It feels like the proxy may not be forwarding freshclam's HTTP User-Agent header. We use that header to block unsupported software (like curl, wget, firefox, chrome, etc) from downloading the database files. I don't know why that would change with just an in-place upgrade of the system to RHEL 8, however.
John, if you can get the HTTP "cf-ray" header value from the HTTP 403 response to the proxy, our Cloudflare admin can look for the firewall event logs in Cloudflare to confirm the reason for the 403 response. Regards, Micah Micah Snyder (they/them) ClamAV Development Talos Cisco Systems, Inc. ________________________________ From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of Joel Esler via clamav-users <clamav-users@lists.clamav.net> Sent: Thursday, March 7, 2024 2:44 PM To: ClamAV users ML <clamav-users@lists.clamav.net> Cc: Joel Esler <joel.es...@me.com> Subject: Re: [clamav-users] Unable to download daily.cvd after upgrade to RHEL 8 Looks like you’re trying to connect through a proxy. Not directly. — Sent from my iPhone On Mar 7, 2024, at 13:34, John Paul Guay via clamav-users <clamav-users@lists.clamav.net> wrote: Hello, We have performed an In-Place upgrade to RHEL 8 on our system that ClamAV resides on and afterwards we are no longer able to download the daily.cvd. Just a little history. The system is in a lab behind a corporate proxy and it requires proxy rules to be able to reach database.clamav.net<http://database.clamav.net> and clamav.net<http://clamav.net>. Prior to the upgrade there were no issues in downloading the signatures on an hourly basis. We have verified that the rules on the proxy are still valid and the system is able to reach the proxy but it seems like it’s being blocked at database.clamav.net<http://database.clamav.net>. I’ve included some output below: Thu Mar 7 11:52:47 2024 -> WARNING: Can't download daily.cvd fromhttps://database.clamav.net/daily.cvd Thu Mar 7 11:52:47 2024 -> Trying again in 5 secs... Thu Mar 7 11:52:52 2024 -> daily database available for update (local version: 27075, remote version: 27207) Thu Mar 7 11:52:52 2024 -> ERROR: Download failed (35) Thu Mar 7 11:52:52 2024 -> ERROR: Message: SSL connect error Thu Mar 7 11:52:52 2024 -> ERROR: Can't download daily.cvd fromhttps://database.clamav.net/daily.cvd Thu Mar 7 11:52:52 2024 -> Giving up onhttps://database.clamav.net... Thu Mar 7 11:52:52 2024 -> ERROR: Update failed for database: daily Thu Mar 7 11:52:52 2024 -> ERROR: Database update process failed: Connection failed Thu Mar 7 11:52:52 2024 -> ERROR: Update failed. Thu Mar 7 11:52:52 2024 -> -------------------------------------- Thu Mar 7 11:53:06 2024 -> Update process terminated Thu Mar 7 11:53:08 2024 -> -------------------------------------- Thu Mar 7 11:53:08 2024 -> ClamAV update process started at Thu Mar 7 11:53:08 2024 Thu Mar 7 11:53:08 2024 -> daily database available for update (local version: 27075, remote version: 27207) Thu Mar 7 11:53:08 2024 -> WARNING: Download failed (35) Thu Mar 7 11:53:08 2024 -> WARNING: Message: SSL connect error [root@seti026 ~]# wget http://database.clamav.net/ URL transformed to HTTPS due to an HSTS policy --2024-03-07 13:26:55-- https://database.clamav.net/ Resolving proxy.xxxxx.xxx-xxx.net<http://proxy.xxxxx.xxx-xxx.net> (proxy.xxxxx.xxx-xxx.net<http://proxy.xxxxx.xxx-xxx.net>)... 7.xx.xx.xx Connecting to proxy.xxxxx.xxx-xxx.net<http://proxy.xxxxx.xxx-xxx.net>(proxy.xxxxx.xxx-xxx.net<http://proxy.xxxxx.xxx-xxx.net>)| 7.xx.xx.xx |:8080... connected. Proxy request sent, awaiting response... 403 Forbidden 2024-03-07 13:26:55 ERROR 403: Forbidden. Let me know if you require anything else. Thanks, John _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
