Mailing List Archive

Hi Francois,

From what I understand ClamAV have tightened their download policy. Cloudflare is now more restrictive.

You are able to use their freshclam client to download updates, but if you try and download directly via methods such as wget, curl… Basically any scripted method you will receive the 403 response along with an error code in the response. As you said via the browser is working fine.

Kind Regards

Adam Copley
E: adam.copley@arola.co.uk | M: 07500937181
W: http://www.arola.co.uk | Jabber: xmpp:adam.copley@arola.co.uk

Online Meeting
https://meet.arola.co.uk/AdamCopley

> On 16 Mar 2021, at 21:33, François Jeanjean <francois.jeanjean@dedalus.eu> wrote:
>
> Hi all,
>
> Since few days when I try to get signatures I had an ERROR 403 Forbiden
>
> wget http://database.clamav.net/daily-26108.cdiff
> --2021-03-16 21:23:47-- http://database.clamav.net/daily-26108.cdiff
> Resolving database.clamav.net (database.clamav.net)... 104.16.219.84, 104.16.218.84, 2606:4700::6810:da54, ...
> Connecting to database.clamav.net (database.clamav.net)|104.16.219.84|:80... connected.
> HTTP request sent, awaiting response... 403 Forbidden
> 2021-03-16 21:23:47 ERROR 403: Forbidden.
>
> If I try with Chrome, it works !!
>
> I don't understand why. Do you have a clue ?
>
> Thanks for your help
>
> FJJ
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

Hello,

Thank you for your email. As a result of events documented in places here:
https://lists.clamav.net/pipermail/clamav-users/2021-March/010577.html
and
https://lists.clamav.net/pipermail/clamav-users/2021-March/010543.html

We’ve been forced to take emergency measures to protect the ClamAV environment.

Please Immediately switch to using Freshclam or https://github.com/micahsnyder/cvdupdate to update your AV definitions. If you are using Qnap or ClamWin, it’s likely that you are using a version of ClamAV that has been EOL’ed: https://blog.clamav.net/2021/02/clamav-eol-versions-prior-to-0100.html

Sorry for the inconvenience, but we are currently in emergency mode and have to make several drastic changes over the last several days.

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org



Sent from my ? iPhone

On Mar 16, 2021, at 18:48, Adam Copley via clamav-users <clamav-users@lists.clamav.net> wrote:

? Hi Francois,

From what I understand ClamAV have tightened their download policy. Cloudflare is now more restrictive.

You are able to use their freshclam client to download updates, but if you try and download directly via methods such as wget, curl… Basically any scripted method you will receive the 403 response along with an error code in the response. As you said via the browser is working fine.

Kind Regards

Adam Copley
E: adam.copley@arola.co.uk<mailto:adam.copley@arola.co.uk> | M: 07500937181
W: http://www.arola.co.uk | Jabber: xmpp:adam.copley@arola.co.uk

Online Meeting
https://meet.arola.co.uk/AdamCopley

On 16 Mar 2021, at 21:33, François Jeanjean <francois.jeanjean@dedalus.eu<mailto:francois.jeanjean@dedalus.eu>> wrote:

Hi all,

Since few days when I try to get signatures I had an ERROR 403 Forbiden

wget http://database.clamav.net/daily-26108.cdiff
--2021-03-16 21:23:47-- http://database.clamav.net/daily-26108.cdiff
Resolving database.clamav.net<http://database.clamav.net> (database.clamav.net<http://database.clamav.net>)... 104.16.219.84, 104.16.218.84, 2606:4700::6810:da54, ...
Connecting to database.clamav.net<http://database.clamav.net> (database.clamav.net<http://database.clamav.net>)|104.16.219.84|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2021-03-16 21:23:47 ERROR 403: Forbidden.

If I try with Chrome, it works !!

I don't understand why. Do you have a clue ?

Thanks for your help

FJJ

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hello,

I was using clamdownloader.pl and didn't find the information that it was replace by cvdupdate<https://github.com/micahsnyder/cvdupdate/tree/main/cvdupdate>.

It works fine now.

Thanks a lot

FJJ

De : clamav-users <clamav-users-bounces@lists.clamav.net> De la part de Joel Esler (jesler) via clamav-users
Envoyé : mercredi 17 mars 2021 00:44
À : ClamAV users ML <clamav-users@lists.clamav.net>
Cc : Joel Esler (jesler) <jesler@cisco.com>
Objet : Re: [clamav-users] wget http://database.clamav.net/daily-26108.cdiff ERROR 403: Forbidden.

Hello,

Thank you for your email. As a result of events documented in places here:
https://lists.clamav.net/pipermail/clamav-users/2021-March/010577.html
and
https://lists.clamav.net/pipermail/clamav-users/2021-March/010543.html

We’ve been forced to take emergency measures to protect the ClamAV environment.

Please Immediately switch to using Freshclam or https://github.com/micahsnyder/cvdupdate to update your AV definitions. If you are using Qnap or ClamWin, it’s likely that you are using a version of ClamAV that has been EOL’ed: https://blog.clamav.net/2021/02/clamav-eol-versions-prior-to-0100.html

Sorry for the inconvenience, but we are currently in emergency mode and have to make several drastic changes over the last several days.

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org


Sent from my ? iPhone


On Mar 16, 2021, at 18:48, Adam Copley via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:
? Hi Francois,

From what I understand ClamAV have tightened their download policy. Cloudflare is now more restrictive.

You are able to use their freshclam client to download updates, but if you try and download directly via methods such as wget, curl… Basically any scripted method you will receive the 403 response along with an error code in the response. As you said via the browser is working fine.

Kind Regards

Adam Copley
E: adam.copley@arola.co.uk<mailto:adam.copley@arola.co.uk> | M: 07500937181
W: http://www.arola.co.uk<https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.arola.co.uk%2F&data=04%7C01%7Cfrancois.jeanjean%40dedalus.eu%7Ccc84f02e1cf044806c0808d8e8d5b38d%7C9ffff5c3bdfa4a9db595ff68329945ef%7C0%7C0%7C637515351834438388%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=kLzGc%2BM80vCbtVaK5g16aHRa54IxWUZ0eKpo%2BaUCBDk%3D&reserved=0> | Jabber: xmpp:adam.copley@arola.co.uk

Online Meeting
https://meet.arola.co.uk/AdamCopley<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmeet.arola.co.uk%2FAdamCopley&data=04%7C01%7Cfrancois.jeanjean%40dedalus.eu%7Ccc84f02e1cf044806c0808d8e8d5b38d%7C9ffff5c3bdfa4a9db595ff68329945ef%7C0%7C0%7C637515351834438388%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ES4Ld%2BrwYD3p1nWR0meDdAwxoStuZVWtXKert2vAljw%3D&reserved=0>


On 16 Mar 2021, at 21:33, François Jeanjean <francois.jeanjean@dedalus.eu<mailto:francois.jeanjean@dedalus.eu>> wrote:

Hi all,

Since few days when I try to get signatures I had an ERROR 403 Forbiden

wget http://database.clamav.net/daily-26108.cdiff<https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdatabase.clamav.net%2Fdaily-26108.cdiff&data=04%7C01%7Cfrancois.jeanjean%40dedalus.eu%7Ccc84f02e1cf044806c0808d8e8d5b38d%7C9ffff5c3bdfa4a9db595ff68329945ef%7C0%7C0%7C637515351834448343%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RMdI6C5ZeLsrNUIAibBObG%2FMhQPu40xQVvJyUZWaoEQ%3D&reserved=0>
--2021-03-16 21:23:47-- http://database.clamav.net/daily-26108.cdiff<https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdatabase.clamav.net%2Fdaily-26108.cdiff&data=04%7C01%7Cfrancois.jeanjean%40dedalus.eu%7Ccc84f02e1cf044806c0808d8e8d5b38d%7C9ffff5c3bdfa4a9db595ff68329945ef%7C0%7C0%7C637515351834448343%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RMdI6C5ZeLsrNUIAibBObG%2FMhQPu40xQVvJyUZWaoEQ%3D&reserved=0>
Resolving database.clamav.net<https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdatabase.clamav.net%2F&data=04%7C01%7Cfrancois.jeanjean%40dedalus.eu%7Ccc84f02e1cf044806c0808d8e8d5b38d%7C9ffff5c3bdfa4a9db595ff68329945ef%7C0%7C0%7C637515351834458297%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=EeJhHpgcxomsQVoomno3c6ZZjDwSlPVhmLOk8WyuQ%2Bo%3D&reserved=0> (database.clamav.net<https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdatabase.clamav.net%2F&data=04%7C01%7Cfrancois.jeanjean%40dedalus.eu%7Ccc84f02e1cf044806c0808d8e8d5b38d%7C9ffff5c3bdfa4a9db595ff68329945ef%7C0%7C0%7C637515351834458297%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=EeJhHpgcxomsQVoomno3c6ZZjDwSlPVhmLOk8WyuQ%2Bo%3D&reserved=0>)... 104.16.219.84, 104.16.218.84, 2606:4700::6810:da54, ...
Connecting to database.clamav.net<https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdatabase.clamav.net%2F&data=04%7C01%7Cfrancois.jeanjean%40dedalus.eu%7Ccc84f02e1cf044806c0808d8e8d5b38d%7C9ffff5c3bdfa4a9db595ff68329945ef%7C0%7C0%7C637515351834458297%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=EeJhHpgcxomsQVoomno3c6ZZjDwSlPVhmLOk8WyuQ%2Bo%3D&reserved=0> (database.clamav.net<https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdatabase.clamav.net%2F&data=04%7C01%7Cfrancois.jeanjean%40dedalus.eu%7Ccc84f02e1cf044806c0808d8e8d5b38d%7C9ffff5c3bdfa4a9db595ff68329945ef%7C0%7C0%7C637515351834468260%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=g6rxSDgv033bt5bHwTAy61XpTgu4FMscx9FOaU%2BMXK0%3D&reserved=0>)|104.16.219.84|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2021-03-16 21:23:47 ERROR 403: Forbidden.

If I try with Chrome, it works !!

I don't understand why. Do you have a clue ?

Thanks for your help

FJJ

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml