about blocked by CDN

[yasinyurtalan1]

Describe the bug

[root@linux ~]# freshclam
ClamAV update process started at Thu Dec 19 10:39:22 2024
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.103.11 Recommended version: 0.103.12
DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html
WARNING: FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN).
This means that you have been rate limited or blocked by the CDN.

1. Verify that you're running a supported ClamAV version.
   See https://docs.clamav.net/faq/faq-eol.html for details.
2. Run FreshClam no more than once an hour to check for updates.
   FreshClam should check DNS first to see if an update is needed.
3. If you have more than 10 hosts on your network attempting to download,
   it is recommended that you set up a private mirror on your network using
   cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the
   CDN and your own network.
4. Please do not open a ticket asking for an exemption from the rate limit,
   it will not be granted.
   WARNING: You are still on cool-down until after: 2024-12-20 09:47:14
   WARNING: Can't download securiteinfo.hdb from https://www.securiteinfo.com/get/signatures/7e7af83dd8eb714f77d6ddb08932b66c5e3779c805e52dec70df86995c55e040e5ebe37b01edb1bfcf538bf39e3e0d61dfd5f2b086694fae2866500a37a504be/securiteinfo.hdb
   WARNING: FreshClam received error code 403 from the ClamAV Content Delivery Network (CDN).
   This could mean several things:
5. You are running an out-of-date version of ClamAV / FreshClam.
   Ensure you are the most updated version by visiting https://www.clamav.net/downloads
6. Your network is explicitly denied by the FreshClam CDN.
   In order to rectify this please check that you are:
   a. Running an up-to-date version of FreshClam
   b. Running FreshClam no more than once an hour
   c. If you have checked (a) and (b), please open a ticket at
   https://github.com/Cisco-Talos/clamav/issues
   and we will investigate why your network is blocked.
   WARNING: You are on cool-down until after: 2024-12-20 10:39:22
   WARNING: fc_download_url_databases: fc_download_url_database failed: Forbidden; Blocked by CDN (17)
   ERROR: Database update process failed: Forbidden; Blocked by CDN
   ERROR: Update failed.
   ip address: 168.119.80.200
   How to reproduce the problem

---

Replace this text with specific steps needed to reproduce the issue.

[root@linux ~]# clamconf -n
Checking configuration files in /etc

Config file: clamd.d/scan.conf

LogSyslog = "yes"
LocalSocket = "/run/clamd.scan/clamd.sock"
LocalSocketGroup = "amavis"
LocalSocketMode = "660"
User = "clamscan"

Config file: freshclam.conf

DatabaseMirror = "database.clamav.net"
DatabaseCustomURL = "https://www.securiteinfo.com/get/signatures/7e7af83dd8eb714f77d6ddb08932b66c5e3779c805e52dec70df86995c55e040e5ebe37b01edb1bfcf538bf39e3e0d61dfd5f2b086694fae2866500a37a504be/securiteinfo.hdb", "https://www.securiteinfo.com/get/signatures/7e7af83dd8eb714f77d6ddb08932b66c5e3779c805e52dec70df86995c55e040e5ebe37b01edb1bfcf538bf39e3e0d61dfd5f2b086694fae2866500a37a504be/securiteinfo.ign2", "https://www.securiteinfo.com/get/signatures/7e7af83dd8eb714f77d6ddb08932b66c5e3779c805e52dec70df86995c55e040e5ebe37b01edb1bfcf538bf39e3e0d61dfd5f2b086694fae2866500a37a504be/javascript.ndb", "https://www.securiteinfo.com/get/signatures/7e7af83dd8eb714f77d6ddb08932b66c5e3779c805e52dec70df86995c55e040e5ebe37b01edb1bfcf538bf39e3e0d61dfd5f2b086694fae2866500a37a504be/spam_marketing.ndb", "https://www.securiteinfo.com/get/signatures/7e7af83dd8eb714f77d6ddb08932b66c5e3779c805e52dec70df86995c55e040e5ebe37b01edb1bfcf538bf39e3e0d61dfd5f2b086694fae2866500a37a504be/securiteinfohtml.hdb", "https://www.securiteinfo.com/get/signatures/7e7af83dd8eb714f77d6ddb08932b66c5e3779c805e52dec70df86995c55e040e5ebe37b01edb1bfcf538bf39e3e0d61dfd5f2b086694fae2866500a37a504be/securiteinfoascii.hdb", "https://www.securiteinfo.com/get/signatures/7e7af83dd8eb714f77d6ddb08932b66c5e3779c805e52dec70df86995c55e040e5ebe37b01edb1bfcf538bf39e3e0d61dfd5f2b086694fae2866500a37a504be/securiteinfoandroid.hdb", "https://www.securiteinfo.com/get/signatures/7e7af83dd8eb714f77d6ddb08932b66c5e3779c805e52dec70df86995c55e040e5ebe37b01edb1bfcf538bf39e3e0d61dfd5f2b086694fae2866500a37a504be/securiteinfoold.hdb", "https://www.securiteinfo.com/get/signatures/7e7af83dd8eb714f77d6ddb08932b66c5e3779c805e52dec70df86995c55e040e5ebe37b01edb1bfcf538bf39e3e0d61dfd5f2b086694fae2866500a37a504be/securiteinfopdf.hdb", "https://cdn.malware.expert/malware.expert.ndb", "https://cdn.malware.expert/malware.expert.hdb", "https://cdn.malware.expert/malware.expert.ldb", "https://cdn.malware.expert/malware.expert.fp", "https://ftp.swin.edu.au/sanesecurity/MiscreantPunch099-INFO-Low.ldb", "https://ftp.swin.edu.au/sanesecurity/MiscreantPunch099-Low.ldb", "https://ftp.swin.edu.au/sanesecurity/Sanesecurity_BlackEnergy.yara", "https://ftp.swin.edu.au/sanesecurity/Sanesecurity_sigtest.yara", "https://ftp.swin.edu.au/sanesecurity/Sanesecurity_spam.yara", "https://ftp.swin.edu.au/sanesecurity/badmacro.ndb", "https://ftp.swin.edu.au/sanesecurity/blurl.ndb", "https://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb", "https://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb", "https://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb", "https://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb", "https://ftp.swin.edu.au/sanesecurity/crdfam.clamav.hdb", "https://ftp.swin.edu.au/sanesecurity/doppelstern-phishtank.ndb", "https://ftp.swin.edu.au/sanesecurity/doppelstern.hdb", "https://ftp.swin.edu.au/sanesecurity/doppelstern.ndb", "https://ftp.swin.edu.au/sanesecurity/foxhole_all.cdb", "https://ftp.swin.edu.au/sanesecurity/foxhole_all.ndb", "https://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb", "https://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb", "https://ftp.swin.edu.au/sanesecurity/foxhole_js.ndb", "https://ftp.swin.edu.au/sanesecurity/foxhole_mail.cdb", "https://ftp.swin.edu.au/sanesecurity/hackingteam.hsb", "https://ftp.swin.edu.au/sanesecurity/junk.ndb", "https://ftp.swin.edu.au/sanesecurity/jurlbl.ndb", "https://ftp.swin.edu.au/sanesecurity/jurlbla.ndb", "https://ftp.swin.edu.au/sanesecurity/lott.ndb", "https://ftp.swin.edu.au/sanesecurity/malwarehash.hsb", "https://ftp.swin.edu.au/sanesecurity/phish.ndb", "https://ftp.swin.edu.au/sanesecurity/rogue.hdb", "https://ftp.swin.edu.au/sanesecurity/scam.ndb", "https://ftp.swin.edu.au/sanesecurity/scamnailer.ndb", "https://ftp.swin.edu.au/sanesecurity/shelter.ldb", "https://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2", "https://ftp.swin.edu.au/sanesecurity/spam.ldb", "https://ftp.swin.edu.au/sanesecurity/spamattach.hdb", "https://ftp.swin.edu.au/sanesecurity/spamimg.hdb", "https://ftp.swin.edu.au/sanesecurity/spear.ndb", "https://ftp.swin.edu.au/sanesecurity/spearl.ndb", "https://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb", "https://ftp.swin.edu.au/sanesecurity/winnow.complex.patterns.ldb", "https://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb", "https://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb", "https://ftp.swin.edu.au/sanesecurity/winnow_extended_malware_links.ndb", "https://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb", "https://ftp.swin.edu.au/sanesecurity/winnow_phish_complete.ndb", "https://ftp.swin.edu.au/sanesecurity/winnow_phish_complete_url.ndb", "https://ftp.swin.edu.au/sanesecurity/winnow_spam_complete.ndb", "https://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb", "https://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb", "https://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb", "https://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb", "https://ftp.swin.edu.au/sanesecurity/porcupine.ndb", "https://ftp.swin.edu.au/sanesecurity/phishtank.ndb", "https://ftp.swin.edu.au/sanesecurity/porcupine.hsb", "https://www.rfxn.com/downloads/rfxn.ndb", "https://www.rfxn.com/downloads/rfxn.hdb"

mail/clamav-milter.conf not found

Software settings

Version: 0.103.11
Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON

Database information

Database directory: /var/lib/clamav
daily.cvd: version 27490, sigs: 2070490, built on Tue Dec 17 12:44:16 2024
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 15:32:42 2021
bytecode.cld: version 335, sigs: 86, built on Tue Feb 27 18:37:24 2024
[3rd Party] rfxn.hdb: 13030 sigs
[3rd Party] rfxn.ndb: 2054 sigs
[3rd Party] rfxn.yara: 11527 sigs
Total number of signatures: 8744614

Platform information

uname: Linux 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
zlib version: 1.2.7 (1.2.7), compile flags: a9
platform id: 0x0a2184840800000000040805

Build information

GNU C: 4.8.5 20150623 (Red Hat 4.8.5-44) (4.8.5)
CPPFLAGS: -I/usr/include/libprelude
CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic
LDFLAGS: -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed -lprelude
Configure: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-milter' '--disable-clamav' '--disable-static' '--disable-zlib-vcheck' '--disable-unrar' '--enable-id-check' '--enable-dns' '--with-dbdir=/var/lib/clamav' '--with-group=clamupdate' '--with-user=clamupdate' '--disable-rpath' '--disable-silent-rules' '--enable-clamdtop' '--enable-prelude' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
sizeof(void*) = 8
Engine flevel: 132, dconf: 132

Attachments

If applicable, add screenshots to help explain your problem.

If the issue is reproducible only when scanning a specific file, attach it to the ticket.

[micahsnyder]

Please delete the freshclam.dat file from your database directory and try again using freshclam --verbose

Check the logs to verify if you're being blocked by our servers or by securiteinfo. Someone else recently had this issue and using securiteinfo. It turns out freshclam doesn't differentiiate between being blocked by database.clamav.net or by third party signature providers: #1419 (comment)

The issue for them was the javascript.ndb file. I see it in your config as well, so I suspect it's the same thing.

[yasinyurtalan1]

https://www.securiteinfo.com/

I noticed that the links I got from this website were wrong. I apologize for tiring the words and taking up your time.