Hello, We have performed an In-Place upgrade to RHEL 8 on our system that ClamAV resides on and afterwards we are no longer able to download the daily.cvd.
Just a little history. The system is in a lab behind a corporate proxy and it requires proxy rules to be able to reach database.clamav.net and clamav.net. Prior to the upgrade there were no issues in downloading the signatures on an hourly basis. We have verified that the rules on the proxy are still valid and the system is able to reach the proxy but it seems like it’s being blocked at database.clamav.net. I’ve included some output below: Thu Mar 7 11:52:47 2024 -> WARNING: Can't download daily.cvd from https://database.clamav.net/daily.cvd Thu Mar 7 11:52:47 2024 -> Trying again in 5 secs... Thu Mar 7 11:52:52 2024 -> daily database available for update (local version: 27075, remote version: 27207) Thu Mar 7 11:52:52 2024 -> ERROR: Download failed (35) Thu Mar 7 11:52:52 2024 -> ERROR: Message: SSL connect error Thu Mar 7 11:52:52 2024 -> ERROR: Can't download daily.cvd from https://database.clamav.net/daily.cvd Thu Mar 7 11:52:52 2024 -> Giving up onhttps://database.clamav.net... Thu Mar 7 11:52:52 2024 -> ERROR: Update failed for database: daily Thu Mar 7 11:52:52 2024 -> ERROR: Database update process failed: Connection failed Thu Mar 7 11:52:52 2024 -> ERROR: Update failed. Thu Mar 7 11:52:52 2024 -> -------------------------------------- Thu Mar 7 11:53:06 2024 -> Update process terminated Thu Mar 7 11:53:08 2024 -> -------------------------------------- Thu Mar 7 11:53:08 2024 -> ClamAV update process started at Thu Mar 7 11:53:08 2024 Thu Mar 7 11:53:08 2024 -> daily database available for update (local version: 27075, remote version: 27207) Thu Mar 7 11:53:08 2024 -> WARNING: Download failed (35) Thu Mar 7 11:53:08 2024 -> WARNING: Message: SSL connect error [root@seti026 ~]# wget http://database.clamav.net/ URL transformed to HTTPS due to an HSTS policy --2024-03-07 13:26:55-- https://database.clamav.net/ Resolving proxy.xxxxx.xxx-xxx.net (proxy.xxxxx.xxx-xxx.net)... 7.xx.xx.xx Connecting to proxy.xxxxx.xxx-xxx.net(proxy.xxxxx.xxx-xxx.net)| 7.xx.xx.xx |:8080... connected. Proxy request sent, awaiting response... 403 Forbidden 2024-03-07 13:26:55 ERROR 403: Forbidden. Let me know if you require anything else. Thanks, John
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat