Re: [clamav-users] Probably banned IP
Hi Łukasz, Looking at https://www.maxmind.com/en/geoip-demo, MaxMind seems to think your IP is in Poland. I looked checked in our (Cisco's) own regional address lists used to comply with sanctions. I see I don't see 91.220.164.0/24 block in the list. I do see that we block 91.220.163.0/24 and 91.220.166.0/24, but not 164. My colleague checked our logs in Cloudflare and does not see your IP triggering any firewall events. But it's possible that Cloudflare blocks it before it would arrive at our rules. Your IP is in a very similar IP range to some of those we block. And IP ranges do tend to change hands and change geolocations pretty frequently. So it's entirely likely that some filters believe your IP to be located in Russia. We can't really tell any more than that unless you can share the Ray ID included in the HTTP response. Freshclam should show that information if you run it with the --verbose option. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. From: clamav-users on behalf of newcomer01 via clamav-users Sent: Friday, February 24, 2023 10:53 AM To: clamaV User Mailinglist Cc: newcomer01 Subject: Re: [clamav-users] Probably banned IP oh and by the way: if you are using an russian ip, it can also be blocked and will not be unblocked. this you can find on a discussion on talos github Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net> An / To: Newcomer01 <mailto:newcome...@posteo.de> CC / CC: Łukasz Baniecki <mailto:baniecki.luk...@gmail.com> Gesendet / Sent: Freitag, Februar 24, 2023 um 12:55 (at 12:55 PM) +0100 Betreff / Subject: [clamav-users] Probably banned IP > Hi, > some time ago I run freshclam on a lot of machines that are under one > public IP, therefore I generated a lot of requests and my company IP > was probably blocked. Now I created my own mirror of cvd, but it is on > the same IP address and it is not updating daily.cvd. I get: > cvdupdate-1.0.2 ERROR Failed to download daily.cvd from > https://database.clamav.net/daily.cvd?version=26821 > I also run simple python request to database.clamav.net with my uuid, > and it worked fine from different IP address and from that blocked > address I get 403 forbidden. My local firewall is not an issue cause I > can make connection to database.clamav.net on port 443, so it must be > banned. > > Can you please check if my IP address (91.220.164.241) is banned and un-ban > it? > ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Probably banned IP
oh and by the way: if you are using an russian ip, it can also be blocked and will not be unblocked. this you can find on a discussion on talos github Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net> An / To: Newcomer01 <mailto:newcome...@posteo.de> CC / CC: Łukasz Baniecki <mailto:baniecki.luk...@gmail.com> Gesendet / Sent: Freitag, Februar 24, 2023 um 12:55 (at 12:55 PM) +0100 Betreff / Subject: [clamav-users] Probably banned IP Hi, some time ago I run freshclam on a lot of machines that are under one public IP, therefore I generated a lot of requests and my company IP was probably blocked. Now I created my own mirror of cvd, but it is on the same IP address and it is not updating daily.cvd. I get: cvdupdate-1.0.2 ERROR Failed to download daily.cvd from https://database.clamav.net/daily.cvd?version=26821 I also run simple python request to database.clamav.net with my uuid, and it worked fine from different IP address and from that blocked address I get 403 forbidden. My local firewall is not an issue cause I can make connection to database.clamav.net on port 443, so it must be banned. Can you please check if my IP address (91.220.164.241) is banned and un-ban it? ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Probably banned IP
have you read this? https://docs.clamav.net/faq/faq-cvd.html?highlight=403#i-am-getting-error-codes-such-as-403-429-etc-when-freshclam-or-other-update-system-attempts-to-download-updates Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net> An / To: Newcomer01 <mailto:newcome...@posteo.de> CC / CC: Łukasz Baniecki <mailto:baniecki.luk...@gmail.com> Gesendet / Sent: Freitag, Februar 24, 2023 um 12:55 (at 12:55 PM) +0100 Betreff / Subject: [clamav-users] Probably banned IP Hi, some time ago I run freshclam on a lot of machines that are under one public IP, therefore I generated a lot of requests and my company IP was probably blocked. Now I created my own mirror of cvd, but it is on the same IP address and it is not updating daily.cvd. I get: cvdupdate-1.0.2 ERROR Failed to download daily.cvd from https://database.clamav.net/daily.cvd?version=26821 I also run simple python request to database.clamav.net with my uuid, and it worked fine from different IP address and from that blocked address I get 403 forbidden. My local firewall is not an issue cause I can make connection to database.clamav.net on port 443, so it must be banned. Can you please check if my IP address (91.220.164.241) is banned and un-ban it? ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
[clamav-users] Probably banned IP
Hi, some time ago I run freshclam on a lot of machines that are under one public IP, therefore I generated a lot of requests and my company IP was probably blocked. Now I created my own mirror of cvd, but it is on the same IP address and it is not updating daily.cvd. I get: cvdupdate-1.0.2 ERROR Failed to download daily.cvd from https://database.clamav.net/daily.cvd?version=26821 I also run simple python request to database.clamav.net with my uuid, and it worked fine from different IP address and from that blocked address I get 403 forbidden. My local firewall is not an issue cause I can make connection to database.clamav.net on port 443, so it must be banned. Can you please check if my IP address (91.220.164.241) is banned and un-ban it? -- regards, Łukasz Baniecki ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat