finchy
commented
3 years ago What happens when you change the :80 to :443?
Open pomverte opened 3 years ago
finchy
commented
3 years ago What happens when you change the :80 to :443?
pomverte
commented
3 years ago What happens when you change the :80 to :443?
That would be awesome !
Is there a way to configure the port freshclam is making the call ?
finchy
commented
3 years ago To your proxy? in the FreshClam.conf file?
micahsnyder
commented
3 years ago I suppose the example config doesn't show it, but you have some options to customize the DatabaseMirror URL.
Some examples:
For a basic HTTPS connection on port 443
DatabaseMirror yourserverFor a HTTP connection on port 8000
DatabaseMirror http://yourserver:8000For a HTTP connection on port 8000 with a subdirectory
DatabaseMirror http://yourserver:8000/somepathBut these are just for a regular mirror. You say there's a proxy between you and the mirror. FreshClam has some proxy config options as well. Some examples for how to use it can be found in the sample config: https://github.com/Cisco-Talos/clamav/blob/dev/0.104/etc/freshclam.conf.sample#L120
arnaudmz
commented
3 years ago Let me reprecise the observed and annoying behaviour, it is mainly due to the fact that even when trying to reach a mirror with http (not https), freshclam tries to use a CONNECT verb with the proxy, which is really uncommon : Example with an expected behaviour:
# freshclam.conf
HTTPProxyServer myproxyserver.com
HTTPProxyPort 1234
HTTPProxyUsername myusername
HTTPProxyPassword mypassIn this case freshclam will issue a CONNECT verb to the proxy in order to reach the public mirrors (on port 443 I guess), which totally makes sense.
Example with an unexpected behaviour:
# freshclam.conf
HTTPProxyServer myproxyserver.com
HTTPProxyPort 1234
HTTPProxyUsername myusername
HTTPProxyPassword mypass
PrivateMirror machine1.mylan
DatabaseMirror machine1.mylanIn this case fresh clam still issues a CONNECT verb to the proxy even when trying to reach the internal mirror (machine1.mylan) on port 80, which is very unusual.
elelayan
commented
2 years ago This is an issue because then the (eg. squid) proxy opens a tunnel and won't apply any more filtering once the tunnel is open. Here is the issue: https://github.com/Cisco-Talos/clamav/blob/main/libfreshclam/libfreshclam_internal.c#L706
morph027
commented
2 years ago I've noticed that calling freshclam -v on a shell w/ http_proxy/https_proxy environment variables works, so i've removed the HTTPProxyServer and HTTPProxyPort from the config and added a systemd dropin (/etc/systemd/system/clamav-freshclam.service.d/10-Proxy.conf):
[Service]
Environment=http_proxy=<host>:<port>
Environment=https_proxy=<host>:<port>After systemd daemon-reload and systemd restart clamav-freshclam everything works :tada:
ccamachofg
commented
2 years ago Hello,
I have ran into this same issue, even when defining DatabaseMirroras http://database.clamav.net the request keeps going through the proxy using CONNECT. I think this is caused because when freshclam sees that the HTTPProxy parameters are set it applies the CURLOPT_HTTPPROXYTUNNEL option, which forces the request to be sent using tunneling (https://curl.se/libcurl/c/CURLOPT_HTTPPROXYTUNNEL.html).
So for now the only option to be able to actually cache the database files is to comment the HTTPProxy parameters from freshclam.conf and set the http_proxyand https_proxyenvironment variables before calling the freshclamscript as @morph027 suggested
Describe the bug
Our freshclam process is trying to updates the signature through a mirror server.
The connexion must go through a proxy
freshclam seems to make a HTTP call with the verb CONNECT on port 80
However the proxy only allow CONNECT call on port 443
Is it possible to configure the port ?