Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ClamAV>
  3. win32
[clamav-users] Freshclam Update Error
clamav-users at lists
Mar 25, 2021, 6:04 AM
Post #1 of 8 (568 views)
Permalink
Hello,
Since March 3rd 2021, I have been unable to download the Virus definitions. I have verified that it is not the local firewalls or anything else blocking it so I can only guess I have been added to the blocked IP list.

Current working dir is /usr/local/share/clamav
Max retries == 3
ClamAV update process started at Thu Mar 25 07:48:42 2021
Using IPv6 aware code
Querying current.cvd.clamav.net
WARNING: Can't query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Connecting via proxy.ext.ray.com
Retrieving http://database.clamav.net/main.cvd
Trying to download http://database.clamav.net/main.cvd (IP: 199.46.182.5)
WARNING: getfile: Unknown response from remote server (IP: 199.46.182.5)
WARNING: Can't download main.cvd from database.clamav.net
Querying main.0.76.0.0.C72EB605.ping.clamav.net
Can't query main.0.76.0.0.C72EB605.ping.clamav.net
Trying again in 5 secs...
ClamAV update process started at Thu Mar 25 07:48:48 2021
Using IPv6 aware code
Querying current.cvd.clamav.net
WARNING: Can't query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Connecting via proxy.ext.ray.com
Retrieving http://database.clamav.net/main.cvd
Trying to download http://database.clamav.net/main.cvd (IP: 199.46.182.5)
WARNING: getfile: Unknown response from remote server (IP: 199.46.182.5)
WARNING: Can't download main.cvd from database.clamav.net
Querying main.0.76.0.0.C72EB605.ping.clamav.net
Can't query main.0.76.0.0.C72EB605.ping.clamav.net
Trying again in 5 secs...
ClamAV update process started at Thu Mar 25 07:48:53 2021
Using IPv6 aware code
Querying current.cvd.clamav.net
WARNING: Can't query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Connecting via proxy.ext.ray.com
Retrieving http://database.clamav.net/main.cvd
Trying to download http://database.clamav.net/main.cvd (IP: 199.46.182.5)
ERROR: getfile: Unknown response from remote server (IP: 199.46.182.5)
ERROR: Can't download main.cvd from database.clamav.net
Querying main.0.76.0.0.C72EB605.ping.clamav.net
Can't query main.0.76.0.0.C72EB605.ping.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in /usr/local/etc/freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons.


I also tried a wget and get the following error:
# wget http://database.clamav.net/main-55.cdiff
--2021-03-25 07:59:56-- http://database.clamav.net/main-55.cdiff
Resolving proxy.ext.ray.com (proxy.ext.ray.com)... 199.46.182.5
Connecting to proxy.ext.ray.com (proxy.ext.ray.com)|199.46.182.5|:80... connected.
Proxy request sent, awaiting response... 403 Forbidden
2021-03-25 07:59:56 ERROR 403: Forbidden.

Wayne Florence
Unix Administrator
c(978)987-4632
Re: [clamav-users] Freshclam Update Error [ In reply to ]
clamav-users at lists
Mar 25, 2021, 6:16 AM
Post #2 of 8 (568 views)
Permalink
On 25/03/2021 13:04, Wayne Florence via clamav-users wrote:
>
> Hello,
>
> ??????????????? Since March 3^rd 2021,? I have been unable to download
> the Virus definitions. I have verified that it is not the local
> firewalls or anything else blocking it so I can only guess I have been
> added to the blocked IP list.
>

Which version of Freshclam are you using?

If it's earlier than 0.100, then it's no longer supported, and you need
to update to a later version.


--
Paul



--


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates at http://www.pscs.co.uk/go/subscribe
Re: [clamav-users] Freshclam Update Error [ In reply to ]
clamav-users at lists
Mar 25, 2021, 6:30 AM
Post #3 of 8 (568 views)
Permalink
Paul,
Turns out I had 2 versions installed and was using 0.98 when I switched to version 102.4 I get a certificate error now.

* Peer's certificate issuer has been marked as not trusted by the user.
* Closing connection 1
WARNING: remote_cvdhead: Download failed (60) WARNING: Message: Peer certificate cannot be authenticated with given CA certificates
WARNING: Failed to get daily database version information from server: https://database.clamav.net


Wayne Florence
IBM/VSO Unix Administrator
c(978)987-4632

From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of Paul Smith via clamav-users
Sent: Thursday, March 25, 2021 9:16 AM
To: clamav-users@lists.clamav.net
Cc: Paul Smith <paul@pscs.co.uk>
Subject: [External] Re: [clamav-users] Freshclam Update Error

On 25/03/2021 13:04, Wayne Florence via clamav-users wrote:
Hello,
Since March 3rd 2021, I have been unable to download the Virus definitions. I have verified that it is not the local firewalls or anything else blocking it so I can only guess I have been added to the blocked IP list.

Which version of Freshclam are you using?

If it's earlier than 0.100, then it's no longer supported, and you need to update to a later version.



--

Paul

--

Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates <http://www.pscs.co.uk/go/subscribe>
Re: [clamav-users] Freshclam Update Error [ In reply to ]
clamav-users at lists
Mar 25, 2021, 6:38 AM
Post #4 of 8 (568 views)
Permalink
Are you using Freshclam or cvdupdate to download the signatures?

Sent from my ? iPhone

On Mar 25, 2021, at 09:32, Wayne Florence via clamav-users <clamav-users@lists.clamav.net> wrote:

?
Paul,
Turns out I had 2 versions installed and was using 0.98 when I switched to version 102.4 I get a certificate error now.

* Peer's certificate issuer has been marked as not trusted by the user.
* Closing connection 1
WARNING: remote_cvdhead: Download failed (60) WARNING: Message: Peer certificate cannot be authenticated with given CA certificates
WARNING: Failed to get daily database version information from server: https://database.clamav.net


Wayne Florence
IBM/VSO Unix Administrator
c(978)987-4632

From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of Paul Smith via clamav-users
Sent: Thursday, March 25, 2021 9:16 AM
To: clamav-users@lists.clamav.net
Cc: Paul Smith <paul@pscs.co.uk>
Subject: [External] Re: [clamav-users] Freshclam Update Error

On 25/03/2021 13:04, Wayne Florence via clamav-users wrote:
Hello,
Since March 3rd 2021, I have been unable to download the Virus definitions. I have verified that it is not the local firewalls or anything else blocking it so I can only guess I have been added to the blocked IP list.

Which version of Freshclam are you using?

If it's earlier than 0.100, then it's no longer supported, and you need to update to a later version.



--

Paul

--

Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates <http://www.pscs.co.uk/go/subscribe>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam Update Error [ In reply to ]
clamav-users at lists
Mar 25, 2021, 6:41 AM
Post #5 of 8 (568 views)
Permalink
freshclam

Wayne Florence
IBM/VSO Unix Administrator
c(978)987-4632

From: Joel Esler (jesler) <jesler@cisco.com>
Sent: Thursday, March 25, 2021 9:39 AM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: Wayne Florence <wayne.e.florence-nr@raytheon.com>
Subject: [External] Re: [clamav-users] Freshclam Update Error

Are you using Freshclam or cvdupdate to download the signatures?
Sent from my ? iPhone


On Mar 25, 2021, at 09:32, Wayne Florence via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:
?
Paul,
Turns out I had 2 versions installed and was using 0.98 when I switched to version 102.4 I get a certificate error now.

* Peer's certificate issuer has been marked as not trusted by the user.
* Closing connection 1
WARNING: remote_cvdhead: Download failed (60) WARNING: Message: Peer certificate cannot be authenticated with given CA certificates
WARNING: Failed to get daily database version information from server: https://database.clamav.net


Wayne Florence
IBM/VSO Unix Administrator
c(978)987-4632

From: clamav-users <clamav-users-bounces@lists.clamav.net<mailto:clamav-users-bounces@lists.clamav.net>> On Behalf Of Paul Smith via clamav-users
Sent: Thursday, March 25, 2021 9:16 AM
To: clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
Cc: Paul Smith <paul@pscs.co.uk<mailto:paul@pscs.co.uk>>
Subject: [External] Re: [clamav-users] Freshclam Update Error

On 25/03/2021 13:04, Wayne Florence via clamav-users wrote:
Hello,
Since March 3rd 2021, I have been unable to download the Virus definitions. I have verified that it is not the local firewalls or anything else blocking it so I can only guess I have been added to the blocked IP list.

Which version of Freshclam are you using?

If it's earlier than 0.100, then it's no longer supported, and you need to update to a later version.



--

Paul

--

Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates <http://www.pscs.co.uk/go/subscribe>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam Update Error [ In reply to ]
clamav-users at lists
Mar 25, 2021, 6:44 AM
Post #6 of 8 (568 views)
Permalink
Do you have an updated certificate store?

Sent from my ? iPhone

On Mar 25, 2021, at 09:41, Wayne Florence <wayne.e.florence-nr@raytheon.com> wrote:

?
freshclam

Wayne Florence
IBM/VSO Unix Administrator
c(978)987-4632

From: Joel Esler (jesler) <jesler@cisco.com>
Sent: Thursday, March 25, 2021 9:39 AM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: Wayne Florence <wayne.e.florence-nr@raytheon.com>
Subject: [External] Re: [clamav-users] Freshclam Update Error

Are you using Freshclam or cvdupdate to download the signatures?
Sent from my ? iPhone


On Mar 25, 2021, at 09:32, Wayne Florence via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:
?
Paul,
Turns out I had 2 versions installed and was using 0.98 when I switched to version 102.4 I get a certificate error now.

* Peer's certificate issuer has been marked as not trusted by the user.
* Closing connection 1
WARNING: remote_cvdhead: Download failed (60) WARNING: Message: Peer certificate cannot be authenticated with given CA certificates
WARNING: Failed to get daily database version information from server: https://database.clamav.net


Wayne Florence
IBM/VSO Unix Administrator
c(978)987-4632

From: clamav-users <clamav-users-bounces@lists.clamav.net<mailto:clamav-users-bounces@lists.clamav.net>> On Behalf Of Paul Smith via clamav-users
Sent: Thursday, March 25, 2021 9:16 AM
To: clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
Cc: Paul Smith <paul@pscs.co.uk<mailto:paul@pscs.co.uk>>
Subject: [External] Re: [clamav-users] Freshclam Update Error

On 25/03/2021 13:04, Wayne Florence via clamav-users wrote:
Hello,
Since March 3rd 2021, I have been unable to download the Virus definitions. I have verified that it is not the local firewalls or anything else blocking it so I can only guess I have been added to the blocked IP list.

Which version of Freshclam are you using?

If it's earlier than 0.100, then it's no longer supported, and you need to update to a later version.



--

Paul

--

Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates <http://www.pscs.co.uk/go/subscribe>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam Update Error [ In reply to ]
clamav-users at lists
Mar 25, 2021, 6:45 AM
Post #7 of 8 (568 views)
Permalink
Citeren Wayne Florence via clamav-users <clamav-users@lists.clamav.net>:

> Paul,
> Turns out I had 2 versions installed and was using
> 0.98 when I switched to version 102.4 I get a certificate error now.
>
> * Peer's certificate issuer has been marked as not trusted by the user.
> * Closing connection 1
> WARNING: remote_cvdhead: Download failed (60) WARNING: Message:
> Peer certificate cannot be authenticated with given CA certificates
> WARNING: Failed to get daily database version information from
> server: https://database.clamav.net

That's probably the MITM proxy 'proxy.ext.ray.com' you're using to
download the certificates and the certificate used by the proxy is not
trusted.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam Update Error [ In reply to ]
uhlar at fantomas
Mar 25, 2021, 6:46 AM
Post #8 of 8 (568 views)
Permalink
On 25.03.21 13:30, Wayne Florence via clamav-users wrote:
> Turns out I had 2 versions installed and was using 0.98 when I switched to version 102.4 I get a certificate error now.
>
>* Peer's certificate issuer has been marked as not trusted by the user.
>* Closing connection 1
>WARNING: remote_cvdhead: Download failed (60) WARNING: Message: Peer certificate cannot be authenticated with given CA certificates
>WARNING: Failed to get daily database version information from server: https://database.clamav.net

what certificate do you see when querying https://database.clamav.net ?

% openssl s_client -connect database.clamav.net:443 -crlf -brief
CONNECTION ESTABLISHED
Protocol version: TLSv1.3
Ciphersuite: TLS_AES_256_GCM_SHA384
Peer certificate: C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
Hash used: SHA256
Signature type: ECDSA
Verification: OK
Server Temp Key: X25519, 253 bits



--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Micro random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal