Mailing List Archive: [clamav-users] Fail to download source archive with 403 forbitten

[clamav-users] Fail to download source archive with 403 forbitten

Nov 14, 2021, 4:11 PM

Post #1 of 9 (954 views)

Hello,

I'm maintainer of FreeBSD ClamAV port. Today I recieved problem report
from our user that download of source archive fails with 403
forbitten. I checked it and confirmed it really happens as following.

----------------------------------------------------------------------
yasu@rolling-vm-freebsd2[1058]% make fetch
=> clamav-0.104.1.tar.gz doesn't seem to exist in /net/freebsd/ports/distfiles/.
=> Attempting to fetch https://www.clamav.net/downloads/production/clamav-0.104.1.tar.gz
fetch: https://www.clamav.net/downloads/production/clamav-0.104.1.tar.gz: Forbidden
=> Attempting to fetch http://distcache.FreeBSD.org/ports-distfiles/clamav-0.104.1.tar.gz
fetch: http://distcache.FreeBSD.org/ports-distfiles/clamav-0.104.1.tar.gz: Not Found
=> Couldn't fetch it - please try to retrieve this
=> port manually into /net/freebsd/ports/distfiles/ and try again.
*** Error code 1

Stop.
make: stopped in /usr/ports/security/clamav
yasu@rolling-vm-freebsd2[1059]%
----------------------------------------------------------------------

In the base system of FreeBSD there is a program named 'fetch'. Fetch
is a utility to retieve a file by URL, similar one to famous GNU Wget
and curl. FreeBSD ports framework uses fetch to download files through
network. And 403 forbitten happens when I tried to download source
archive with fetch.

----------------------------------------------------------------------
yasu@rolling-vm-freebsd2[1066]% fetch https://www.clamav.net/downloads/production/clamav-0.103.4.tar.gz
fetch: https://www.clamav.net/downloads/production/clamav-0.103.4.tar.gz: Forbidden
yasu@rolling-vm-freebsd2[1067]%
----------------------------------------------------------------------

I also tried download with GNU Wget and curl and it also fails with
same reason.

----------------------------------------------------------------------
yasu@rolling-vm-freebsd2[1069]% wget https://www.clamav.net/downloads/production/clamav-0.103.4.tar.gz
--2021-11-15 08:53:12-- https://www.clamav.net/downloads/production/clamav-0.103.4.tar.gz
Resolving www.clamav.net (www.clamav.net)... 104.16.218.84, 104.16.219.84, 2606:4700::6810:da54, ...
Connecting to www.clamav.net (www.clamav.net)|104.16.218.84|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2021-11-15 08:53:12 ERROR 403: Forbidden.

yasu@rolling-vm-freebsd2[1070]% curl -i https://www.clamav.net/downloads/production/clamav-0.103.4.tar.gz
HTTP/2 403
date: Sun, 14 Nov 2021 23:53:17 GMT
content-type: text/plain; charset=UTF-8
content-length: 16
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 6ae4288c495f206b-NRT

error code: 1020%
yasu@rolling-vm-freebsd2[1071]%
----------------------------------------------------------------------

But download succeeds if I use web browser such as Chrome, Edge and
Firefox. it seems server checks User-Agent header of HTTP request. So
I tried to confirm it.

Our fetch utility has '--user-agent' options that changes the value of
User-Agent header. And if I specify 'Mozilla/5.0' as it, then source
archive can be downloaded successfully.

----------------------------------------------------------------------
yasu@rolling-vm-freebsd2[1072]% fetch --user-agent=Mozilla/5.0 https://www.clamav.net/downloads/production/clamav-0.103.4.tar.gz
clamav-0.103.4.tar.gz 15 MB 2092 kBps 07s
yasu@rolling-vm-freebsd2[1073]%
----------------------------------------------------------------------

These results means server checks User-Agent header of HTTP request
and returns 403 forbitten if the value doesn't look like that of web
browser.

Then is it intened change?

Best Regards.

---
Yasuhiro Kimura

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fail to download source archive with 403 forbitten [ In reply to ]

clamav-users at lists

Nov 15, 2021, 5:23 AM

Post #2 of 9 (951 views)

Permalink

On Nov 14, 2021, at 19:11, Yasuhiro Kimura <yasu@utahime.org<mailto:yasu@utahime.org>> wrote:

These results means server checks User-Agent header of HTTP request
and returns 403 forbitten if the value doesn't look like that of web
browser.

Then is it intened change?

Yes, and it has been this way for over two years.

--
Joel Esler
Strategy, Cisco Talos Intelligence Group

Re: [clamav-users] Fail to download source archive with 403 forbitten [ In reply to ]

yasu at utahime

Nov 15, 2021, 5:39 AM

Post #3 of 9 (951 views)

Permalink

From: "Joel Esler \(jesler\) via clamav-users" <clamav-users@lists.clamav.net>
Subject: Re: [clamav-users] Fail to download source archive with 403 forbitten
Date: Mon, 15 Nov 2021 13:23:49 +0000

> These
>> results means server checks User-Agent header of HTTP request
>
>> and
>> returns 403 forbitten if the value doesn't look like that of web
>
>> browser.
>
>> Then
>> is it intened change?
>
> Yes, and it has been this way for over two years.

It sounds strange to me as I could successfully download both
clamav-0.103.4.tar.gz and clamav-0.104.1.tar.gz with `fetch` when I
updated our ClamAV ports to latest releases on November 4th.

---
Yasuhiro Kimura

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fail to download source archive with 403 forbitten [ In reply to ]

clamav-users at lists

Nov 15, 2021, 6:30 AM

Post #4 of 9 (951 views)

Permalink

On Nov 15, 2021, at 08:39, Yasuhiro Kimura <yasu@utahime.org<mailto:yasu@utahime.org>> wrote:

From: "Joel Esler \(jesler\) via clamav-users" <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>>
Subject: Re: [clamav-users] Fail to download source archive with 403 forbitten
Date: Mon, 15 Nov 2021 13:23:49 +0000

These
results means server checks User-Agent header of HTTP request

and
returns 403 forbitten if the value doesn't look like that of web

browser.

Then
is it intened change?

Yes, and it has been this way for over two years.

It sounds strange to me as I could successfully download both
clamav-0.103.4.tar.gz and clamav-0.104.1.tar.gz with `fetch` when I
updated our ClamAV ports to latest releases on November 4th.

Interesting. Well, I am sure things have maneuvered around slightly since then, but nothing material enough to suddenly allow that. It’s been that way for awhile.

Re: [clamav-users] Fail to download source archive with 403 forbitten [ In reply to ]

clamav-users at lists

Nov 15, 2021, 6:52 AM

Post #5 of 9 (951 views)

Permalink

On Nov 15, 2021, at 09:30, Joel Esler (jesler) via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:

On Nov 15, 2021, at 08:39, Yasuhiro Kimura <yasu@utahime.org<mailto:yasu@utahime.org>> wrote:

From: "Joel Esler \(jesler\) via clamav-users" <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>>
Subject: Re: [clamav-users] Fail to download source archive with 403 forbitten
Date: Mon, 15 Nov 2021 13:23:49 +0000

These
results means server checks User-Agent header of HTTP request

and
returns 403 forbitten if the value doesn't look like that of web

browser.

Then
is it intened change?

Yes, and it has been this way for over two years.

It sounds strange to me as I could successfully download both
clamav-0.103.4.tar.gz and clamav-0.104.1.tar.gz with `fetch` when I
updated our ClamAV ports to latest releases on November 4th.

Interesting. Well, I am sure things have maneuvered around slightly since then, but nothing material enough to suddenly allow that. It’s been that way for awhile.

Replying to myself: Try now?

Re: [clamav-users] Fail to download source archive with 403 forbitten [ In reply to ]

yasu at utahime

Nov 15, 2021, 7:09 AM

Post #6 of 9 (951 views)

Permalink

From: "Joel Esler (jesler)" <jesler@cisco.com>
Subject: Re: [clamav-users] Fail to download source archive with 403 forbitten
Date: Mon, 15 Nov 2021 14:30:06 +0000

>>> Yes, and it has been this way for over two years.
>
>> It
>> sounds strange to me as I could successfully download both
>
>> clamav-0.103.4.tar.gz
>> and clamav-0.104.1.tar.gz with `fetch` when I
>
>> updated
>> our ClamAV ports to latest releases on November 4th.
>
> Interesting. Well, I am sure things have maneuvered around slightly since then, but nothing material enough
> to suddenly allow that. It’s been that way for awhile.

There is a report from our user that source IP adress seems to matter
as well.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259835#c3

---
Yasuhiro Kimura

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fail to download source archive with 403 forbitten [ In reply to ]

clamav-users at lists

Nov 15, 2021, 12:49 PM

Post #7 of 9 (951 views)

Permalink

As a follow up to this thread, this has been fixed.

—
Sent from my ? iPad

> On Nov 15, 2021, at 10:09, Yasuhiro Kimura <yasu@utahime.org> wrote:
>
> ?From: "Joel Esler (jesler)" <jesler@cisco.com>
> Subject: Re: [clamav-users] Fail to download source archive with 403 forbitten
> Date: Mon, 15 Nov 2021 14:30:06 +0000
>
>>>> Yes, and it has been this way for over two years.
>>
>>> It
>>> sounds strange to me as I could successfully download both
>>
>>> clamav-0.103.4.tar.gz
>>> and clamav-0.104.1.tar.gz with `fetch` when I
>>
>>> updated
>>> our ClamAV ports to latest releases on November 4th.
>>
>> Interesting. Well, I am sure things have maneuvered around slightly since then, but nothing material enough
>> to suddenly allow that. It’s been that way for awhile.
>
> There is a report from our user that source IP adress seems to matter
> as well.
>
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259835#c3
>
> ---
> Yasuhiro Kimura

Re: [clamav-users] Fail to download source archive with 403 forbitten [ In reply to ]

clamav-users at lists

Nov 17, 2021, 11:34 AM

Post #8 of 9 (947 views)

Permalink

On Mon, 15 Nov 2021 13:23:49 +0000
"Joel Esler \(jesler\) via clamav-users" <clamav-users@lists.clamav.net> wrote:

> On Nov 14, 2021, at 19:11, Yasuhiro Kimura <yasu@utahime.org<mailto:yasu@utahime.org>> wrote:
>
> These results means server checks User-Agent header of HTTP request
> and returns 403 forbitten if the value doesn't look like that of web
> browser.
>
> Then is it intened change?
>
> Yes, and it has been this way for over two years.
>
> --
> Joel Esler
> Strategy, Cisco Talos Intelligence Group

Does anyone do automated updating of ClamAV from source when new fixes become
available (e.g., www.clamav.net/downloads/production/clamav-0.104.N.tar.gz)?

This sort of restriction could make it awkward.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fail to download source archive with 403 forbitten [ In reply to ]

clamav-users at lists

Nov 17, 2021, 2:16 PM

Post #9 of 9 (947 views)

Permalink

It has been fixed.

—
Sent from my ? iPad

> On Nov 17, 2021, at 14:36, Paul Kosinski via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> ?On Mon, 15 Nov 2021 13:23:49 +0000
> "Joel Esler \(jesler\) via clamav-users" <clamav-users@lists.clamav.net> wrote:
>
>> On Nov 14, 2021, at 19:11, Yasuhiro Kimura <yasu@utahime.org<mailto:yasu@utahime.org>> wrote:
>>
>> These results means server checks User-Agent header of HTTP request
>> and returns 403 forbitten if the value doesn't look like that of web
>> browser.
>>
>> Then is it intened change?
>>
>> Yes, and it has been this way for over two years.
>>
>> --
>> Joel Esler
>> Strategy, Cisco Talos Intelligence Group
>
>
> Does anyone do automated updating of ClamAV from source when new fixes become
> available (e.g., www.clamav.net/downloads/production/clamav-0.104.N.tar.gz)?
>
> This sort of restriction could make it awkward.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Mailing List Archive

Mailing List Archive

Attached Files: