there a way to minimize the amount of memory freshclam uses so it will run on an instance with 512MB?

> On Mar 5, 2021, at 10:29 AM, Ritch Parker <ritch@mixxum.com> wrote:
>
> I originally tried to setup Freshclam but found that, like the scan, it consumes a large amount of memory. I have an instance large enough to run the scans, but it is on an internal subnet without external access… but downloading files takes almost no memory, so to save some cost I just setup a small instance on the public subnet to download the daily file… doing a once every four hour check, then move the file to the larger instance. Was going to update further to do a head request, but then it stopped working :( ...Really was just looking for an update solution that could be run with a very small amount of memory and resources and this seemed to be the best fit.
>
>
>> On Mar 5, 2021, at 10:20 AM, Joel Esler (jesler) via clamav-users <clamav-users@lists.clamav.net> wrote:
>>
>> Are you using Freshclam to download the updates?
>>
>>> On Mar 5, 2021, at 12:58 PM, Ritch Parker <ritch@mixxum.com> wrote:
>>>
>>> Hello,
>>>
>>> Yesterday, for some reason, all my AWS VMs receive a 403 Forbidden response from clamav when attempting to pull the latest cvd files. I’ve tried from two different instances, from a lambda, and then from my local machine. All result in the same response:
>>>
>>> $ wget http://database.clamav.net/daily.cvd
>>> --2021-03-05 09:47:46-- http://database.clamav.net/daily.cvd
>>> Resolving database.clamav.net (database.clamav.net)... 104.16.218.84, 104.16.219.84
>>> Connecting to database.clamav.net (database.clamav.net)|104.16.218.84|:80... connected.
>>> HTTP request sent, awaiting response... 403 Forbidden
>>> 2021-03-05 09:47:48 ERROR 403: Forbidden.
>>>
>>> Not sure how I can resolve this. Is this temporary? I been checking once every 4 hours and no change.
>>>
>>> Thanks
>>>
>>> _______________________________________________
>>>
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

My current suggestion is setup Freshclam to do the initial update.

Directly downloading the raw cld files is no longer scalable.

> On Mar 5, 2021, at 1:29 PM, Ritch Parker <ritch@mixxum.com> wrote:
>
> I originally tried to setup Freshclam but found that, like the scan, it consumes a large amount of memory. I have an instance large enough to run the scans, but it is on an internal subnet without external access… but downloading files takes almost no memory, so to save some cost I just setup a small instance on the public subnet to download the daily file… doing a once every four hour check, then move the file to the larger instance. Was going to update further to do a head request, but then it stopped working :( ...Really was just looking for an update solution that could be run with a very small amount of memory and resources and this seemed to be the best fit.
>
>
>> On Mar 5, 2021, at 10:20 AM, Joel Esler (jesler) via clamav-users <clamav-users@lists.clamav.net> wrote:
>>
>> Are you using Freshclam to download the updates?
>>
>>> On Mar 5, 2021, at 12:58 PM, Ritch Parker <ritch@mixxum.com> wrote:
>>>
>>> Hello,
>>>
>>> Yesterday, for some reason, all my AWS VMs receive a 403 Forbidden response from clamav when attempting to pull the latest cvd files. I’ve tried from two different instances, from a lambda, and then from my local machine. All result in the same response:
>>>
>>> $ wget http://database.clamav.net/daily.cvd
>>> --2021-03-05 09:47:46-- http://database.clamav.net/daily.cvd
>>> Resolving database.clamav.net (database.clamav.net)... 104.16.218.84, 104.16.219.84
>>> Connecting to database.clamav.net (database.clamav.net)|104.16.218.84|:80... connected.
>>> HTTP request sent, awaiting response... 403 Forbidden
>>> 2021-03-05 09:47:48 ERROR 403: Forbidden.
>>>
>>> Not sure how I can resolve this. Is this temporary? I been checking once every 4 hours and no change.
>>>
>>> Thanks
>>>
>>> _______________________________________________
>>>
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

I've never seen any problem with freshclam's memory footprint.

On my Windows box, freshclam runs taking up all of 2.6MB.

Clamd, on the other hand sucks down 1.4GB.

There is no need to run clamd for the situation you are dealing with.

On Friday, March 5, 2021 at 10:45 AM, Joel Esler wrote:
> My current suggestion is setup Freshclam to do the initial update.
>
> Directly downloading the raw cld files is no longer scalable.
>
> > On Mar 5, 2021, at 1:29 PM, Ritch Parker <ritch@mixxum.com> wrote:
> >
> > I originally tried to setup Freshclam but found that, like the scan, it
> consumes a large amount of memory. I have an instance large enough to run
> the scans, but it is on an internal subnet without external access… but
> downloading files takes almost no memory, so to save some cost I just setup
> a small instance on the public subnet to download the daily file… doing a once
> every four hour check, then move the file to the larger instance. Was going
> to update further to do a head request, but then it stopped working :(
> ...Really was just looking for an update solution that could be run with a very
> small amount of memory and resources and this seemed to be the best fit.
> >
> >
> >> On Mar 5, 2021, at 10:20 AM, Joel Esler (jesler) via clamav-users <clamav-
> users@lists.clamav.net> wrote:
> >>
> >> Are you using Freshclam to download the updates?
> >>
> >>> On Mar 5, 2021, at 12:58 PM, Ritch Parker <ritch@mixxum.com> wrote:
> >>>
> >>> Hello,
> >>>
> >>> Yesterday, for some reason, all my AWS VMs receive a 403 Forbidden
> response from clamav when attempting to pull the latest cvd files. I’ve tried
> from two different instances, from a lambda, and then from my local
> machine. All result in the same response:
> >>>
> >>> $ wget http://database.clamav.net/daily.cvd
> >>> --2021-03-05 09:47:46-- http://database.clamav.net/daily.cvd
> >>> Resolving database.clamav.net (database.clamav.net)...
> >>> 104.16.218.84, 104.16.219.84 Connecting to database.clamav.net
> (database.clamav.net)|104.16.218.84|:80... connected.
> >>> HTTP request sent, awaiting response... 403 Forbidden
> >>> 2021-03-05 09:47:48 ERROR 403: Forbidden.
> >>>
> >>> Not sure how I can resolve this. Is this temporary? I been checking once
> every 4 hours and no change.
> >>>
> >>> Thanks
> >>>
> >>> _______________________________________________
> >>>
> >>> clamav-users mailing list
> >>> clamav-users@lists.clamav.net
> >>> https://lists.clamav.net/mailman/listinfo/clamav-users
> >>>
> >>>
> >>> Help us build a comprehensive ClamAV guide:
> >>> https://github.com/vrtadmin/clamav-faq
> >>>
> >>> http://www.clamav.net/contact.html#ml
> >>
> >>
> >> _______________________________________________
> >>
> >> clamav-users mailing list
> >> clamav-users@lists.clamav.net
> >> https://lists.clamav.net/mailman/listinfo/clamav-users
> >>
> >>
> >> Help us build a comprehensive ClamAV guide:
> >> https://github.com/vrtadmin/clamav-faq
> >>
> >> http://www.clamav.net/contact.html#ml
> >
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Setting the 'TestDatabases' option to false in freshclam.conf will prevent
freshclam from loading the database file into memory before replacing the
actual CVDs that clamd will use. The potential downside with this is that
if a CVD ends up having load issues for some reason (which shouldn't happen
given the testing we do on our end) clamd won't load in any signatures from
that CVD. With the TestDatabases option enabled, there can be issues on
memory constrained systems since clamd will have a copy of the CVDs loaded
into memory and then freshclam will load another copy into memory at the
same time, but the benefit is that if a new CVD does have issues loading
for some reasons then it won't replace the previous set of CVDs that clamd
has been able to load successfully.

-Andrew

Andrew Williams
Malware Research Team
Cisco Talos

On Fri, Mar 5, 2021 at 1:53 PM Mark Pizzolato - Clamav-Win32 via
clamav-users <clamav-users@lists.clamav.net> wrote:

> I've never seen any problem with freshclam's memory footprint.
>
> On my Windows box, freshclam runs taking up all of 2.6MB.
>
> Clamd, on the other hand sucks down 1.4GB.
>
> There is no need to run clamd for the situation you are dealing with.
>
> On Friday, March 5, 2021 at 10:45 AM, Joel Esler wrote:
> > My current suggestion is setup Freshclam to do the initial update.
> >
> > Directly downloading the raw cld files is no longer scalable.
> >
> > > On Mar 5, 2021, at 1:29 PM, Ritch Parker <ritch@mixxum.com> wrote:
> > >
> > > I originally tried to setup Freshclam but found that, like the scan, it
> > consumes a large amount of memory. I have an instance large enough to
> run
> > the scans, but it is on an internal subnet without external access… but
> > downloading files takes almost no memory, so to save some cost I just
> setup
> > a small instance on the public subnet to download the daily file… doing
> a once
> > every four hour check, then move the file to the larger instance. Was
> going
> > to update further to do a head request, but then it stopped working :(
> > ...Really was just looking for an update solution that could be run with
> a very
> > small amount of memory and resources and this seemed to be the best fit.
> > >
> > >
> > >> On Mar 5, 2021, at 10:20 AM, Joel Esler (jesler) via clamav-users
> <clamav-
> > users@lists.clamav.net> wrote:
> > >>
> > >> Are you using Freshclam to download the updates?
> > >>
> > >>> On Mar 5, 2021, at 12:58 PM, Ritch Parker <ritch@mixxum.com> wrote:
> > >>>
> > >>> Hello,
> > >>>
> > >>> Yesterday, for some reason, all my AWS VMs receive a 403 Forbidden
> > response from clamav when attempting to pull the latest cvd files. I’ve
> tried
> > from two different instances, from a lambda, and then from my local
> > machine. All result in the same response:
> > >>>
> > >>> $ wget http://database.clamav.net/daily.cvd
> > >>> --2021-03-05 09:47:46-- http://database.clamav.net/daily.cvd
> > >>> Resolving database.clamav.net (database.clamav.net)...
> > >>> 104.16.218.84, 104.16.219.84 Connecting to database.clamav.net
> > (database.clamav.net)|104.16.218.84|:80... connected.
> > >>> HTTP request sent, awaiting response... 403 Forbidden
> > >>> 2021-03-05 09:47:48 ERROR 403: Forbidden.
> > >>>
> > >>> Not sure how I can resolve this. Is this temporary? I been
> checking once
> > every 4 hours and no change.
> > >>>
> > >>> Thanks
> > >>>
> > >>> _______________________________________________
> > >>>
> > >>> clamav-users mailing list
> > >>> clamav-users@lists.clamav.net
> > >>> https://lists.clamav.net/mailman/listinfo/clamav-users
> > >>>
> > >>>
> > >>> Help us build a comprehensive ClamAV guide:
> > >>> https://github.com/vrtadmin/clamav-faq
> > >>>
> > >>> http://www.clamav.net/contact.html#ml
> > >>
> > >>
> > >> _______________________________________________
> > >>
> > >> clamav-users mailing list
> > >> clamav-users@lists.clamav.net
> > >> https://lists.clamav.net/mailman/listinfo/clamav-users
> > >>
> > >>
> > >> Help us build a comprehensive ClamAV guide:
> > >> https://github.com/vrtadmin/clamav-faq
> > >>
> > >> http://www.clamav.net/contact.html#ml
> > >
> >
> >
> > _______________________________________________
> >
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

Maybe it’s the initial setup, but attempting to run freshclam on my 512MB ubuntu AWS instance consistently failed… I forget the error exactly, but from what I read on other posts, was related to memory shortages. I checked for other processes the time, and clamd was not in the list.

> On Mar 5, 2021, at 10:52 AM, Mark Pizzolato - Clamav-Win32 <clamav-win32@subscriptions.pizzolato.net> wrote:
>
> I've never seen any problem with freshclam's memory footprint.
>
> On my Windows box, freshclam runs taking up all of 2.6MB.
>
> Clamd, on the other hand sucks down 1.4GB.
>
> There is no need to run clamd for the situation you are dealing with.
>
> On Friday, March 5, 2021 at 10:45 AM, Joel Esler wrote:
>> My current suggestion is setup Freshclam to do the initial update.
>>
>> Directly downloading the raw cld files is no longer scalable.
>>
>>> On Mar 5, 2021, at 1:29 PM, Ritch Parker <ritch@mixxum.com> wrote:
>>>
>>> I originally tried to setup Freshclam but found that, like the scan, it
>> consumes a large amount of memory. I have an instance large enough to run
>> the scans, but it is on an internal subnet without external access… but
>> downloading files takes almost no memory, so to save some cost I just setup
>> a small instance on the public subnet to download the daily file… doing a once
>> every four hour check, then move the file to the larger instance. Was going
>> to update further to do a head request, but then it stopped working :(
>> ...Really was just looking for an update solution that could be run with a very
>> small amount of memory and resources and this seemed to be the best fit.
>>>
>>>
>>>> On Mar 5, 2021, at 10:20 AM, Joel Esler (jesler) via clamav-users <clamav-
>> users@lists.clamav.net> wrote:
>>>>
>>>> Are you using Freshclam to download the updates?
>>>>
>>>>> On Mar 5, 2021, at 12:58 PM, Ritch Parker <ritch@mixxum.com> wrote:
>>>>>
>>>>> Hello,
>>>>>
>>>>> Yesterday, for some reason, all my AWS VMs receive a 403 Forbidden
>> response from clamav when attempting to pull the latest cvd files. I’ve tried
>> from two different instances, from a lambda, and then from my local
>> machine. All result in the same response:
>>>>>
>>>>> $ wget http://database.clamav.net/daily.cvd
>>>>> --2021-03-05 09:47:46-- http://database.clamav.net/daily.cvd
>>>>> Resolving database.clamav.net (database.clamav.net)...
>>>>> 104.16.218.84, 104.16.219.84 Connecting to database.clamav.net
>> (database.clamav.net)|104.16.218.84|:80... connected.
>>>>> HTTP request sent, awaiting response... 403 Forbidden
>>>>> 2021-03-05 09:47:48 ERROR 403: Forbidden.
>>>>>
>>>>> Not sure how I can resolve this. Is this temporary? I been checking once
>> every 4 hours and no change.
>>>>>
>>>>> Thanks
>>>>>
>>>>> _______________________________________________
>>>>>
>>>>> clamav-users mailing list
>>>>> clamav-users@lists.clamav.net
>>>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>>>
>>>>>
>>>>> Help us build a comprehensive ClamAV guide:
>>>>> https://github.com/vrtadmin/clamav-faq
>>>>>
>>>>> http://www.clamav.net/contact.html#ml
>>>>
>>>>
>>>> _______________________________________________
>>>>
>>>> clamav-users mailing list
>>>> clamav-users@lists.clamav.net
>>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>>
>>>>
>>>> Help us build a comprehensive ClamAV guide:
>>>> https://github.com/vrtadmin/clamav-faq
>>>>
>>>> http://www.clamav.net/contact.html#ml
>>>
>>
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 05.03.21 10:42, Ritch Parker wrote:
>Is there a way to minimize the amount of memory freshclam uses so it will run on an instance with 512MB?

clamav uses over 1GB of RAM to hold the virus database.

>> On Mar 5, 2021, at 10:29 AM, Ritch Parker <ritch@mixxum.com> wrote:
>>
>> I originally tried to setup Freshclam but found that, like the scan, it consumes a large amount of memory. I have an instance large enough to run the scans, but it is on an internal subnet without external access… but downloading files takes almost no memory, so to save some cost I just setup a small instance on the public subnet to download the daily file… doing a once every four hour check, then move the file to the larger instance. Was going to update further to do a head request, but then it stopped working :( ...Really was just looking for an update solution that could be run with a very small amount of memory and resources and this seemed to be the best fit.
>>
>>
>>> On Mar 5, 2021, at 10:20 AM, Joel Esler (jesler) via clamav-users <clamav-users@lists.clamav.net> wrote:
>>>
>>> Are you using Freshclam to download the updates?
>>>
>>>> On Mar 5, 2021, at 12:58 PM, Ritch Parker <ritch@mixxum.com> wrote:
>>>>
>>>> Hello,
>>>>
>>>> Yesterday, for some reason, all my AWS VMs receive a 403 Forbidden response from clamav when attempting to pull the latest cvd files. I’ve tried from two different instances, from a lambda, and then from my local machine. All result in the same response:
>>>>
>>>> $ wget http://database.clamav.net/daily.cvd
>>>> --2021-03-05 09:47:46-- http://database.clamav.net/daily.cvd
>>>> Resolving database.clamav.net (database.clamav.net)... 104.16.218.84, 104.16.219.84
>>>> Connecting to database.clamav.net (database.clamav.net)|104.16.218.84|:80... connected.
>>>> HTTP request sent, awaiting response... 403 Forbidden
>>>> 2021-03-05 09:47:48 ERROR 403: Forbidden.
>>>>
>>>> Not sure how I can resolve this. Is this temporary? I been checking once every 4 hours and no change.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Ok, at the time, doing an etag check then download seemed very simple and very stable… but given the recent updates, I’ll dive back into trying to setup freshclam with that config change. Thanks for the info.

> On Mar 5, 2021, at 11:00 AM, Andrew Williams <awillia2@sourcefire.com> wrote:
>
> Setting the 'TestDatabases' option to false in freshclam.conf will prevent freshclam from loading the database file into memory before replacing the actual CVDs that clamd will use. The potential downside with this is that if a CVD ends up having load issues for some reason (which shouldn't happen given the testing we do on our end) clamd won't load in any signatures from that CVD. With the TestDatabases option enabled, there can be issues on memory constrained systems since clamd will have a copy of the CVDs loaded into memory and then freshclam will load another copy into memory at the same time, but the benefit is that if a new CVD does have issues loading for some reasons then it won't replace the previous set of CVDs that clamd has been able to load successfully.
>
> -Andrew
>
> Andrew Williams
> Malware Research Team
> Cisco Talos
>
> On Fri, Mar 5, 2021 at 1:53 PM Mark Pizzolato - Clamav-Win32 via clamav-users <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>> wrote:
> I've never seen any problem with freshclam's memory footprint.
>
> On my Windows box, freshclam runs taking up all of 2.6MB.
>
> Clamd, on the other hand sucks down 1.4GB.
>
> There is no need to run clamd for the situation you are dealing with.
>
> On Friday, March 5, 2021 at 10:45 AM, Joel Esler wrote:
> > My current suggestion is setup Freshclam to do the initial update.
> >
> > Directly downloading the raw cld files is no longer scalable.
> >
> > > On Mar 5, 2021, at 1:29 PM, Ritch Parker <ritch@mixxum.com <mailto:ritch@mixxum.com>> wrote:
> > >
> > > I originally tried to setup Freshclam but found that, like the scan, it
> > consumes a large amount of memory. I have an instance large enough to run
> > the scans, but it is on an internal subnet without external access… but
> > downloading files takes almost no memory, so to save some cost I just setup
> > a small instance on the public subnet to download the daily file… doing a once
> > every four hour check, then move the file to the larger instance. Was going
> > to update further to do a head request, but then it stopped working :(
> > ...Really was just looking for an update solution that could be run with a very
> > small amount of memory and resources and this seemed to be the best fit.
> > >
> > >
> > >> On Mar 5, 2021, at 10:20 AM, Joel Esler (jesler) via clamav-users <clamav-
> > users@lists.clamav.net <mailto:users@lists.clamav.net>> wrote:
> > >>
> > >> Are you using Freshclam to download the updates?
> > >>
> > >>> On Mar 5, 2021, at 12:58 PM, Ritch Parker <ritch@mixxum.com <mailto:ritch@mixxum.com>> wrote:
> > >>>
> > >>> Hello,
> > >>>
> > >>> Yesterday, for some reason, all my AWS VMs receive a 403 Forbidden
> > response from clamav when attempting to pull the latest cvd files. I’ve tried
> > from two different instances, from a lambda, and then from my local
> > machine. All result in the same response:
> > >>>
> > >>> $ wget http://database.clamav.net/daily.cvd <http://database.clamav.net/daily.cvd>
> > >>> --2021-03-05 09:47:46-- http://database.clamav.net/daily.cvd <http://database.clamav.net/daily.cvd>
> > >>> Resolving database.clamav.net <http://database.clamav.net/> (database.clamav.net <http://database.clamav.net/>)...
> > >>> 104.16.218.84, 104.16.219.84 Connecting to database.clamav.net <http://database.clamav.net/>
> > (database.clamav.net <http://database.clamav.net/>)|104.16.218.84|:80... connected.
> > >>> HTTP request sent, awaiting response... 403 Forbidden
> > >>> 2021-03-05 09:47:48 ERROR 403: Forbidden.
> > >>>
> > >>> Not sure how I can resolve this. Is this temporary? I been checking once
> > every 4 hours and no change.
> > >>>
> > >>> Thanks
> > >>>
> > >>> _______________________________________________
> > >>>
> > >>> clamav-users mailing list
> > >>> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
> > >>> https://lists.clamav.net/mailman/listinfo/clamav-users <https://lists.clamav.net/mailman/listinfo/clamav-users>
> > >>>
> > >>>
> > >>> Help us build a comprehensive ClamAV guide:
> > >>> https://github.com/vrtadmin/clamav-faq <https://github.com/vrtadmin/clamav-faq>
> > >>>
> > >>> http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml>
> > >>
> > >>
> > >> _______________________________________________
> > >>
> > >> clamav-users mailing list
> > >> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
> > >> https://lists.clamav.net/mailman/listinfo/clamav-users <https://lists.clamav.net/mailman/listinfo/clamav-users>
> > >>
> > >>
> > >> Help us build a comprehensive ClamAV guide:
> > >> https://github.com/vrtadmin/clamav-faq <https://github.com/vrtadmin/clamav-faq>
> > >>
> > >> http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml>
> > >
> >
> >
> > _______________________________________________
> >
> > clamav-users mailing list
> > clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
> > https://lists.clamav.net/mailman/listinfo/clamav-users <https://lists.clamav.net/mailman/listinfo/clamav-users>
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq <https://github.com/vrtadmin/clamav-faq>
> >
> > http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
> https://lists.clamav.net/mailman/listinfo/clamav-users <https://lists.clamav.net/mailman/listinfo/clamav-users>
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq <https://github.com/vrtadmin/clamav-faq>
>
> http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml>