Mark Johnson
2018-11-14 22:19:17 UTC
Hey everyone, We are trying to run clamAV in an IBM Cloud Private (ICP) environment. The issue that we are running into is freshclam is unable to update its virus definitions while running in this environment. We are able to run curl and wget to access the main.cfd and daily.cfd using either database.clamav.net <http://database.clamav.net/> or db.us.clamav.net <http://db.us.clamav.net/> but when running freshclam the update fails.
We currently have a service entry allowing access to database.clamav.net <http://database.clamav.net/> and db.us.clamav.net <http://db.us.clamav.net/> on port 80 thus the reason that we are able to us curl and wget to pull down the databases manually. Are there other hosts that need to be added to this service entry for access?
To note, this docker image is able to successfully run freshclam outside of the ICP environment with no issues.
Here is a the start of verbose output of the freshclam runs.
Current working dir is /var/lib/clamav
Max retries == 3
ClamAV update process started at Wed Nov 14 21:08:17 2018
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1305
Software version from DNS: 0.100.2
main.cvd version from DNS: 58
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
daily.cvd version from DNS: 25120
Retrieving http://db.us.clamav.net/daily-25076.cdiff
Trying to download http://db.us.clamav.net/daily-25076.cdiff (IP: 104.16.188.138)
WARNING: getfile: Unknown response from db.us.clamav.net (IP: 104.16.188.138): HTTP/1.1 426
WARNING: getpatch: Can't download daily-25076.cdiff from db.us.clamav.net
Querying daily.25076.93.0.0.6810BC8A.ping.clamav.net
Retrieving http://db.us.clamav.net/daily-25076.cdiff
Trying to download http://db.us.clamav.net/daily-25076.cdiff (IP: 104.16.188.138)
WARNING: getfile: Unknown response from db.us.clamav.net (IP: 104.16.188.138): HTTP/1.1 426
WARNING: getpatch: Can't download daily-25076.cdiff from db.us.clamav.net
Querying daily.25076.93.0.0.6810BC8A.ping.clamav.net
Retrieving http://db.us.clamav.net/daily-25076.cdiff
Trying to download http://db.us.clamav.net/daily-25076.cdiff (IP: 104.16.186.138)
WARNING: getfile: Unknown response from db.us.clamav.net (IP: 104.16.186.138): HTTP/1.1 426
WARNING: getpatch: Can't download daily-25076.cdiff from db.us.clamav.net
Querying daily.25076.93.0.0.6810BA8A.ping.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://db.us.clamav.net/daily.cvd
Ignoring mirror 104.16.188.138 (due to previous errors)
Trying to download http://db.us.clamav.net/daily.cvd (IP: 104.16.187.138)
WARNING: getfile: Unknown response from db.us.clamav.net (IP: 104.16.187.138): HTTP/1.1 426
WARNING: Can't download daily.cvd from db.us.clamav.net
Querying daily.0.93.0.0.6810BB8A.ping.clamav.net
Trying again in 5 secs...
ClamAV update process started at Wed Nov 14 21:08:23 2018
Using IPv6 aware code
Querying current.cvd.clamav.net <http://current.cvd.clamav.net/>
ââââ SNIP âââ
Thanks in advance for any help
Mark Johnson
We currently have a service entry allowing access to database.clamav.net <http://database.clamav.net/> and db.us.clamav.net <http://db.us.clamav.net/> on port 80 thus the reason that we are able to us curl and wget to pull down the databases manually. Are there other hosts that need to be added to this service entry for access?
To note, this docker image is able to successfully run freshclam outside of the ICP environment with no issues.
Here is a the start of verbose output of the freshclam runs.
Current working dir is /var/lib/clamav
Max retries == 3
ClamAV update process started at Wed Nov 14 21:08:17 2018
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1305
Software version from DNS: 0.100.2
main.cvd version from DNS: 58
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
daily.cvd version from DNS: 25120
Retrieving http://db.us.clamav.net/daily-25076.cdiff
Trying to download http://db.us.clamav.net/daily-25076.cdiff (IP: 104.16.188.138)
WARNING: getfile: Unknown response from db.us.clamav.net (IP: 104.16.188.138): HTTP/1.1 426
WARNING: getpatch: Can't download daily-25076.cdiff from db.us.clamav.net
Querying daily.25076.93.0.0.6810BC8A.ping.clamav.net
Retrieving http://db.us.clamav.net/daily-25076.cdiff
Trying to download http://db.us.clamav.net/daily-25076.cdiff (IP: 104.16.188.138)
WARNING: getfile: Unknown response from db.us.clamav.net (IP: 104.16.188.138): HTTP/1.1 426
WARNING: getpatch: Can't download daily-25076.cdiff from db.us.clamav.net
Querying daily.25076.93.0.0.6810BC8A.ping.clamav.net
Retrieving http://db.us.clamav.net/daily-25076.cdiff
Trying to download http://db.us.clamav.net/daily-25076.cdiff (IP: 104.16.186.138)
WARNING: getfile: Unknown response from db.us.clamav.net (IP: 104.16.186.138): HTTP/1.1 426
WARNING: getpatch: Can't download daily-25076.cdiff from db.us.clamav.net
Querying daily.25076.93.0.0.6810BA8A.ping.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://db.us.clamav.net/daily.cvd
Ignoring mirror 104.16.188.138 (due to previous errors)
Trying to download http://db.us.clamav.net/daily.cvd (IP: 104.16.187.138)
WARNING: getfile: Unknown response from db.us.clamav.net (IP: 104.16.187.138): HTTP/1.1 426
WARNING: Can't download daily.cvd from db.us.clamav.net
Querying daily.0.93.0.0.6810BB8A.ping.clamav.net
Trying again in 5 secs...
ClamAV update process started at Wed Nov 14 21:08:23 2018
Using IPv6 aware code
Querying current.cvd.clamav.net <http://current.cvd.clamav.net/>
ââââ SNIP âââ
Thanks in advance for any help
Mark Johnson