403 from CDN

[OnkelBruno]

Hi!

Unfortunately, I can't update ClamAV. Freshclam always gets 403 from CDN. I've investigated:

• I am on Version 1.01, which is not eol
• Requests are made every 2 hours

ClamAV is running on a cloud server at Hetzner. This seems to be the problem. Testing from non-cloud server works fine.

Is there any possibility to solve that?

Thank you!

[micahsnyder]

Hi @OnkelBruno an HTTP 429 would mean you're being rate limited. An HTTP 403 would mean you're being blocked.

To triage, I will need the public IP address for the system running freshclam where the error occurred. The most common reason for a 403 response is if either CloudFlare or Cisco's GeoIP lookup thinks that your IP is coming from Russia or another country sanctioned by the United States (see https://github.com/Cisco-Talos/clamav/issues/500). You can check your GeoIP with https://www.maxmind.com/en/geoip-demo and that may explain it.

We've also seen CloudFlare's bot-detection logic get in the way, which should not happen and is something we're investigating.

If it's not obviously a sanction issue, then it will also really help with triage to provide the cf-ray ID from the HTTP response for a failed update. You can get that from the output of freshclam --verbose. It would look like this: < cf-ray: 809df674d80c9834-SJC

[OnkelBruno]

Thank you very much, @micahsnyder . But actually there isn't any need for further work:

As it seems, that our server is blocked, because it is located in a big german cloud, I've made a workaround:

• Installed a own cvdupdate-server in a docker container on a ip, that isn't in that cloud
• Now our server in the cloud gets its updates from there :)

[micahsnyder]

blocked because it is located in a big german cloud

I hope that's not the reason! 😆

In any case, I'm glad you have a solution and are satisfied. Will close the ticket.