Forbidden; Blocked by CDN (17)

[junaid27]

We are facing an issue since yesterday. We are being blocked by Clamav CDN because we ran freshclam more than once on same server yesterday in an hour. We were hopeful, that it will be resolved automatically today, but it didn't. Our server IP is 18.141.65.104. Please help and resolve. Regards.

[finchy]

What version of ClamAV are you running?

[junaid27]

Just updated few days before. 0.103.5. We ran freshclam multiple times on prompt to check something. After that it get blocked. Pls get released our IP from cdn. Thanks very much Muhammad Junaid

…

On Tue, 8 Feb 2022 at 9:58 PM, Joel Esler ***@***.***> wrote: What version of ClamAV are you running? — Reply to this email directly, view it on GitHub <#458 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AHKN4TXSQ3MWH3AMX5GS3VLU2FDTNANCNFSM5NZ6ZFWA> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. You are receiving this because you authored the thread.Message ID: ***@***.***>

[micahsnyder]

We ran freshclam multiple times on prompt to check something. After that it get blocked.

This shouldn't happen. If you run freshclam and you already have the latest databases it should not touch our servers and should not get you rate limited. The only exception I know of is if your clamav was built without support for DNS, which I've seen once before.

@junaid27 How are you installing ClamAV?

If you built clamav from source, can you share the clamav-config.h file that can be found in the build directory?

Also, can you paste the output from clamconf -n as requested in the issue template?

[junaid27]

@@@ If you built clamav from source, can you share the clamav-config.h file that can be found in the build directory?

No. Not built from source. It was installed along with EFA (Email Filter based on mailscanner)

@@@ Also, can you paste the output from clamconf -n as requested in the issue template?

clamconf -n
Checking configuration files in /etc

Config file: clamd.d/scan.conf

LogFile = "/var/log/clamd.scan"
LogTime = "yes"
LogSyslog = "yes"
LocalSocket = "/var/run/clamd.socket/clamd.sock"
User = "clamscan"
DetectPUA = "yes"
ExcludePUA = "PUA.Win.Packer", "PUA.Win.Trojan.Packed", "PUA.Win.Trojan.Molebox", "PUA.Win.Packer.Upx", "PUA.Doc.Packed"
MaxScanSize = "157286400"
MaxFileSize = "104857600"
MaxRecursion = "40"
MaxEmbeddedPE = "104857600"
MaxHTMLNormalize = "52428800"
MaxScriptNormalize = "52428800"
MaxZipTypeRcg = "52428800"

Config file: freshclam.conf

DatabaseMirror = "db.pk.clamav.net"
DatabaseCustomURL = "https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfo.hdb", "https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfo.ign2", "https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/javascript.ndb", "https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/spam_marketing.ndb", "https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfohtml.hdb", "https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfoascii.hdb", "https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfoandroid.hdb", "https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfoold.hdb", "https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securitybiteinfo.pdf"

mail/clamav-milter.conf not found

Software settings

Version: 0.103.5
Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON

Database information

Database directory: /var/lib/clamav
[3rd Party] securiteinfoandroid.hdb: 84401 sigs
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 17:32:42 2021
bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 20:21:51 2021
[3rd Party] sanesecurity.ftm: 170 sigs
[3rd Party] sigwhitelist.ign2: 12 sigs
[3rd Party] blurl.ndb: 2142 sigs
[3rd Party] junk.ndb: 55819 sigs
[3rd Party] jurlbl.ndb: 3942 sigs
[3rd Party] malwarehash.hsb: 771 sigs
[3rd Party] phish.ndb: 28089 sigs
[3rd Party] rogue.hdb: 2190 sigs
[3rd Party] scam.ndb: 12761 sigs
[3rd Party] spamattach.hdb: 14 sigs
[3rd Party] spamimg.hdb: 200 sigs
[3rd Party] badmacro.ndb: 622 sigs
[3rd Party] jurlbla.ndb: 1805 sigs
[3rd Party] lott.ndb: 2335 sigs
[3rd Party] shelter.ldb: 49 sigs
[3rd Party] spam.ldb: 2 sigs
[3rd Party] spear.ndb: 1 sig
[3rd Party] spearl.ndb: 1 sig
[3rd Party] foxhole_filename.cdb: 2612 sigs
[3rd Party] foxhole_generic.cdb: 212 sigs
[3rd Party] foxhole_js.cdb: 48 sigs
[3rd Party] foxhole_js.ndb: 4 sigs
[3rd Party] winnow_bad_cw.hdb: 1 sig
[3rd Party] Sanesecurity_sigtest.yara: 54 sigs
[3rd Party] winnow_extended_malware.hdb: 245 sigs
[3rd Party] Sanesecurity_spam.yara: 46 sigs
[3rd Party] winnow_malware_links.ndb: 133 sigs
[3rd Party] winnow_malware.hdb: 293 sigs
[3rd Party] securiteinfo.hdb: 114359 sigs
[3rd Party] winnow_phish_complete_url.ndb: 54 sigs
[3rd Party] winnow.attachments.hdb: 182 sigs
[3rd Party] securiteinfo.ign2: 103 sigs
[3rd Party] winnow_extended_malware_links.ndb: 1 sig
[3rd Party] winnow_spam_complete.ndb: 26 sigs
[3rd Party] winnow.complex.patterns.ldb: 3 sigs
[3rd Party] MiscreantPunch099-Low.ldb: 1199 sigs
[3rd Party] scamnailer.ndb: 1 sig
[3rd Party] bofhland_cracked_URL.ndb: 40 sigs
[3rd Party] bofhland_malware_attach.hdb: 1836 sigs
[3rd Party] bofhland_malware_URL.ndb: 4 sigs
[3rd Party] bofhland_phishing_URL.ndb: 72 sigs
[3rd Party] hackingteam.hsb: 435 sigs
[3rd Party] phishtank.ndb: 4588 sigs
[3rd Party] porcupine.hsb: 630 sigs
[3rd Party] porcupine.ndb: 1031 sigs
[3rd Party] whitelist.fp: 3081 sigs
[3rd Party] interserver256.hdb: 28576 sigs
[3rd Party] interservertopline.db: 1139 sigs
[3rd Party] urlhaus.ndb: 13469 sigs
daily.cld: version 26449, sigs: 1973416, built on Thu Feb 10 14:25:40 2022
[3rd Party] rfxn.ndb: 2039 sigs
[3rd Party] rfxn.hdb: 12938 sigs
[3rd Party] securiteinfoascii.hdb: 87514 sigs
[3rd Party] securiteinfohtml.hdb: 57015 sigs
[3rd Party] securiteinfopdf.hdb: 3408 sigs
[3rd Party] javascript.ndb: 43708 sigs
[3rd Party] securiteinfoold.hdb: 3585302 sigs
[3rd Party] rfxn.yara: 11527 sigs
[3rd Party] spam_marketing.ndb: 31016 sigs
Total number of signatures: 12825205

Platform information

uname: Linux 3.10.0-1160.53.1.el7.x86_64 #1 SMP Fri Jan 14 13:59:45 UTC 2022 x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
zlib version: 1.2.7 (1.2.7), compile flags: a9
platform id: 0x0a217e7e0800000000040805

Build information

GNU C: 4.8.5 20150623 (Red Hat 4.8.5-44) (4.8.5)
CPPFLAGS: -I/usr/include/libprelude
CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic
LDFLAGS: -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed -lprelude
Configure: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-milter' '--disable-clamav' '--disable-static' '--disable-zlib-vcheck' '--disable-unrar' '--enable-id-check' '--enable-dns' '--with-dbdir=/var/lib/clamav' '--with-group=clamupdate' '--with-user=clamupdate' '--disable-rpath' '--disable-silent-rules' '--enable-clamdtop' '--enable-prelude' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
sizeof(void*) = 8
Engine flevel: 126, dconf: 126
[root@ip-172-26-11-237 ~]#

[micahsnyder]

Thanks @junaid27. Nothing stands out to me in the clamconf -n output, unfortunately.

It was installed along with EFA (Email Filter based on mailscanner)

I just installed eFa in a centos:7 Docker container. The provided clamav package seems to work as expected on my end.

Can I trouble you to provide the output from freshclam --verbose? Maybe that will provide some hints what is going on.

I'll reach out to our Cloudflare admin on Monday to ask them to review the logs on their end if the freshclam --verbose output doesn't reveal what's going wrong.

[junaid27]

@ Can I trouble you to provide the output from freshclam --verbose? Maybe that will provide some hints what is going on.

freshclam --verbose
Current working dir is /var/lib/clamav/
Loaded freshclam.dat:
version: 1
uuid: 3c9ec12c-7612-449f-bf35-ec0c0d1ab8b9
retry-after: 2022-02-15 11:48:26
ClamAV update process started at Mon Feb 14 11:51:02 2022
Current working dir is /var/lib/clamav/
Querying current.cvd.clamav.net
TTL: 1630
fc_dns_query_update_info: Software version from DNS: 0.103.5
WARNING: FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN).
This means that you have been rate limited or blocked by the CDN.

1. Verify that you're running a supported ClamAV version.
   See https://docs.clamav.net/faq/faq-eol.html for details.
2. Run FreshClam no more than once an hour to check for updates.
   FreshClam should check DNS first to see if an update is needed.
3. If you have more than 10 hosts on your network attempting to download,
   it is recommended that you set up a private mirror on your network using
   cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the
   CDN and your own network.
4. Please do not open a ticket asking for an exemption from the rate limit,
   it will not be granted.
   WARNING: You are still on cool-down until after: 2022-02-15 11:48:26
   Current working dir is /var/lib/clamav/
   Retrieving https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfo.hdb
   downloadFile: Download source: https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfo.hdb
   downloadFile: Download destination: /var/lib/clamav/tmp.401eddb137/clamav-6578c7945f346fe14e597bf33ee9c936.tmp

• About to connect() to www.securiteinfo.com port 443 (#0)
• Trying 104.26.11.102...
• Connected to www.securiteinfo.com (104.26.11.102) port 443 (#0)
• Initializing NSS with certpath: sql:/etc/pki/nssdb
• CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
• SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• Server certificate:

•   subject: CN=sni.cloudflaressl.com,O="Cloudflare, Inc.",L=San Francisco,ST=California,C=US
  

•   start date: Jul 12 00:00:00 2021 GMT
  

•   expire date: Jul 11 23:59:59 2022 GMT
  

•   common name: sni.cloudflaressl.com
  

•   issuer: CN=Cloudflare Inc ECC CA-3,O="Cloudflare, Inc.",C=US
  

GET /get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfo.hdb HTTP/1.1
User-Agent: ClamAV/0.103.5 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64, UUID: 3c9ec12c-7612-449f-bf35-ec0c0d1ab8b9)
Host: www.securiteinfo.com
Accept: /
If-Modified-Since: Mon, 14 Feb 2022 05:24:33 GMT
Connection: close

< HTTP/1.1 304 Not Modified
< Date: Mon, 14 Feb 2022 06:51:02 GMT
< Connection: close
< expires: Mon, 14 Feb 2022 10:51:02 GMT
< pragma: no-cache
< Cache-Control: public, max-age=14400
< content-disposition: attachment; filename="securiteinfo.hdb"
< content-security-policy: base-uri 'self' www.securiteinfo.com securiteinfo.com ; default-src 'self' www.securiteinfo.com securiteinfo.com ajax.cloudflare.com www.printfriendly.com www.worldcommunitygrid.org static.cloudflareinsights.com www.youtube-nocookie.com hcaptcha.com *.hcaptcha.com chrome-extension: 'unsafe-inline'; script-src 'self' www.securiteinfo.com securiteinfo.com ajax.cloudflare.com static.cloudflareinsights.com https://static.cloudflareinsights.com/beacon.min.js maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com hcaptcha.com *.hcaptcha.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.securiteinfo.com securiteinfo.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline' data: translate.googleapis.com hcaptcha.com *.hcaptcha.com ; font-src 'self' www.securiteinfo.com securiteinfo.com maxcdn.bootstrapcdn.com fonts.gstatic.com github.com data: ; frame-ancestors www.worldcommunitygrid.org www.youtube-nocookie.com hcaptcha.com .hcaptcha.com ; img-src 'self' www.securiteinfo.com securiteinfo.com https:// data: blob: ; object-src 'self' www.securiteinfo.com securiteinfo.com ; connect-src 'self' www.securiteinfo.com securiteinfo.com api.cognitive.microsofttranslator.com hcaptcha.com *.hcaptcha.com ;
< last-modified: Mon, 14 Feb 2022 04:14:12 GMT
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< x-frame-options: ALLOW-FROM https://www.worldcommunitygrid.org/
< permissions-policy: geolocation=(), midi=(), camera=(), usb=(), magnetometer=(), accelerometer=(), gyroscope=(), microphone=()
< referrer-policy: no-referrer-when-downgrade
< CF-Cache-Status: HIT
< Age: 5192
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Report-To: {"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v3?s=DrB%2BTyGGiLjiYNrMAzuXsF49BHlI9Jt8ayI80mHFk40ep6y1h5muoc5KVOpWMSxcjcwej69HLKOQqvEe5tgFR3hnXKYFu6yw3wM6Bge04UugVJqX7hS9zuCflrLgDVNRJ%2BKfKva3"}],"group":"cf-nel","max_age":604800}
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< Server: cloudflare
< CF-RAY: 6dd45d9e2dad87bd-SIN
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<

• Closing connection 0
  securiteinfo.hdb is up-to-date (version: custom database)
  fc_download_url_database: securiteinfo.hdb already up-to-date.
  Current working dir is /var/lib/clamav/
  Retrieving https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfo.ign2
  downloadFile: Download source: https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfo.ign2
  downloadFile: Download destination: /var/lib/clamav/tmp.401eddb137/clamav-81e44b204425a268afa0e5a4ff0a72ed.tmp
• About to connect() to www.securiteinfo.com port 443 (Add descriptive error messages #1)
• Trying 104.26.11.102...
• Connected to www.securiteinfo.com (104.26.11.102) port 443 (Add descriptive error messages #1)
• CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
• SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• Server certificate:

•   subject: CN=sni.cloudflaressl.com,O="Cloudflare, Inc.",L=San Francisco,ST=California,C=US
  

•   start date: Jul 12 00:00:00 2021 GMT
  

•   expire date: Jul 11 23:59:59 2022 GMT
  

•   common name: sni.cloudflaressl.com
  

•   issuer: CN=Cloudflare Inc ECC CA-3,O="Cloudflare, Inc.",C=US
  

GET /get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfo.ign2 HTTP/1.1
User-Agent: ClamAV/0.103.5 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64, UUID: 3c9ec12c-7612-449f-bf35-ec0c0d1ab8b9)
Host: www.securiteinfo.com
Accept: /
If-Modified-Since: Fri, 11 Feb 2022 17:23:12 GMT
Connection: close

< HTTP/1.1 304 Not Modified
< Date: Mon, 14 Feb 2022 06:51:03 GMT
< Connection: close
< expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: max-age=3600
< set-cookie: PHPSESSID=evv4kojrhn2qf60h5ngpa2gkss; path=/;HttpOnly;Secure;SameSite=Strict
< CF-Cache-Status: DYNAMIC
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Report-To: {"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v3?s=h%2Bo%2F23fwMuM9rq8X%2F0ynPtFtaaS5RTtcipha9ebjZNllA%2BMZXZNTLuV2bViiZ5plpS9B6P4EHnDl0rP5Ghw%2F40%2BeJW0pmi%2FnwujsviSRsbwfbD%2F%2B3PWVVpvYaXzuJzAFahfV8Hcm"}],"group":"cf-nel","max_age":604800}
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< Server: cloudflare
< CF-RAY: 6dd45d9e8b1f6bbb-SIN
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<

• Closing connection 1
  securiteinfo.ign2 is up-to-date (version: custom database)
  fc_download_url_database: securiteinfo.ign2 already up-to-date.
  Current working dir is /var/lib/clamav/
  Retrieving https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/javascript.ndb
  downloadFile: Download source: https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/javascript.ndb
  downloadFile: Download destination: /var/lib/clamav/tmp.401eddb137/clamav-7950598114ca949ebd6c02fcd72bd0c3.tmp
• About to connect() to www.securiteinfo.com port 443 (Does --fdpass work on Mac OS X? #2)
• Trying 104.26.10.102...
• Connected to www.securiteinfo.com (104.26.10.102) port 443 (Does --fdpass work on Mac OS X? #2)
• CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
• SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• Server certificate:

•   subject: CN=sni.cloudflaressl.com,O="Cloudflare, Inc.",L=San Francisco,ST=California,C=US
  

•   start date: Jul 12 00:00:00 2021 GMT
  

•   expire date: Jul 11 23:59:59 2022 GMT
  

•   common name: sni.cloudflaressl.com
  

•   issuer: CN=Cloudflare Inc ECC CA-3,O="Cloudflare, Inc.",C=US
  

GET /get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/javascript.ndb HTTP/1.1
User-Agent: ClamAV/0.103.5 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64, UUID: 3c9ec12c-7612-449f-bf35-ec0c0d1ab8b9)
Host: www.securiteinfo.com
Accept: /
If-Modified-Since: Mon, 07 Feb 2022 07:00:25 GMT
Connection: close

< HTTP/1.1 304 Not Modified
< Date: Mon, 14 Feb 2022 06:51:04 GMT
< Connection: close
< expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: max-age=3600
< set-cookie: PHPSESSID=kfgmf567o29m1rg8feg2dgbhh0; path=/;HttpOnly;Secure;SameSite=Strict
< CF-Cache-Status: DYNAMIC
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Report-To: {"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v3?s=cPW7mrZDczWbT6xKJbPUj1qqRY0VQZDE727u%2Bdaw4f999TMRYgg%2F2RbFolJKUaraCKjZD799%2BgL124XJp0PmwHC1jmtR55r8WBm8UDQUJUrhObzq6FJHjaAPBfYvXL7qma5sJ6tb"}],"group":"cf-nel","max_age":604800}
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< Server: cloudflare
< CF-RAY: 6dd45da429c76c51-SIN
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<

• Closing connection 2
  javascript.ndb is up-to-date (version: custom database)
  fc_download_url_database: javascript.ndb already up-to-date.
  Current working dir is /var/lib/clamav/
  Retrieving https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/spam_marketing.ndb
  downloadFile: Download source: https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/spam_marketing.ndb
  downloadFile: Download destination: /var/lib/clamav/tmp.401eddb137/clamav-c84b4b827e25e8ec5b560173d1b150d8.tmp
• About to connect() to www.securiteinfo.com port 443 (Allow clamdscan to have a separate config file; use clamd's if not found #3)
• Trying 172.67.69.190...
• Connected to www.securiteinfo.com (172.67.69.190) port 443 (Allow clamdscan to have a separate config file; use clamd's if not found #3)
• CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
• SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• Server certificate:

•   subject: CN=sni.cloudflaressl.com,O="Cloudflare, Inc.",L=San Francisco,ST=California,C=US
  

•   start date: Jul 12 00:00:00 2021 GMT
  

•   expire date: Jul 11 23:59:59 2022 GMT
  

•   common name: sni.cloudflaressl.com
  

•   issuer: CN=Cloudflare Inc ECC CA-3,O="Cloudflare, Inc.",C=US
  

GET /get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/spam_marketing.ndb HTTP/1.1
User-Agent: ClamAV/0.103.5 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64, UUID: 3c9ec12c-7612-449f-bf35-ec0c0d1ab8b9)
Host: www.securiteinfo.com
Accept: /
If-Modified-Since: Mon, 14 Feb 2022 06:48:21 GMT
Connection: close

< HTTP/1.1 304 Not Modified
< Date: Mon, 14 Feb 2022 06:51:04 GMT
< Connection: close
< expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: max-age=3600
< set-cookie: PHPSESSID=ofpgb1usctr5002ml583i2493e; path=/;HttpOnly;Secure;SameSite=Strict
< CF-Cache-Status: DYNAMIC
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Report-To: {"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v3?s=p4NL2Aqih0milxaJmIblZ%2FAqFFwJn%2FMkL%2Fxa47wObo0n2R12E3%2FrzMAY03vrasDLwJergWFHj3b5VRn84xXD7Vx3SmDBgJmP%2Bja30NndQYNPY91qepLd4PM3lJVbv9XP%2Fq6uzkGt"}],"group":"cf-nel","max_age":604800}
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< Server: cloudflare
< CF-RAY: 6dd45da6b82c6c57-SIN
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<

• Closing connection 3
  spam_marketing.ndb is up-to-date (version: custom database)
  fc_download_url_database: spam_marketing.ndb already up-to-date.
  Current working dir is /var/lib/clamav/
  Retrieving https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfohtml.hdb
  downloadFile: Download source: https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfohtml.hdb
  downloadFile: Download destination: /var/lib/clamav/tmp.401eddb137/clamav-599924bce805ff51a2dc269fa7b58d38.tmp
• About to connect() to www.securiteinfo.com port 443 (Bug on file JITDebugRegister file. it's take effect to LLVMjit cannot build sub project success. In ClamAV version 0.98.1 #4)
• Trying 104.26.10.102...
• Connected to www.securiteinfo.com (104.26.10.102) port 443 (Bug on file JITDebugRegister file. it's take effect to LLVMjit cannot build sub project success. In ClamAV version 0.98.1 #4)
• CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
• SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• Server certificate:

•   subject: CN=sni.cloudflaressl.com,O="Cloudflare, Inc.",L=San Francisco,ST=California,C=US
  

•   start date: Jul 12 00:00:00 2021 GMT
  

•   expire date: Jul 11 23:59:59 2022 GMT
  

•   common name: sni.cloudflaressl.com
  

•   issuer: CN=Cloudflare Inc ECC CA-3,O="Cloudflare, Inc.",C=US
  

GET /get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfohtml.hdb HTTP/1.1
User-Agent: ClamAV/0.103.5 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64, UUID: 3c9ec12c-7612-449f-bf35-ec0c0d1ab8b9)
Host: www.securiteinfo.com
Accept: /
If-Modified-Since: Mon, 14 Feb 2022 06:48:24 GMT
Connection: close

< HTTP/1.1 304 Not Modified
< Date: Mon, 14 Feb 2022 06:51:04 GMT
< Connection: close
< expires: Mon, 14 Feb 2022 10:51:04 GMT
< pragma: no-cache
< Cache-Control: public, max-age=14400
< content-disposition: attachment; filename="securiteinfohtml.hdb"
< content-security-policy: base-uri 'self' www.securiteinfo.com securiteinfo.com ; default-src 'self' www.securiteinfo.com securiteinfo.com ajax.cloudflare.com www.printfriendly.com www.worldcommunitygrid.org static.cloudflareinsights.com www.youtube-nocookie.com hcaptcha.com *.hcaptcha.com chrome-extension: 'unsafe-inline'; script-src 'self' www.securiteinfo.com securiteinfo.com ajax.cloudflare.com static.cloudflareinsights.com https://static.cloudflareinsights.com/beacon.min.js maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com hcaptcha.com *.hcaptcha.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.securiteinfo.com securiteinfo.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline' data: translate.googleapis.com hcaptcha.com *.hcaptcha.com ; font-src 'self' www.securiteinfo.com securiteinfo.com maxcdn.bootstrapcdn.com fonts.gstatic.com github.com data: ; frame-ancestors www.worldcommunitygrid.org www.youtube-nocookie.com hcaptcha.com .hcaptcha.com ; img-src 'self' www.securiteinfo.com securiteinfo.com https:// data: blob: ; object-src 'self' www.securiteinfo.com securiteinfo.com ; connect-src 'self' www.securiteinfo.com securiteinfo.com api.cognitive.microsofttranslator.com hcaptcha.com *.hcaptcha.com ;
< last-modified: Mon, 14 Feb 2022 03:02:34 GMT
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< x-frame-options: ALLOW-FROM https://www.worldcommunitygrid.org/
< permissions-policy: geolocation=(), midi=(), camera=(), usb=(), magnetometer=(), accelerometer=(), gyroscope=(), microphone=()
< referrer-policy: no-referrer-when-downgrade
< CF-Cache-Status: HIT
< Age: 162
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Report-To: {"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v3?s=ERsZUObBY9%2FcEQoatm3AEcx3StZlIx6exf1cTFdoXeqhV9CH3w8eV%2FQPBVmzjs6aJzXynmnhsCiYWtkTYNfmyWsXfY3jYuP9rce4FF22BhfH38%2BeS9xRO4Mp0Td%2Bk6wlxS6mRHaI"}],"group":"cf-nel","max_age":604800}
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< Server: cloudflare
< CF-RAY: 6dd45da8ec216bfd-SIN
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<

• Closing connection 4
  securiteinfohtml.hdb is up-to-date (version: custom database)
  fc_download_url_database: securiteinfohtml.hdb already up-to-date.
  Current working dir is /var/lib/clamav/
  Retrieving https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfoascii.hdb
  downloadFile: Download source: https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfoascii.hdb
  downloadFile: Download destination: /var/lib/clamav/tmp.401eddb137/clamav-21c10b5d580dbe86066600e0076dfbed.tmp
• About to connect() to www.securiteinfo.com port 443 (Feature Request: PUA tuning #5)
• Trying 172.67.69.190...
• Connected to www.securiteinfo.com (172.67.69.190) port 443 (Feature Request: PUA tuning #5)
• CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
• SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• Server certificate:

•   subject: CN=sni.cloudflaressl.com,O="Cloudflare, Inc.",L=San Francisco,ST=California,C=US
  

•   start date: Jul 12 00:00:00 2021 GMT
  

•   expire date: Jul 11 23:59:59 2022 GMT
  

•   common name: sni.cloudflaressl.com
  

•   issuer: CN=Cloudflare Inc ECC CA-3,O="Cloudflare, Inc.",C=US
  

GET /get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfoascii.hdb HTTP/1.1
User-Agent: ClamAV/0.103.5 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64, UUID: 3c9ec12c-7612-449f-bf35-ec0c0d1ab8b9)
Host: www.securiteinfo.com
Accept: /
If-Modified-Since: Sun, 13 Feb 2022 09:48:27 GMT
Connection: close

< HTTP/1.1 200 OK
< Date: Mon, 14 Feb 2022 06:51:05 GMT
< Content-Type: application/x-download
< Content-Length: 7352082
< Connection: close
< expires: Mon, 14 Feb 2022 10:51:05 GMT
< pragma: no-cache
< Cache-Control: public, max-age=14400
< content-disposition: attachment; filename="securiteinfoascii.hdb"
< content-security-policy: base-uri 'self' www.securiteinfo.com securiteinfo.com ; default-src 'self' www.securiteinfo.com securiteinfo.com ajax.cloudflare.com www.printfriendly.com www.worldcommunitygrid.org static.cloudflareinsights.com www.youtube-nocookie.com hcaptcha.com *.hcaptcha.com chrome-extension: 'unsafe-inline'; script-src 'self' www.securiteinfo.com securiteinfo.com ajax.cloudflare.com static.cloudflareinsights.com https://static.cloudflareinsights.com/beacon.min.js maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com hcaptcha.com *.hcaptcha.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.securiteinfo.com securiteinfo.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline' data: translate.googleapis.com hcaptcha.com *.hcaptcha.com ; font-src 'self' www.securiteinfo.com securiteinfo.com maxcdn.bootstrapcdn.com fonts.gstatic.com github.com data: ; frame-ancestors www.worldcommunitygrid.org www.youtube-nocookie.com hcaptcha.com .hcaptcha.com ; img-src 'self' www.securiteinfo.com securiteinfo.com https:// data: blob: ; object-src 'self' www.securiteinfo.com securiteinfo.com ; connect-src 'self' www.securiteinfo.com securiteinfo.com api.cognitive.microsofttranslator.com hcaptcha.com *.hcaptcha.com ;
< last-modified: Mon, 14 Feb 2022 04:04:04 GMT
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< x-frame-options: ALLOW-FROM https://www.worldcommunitygrid.org/
< permissions-policy: geolocation=(), midi=(), camera=(), usb=(), magnetometer=(), accelerometer=(), gyroscope=(), microphone=()
< referrer-policy: no-referrer-when-downgrade
< CF-Cache-Status: MISS
< Accept-Ranges: bytes
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Report-To: {"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v3?s=Q9ca36syQ2n9IwSkVSnbqyaR7W1BZSPD9M14x4%2BPWJNOumTIAp7AJ9xCaf2HoBy2WBfeHXf%2Fh5Vfe5v3tef5RbDWp0Ygppx8C4oYcTWuLzj2YiIHF4cLTQPyJ4lx77wTH2i4cW2P"}],"group":"cf-nel","max_age":604800}
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< Server: cloudflare
< CF-RAY: 6dd45da92bff8989-SIN
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<
Time: 21.5s, ETA: 0.0s [========================>] 7.01MiB/7.01MiB

• Closing connection 5
  updatecustomdb: Running g_cb_download_complete callback...
  download_complete_callback: Download complete for database : /var/lib/clamav/tmp.401eddb137/clamav-21c10b5d580dbe86066600e0076dfbed.tmp-securiteinfoascii.hdb
  download_complete_callback: fc_context->bTestDatabases : 1
  download_complete_callback: fc_context->bBytecodeEnabled : 1
  Testing database: '/var/lib/clamav/tmp.401eddb137/clamav-21c10b5d580dbe86066600e0076dfbed.tmp-securiteinfoascii.hdb' ...
  Loading signatures from /var/lib/clamav/tmp.401eddb137/clamav-21c10b5d580dbe86066600e0076dfbed.tmp-securiteinfoascii.hdb
  Properly loaded 87584 signatures from /var/lib/clamav/tmp.401eddb137/clamav-21c10b5d580dbe86066600e0076dfbed.tmp-securiteinfoascii.hdb
  Database test passed.
  securiteinfoascii.hdb updated (version: custom database, sigs: 87584)
  fc_download_url_database: securiteinfoascii.hdb updated.
  Current working dir is /var/lib/clamav/
  Retrieving https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfoandroid.hdb
  downloadFile: Download source: https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfoandroid.hdb
  downloadFile: Download destination: /var/lib/clamav/tmp.401eddb137/clamav-08f493a368503ce38a7c906928045938.tmp
• About to connect() to www.securiteinfo.com port 443 (Add missing const keyword in cl_update_hash() #6)
• Trying 104.26.10.102...
• Connected to www.securiteinfo.com (104.26.10.102) port 443 (Add missing const keyword in cl_update_hash() #6)
• CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
• SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• Server certificate:

•   subject: CN=sni.cloudflaressl.com,O="Cloudflare, Inc.",L=San Francisco,ST=California,C=US
  

•   start date: Jul 12 00:00:00 2021 GMT
  

•   expire date: Jul 11 23:59:59 2022 GMT
  

•   common name: sni.cloudflaressl.com
  

•   issuer: CN=Cloudflare Inc ECC CA-3,O="Cloudflare, Inc.",C=US
  

GET /get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfoandroid.hdb HTTP/1.1
User-Agent: ClamAV/0.103.5 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64, UUID: 3c9ec12c-7612-449f-bf35-ec0c0d1ab8b9)
Host: www.securiteinfo.com
Accept: /
If-Modified-Since: Mon, 07 Feb 2022 06:59:33 GMT
Connection: close

< HTTP/1.1 304 Not Modified
< Date: Mon, 14 Feb 2022 06:51:26 GMT
< Connection: close
< Expires: Mon, 14 Feb 2022 07:51:26 GMT
< Pragma: no-cache
< Cache-Control: public, max-age=3600
< Content-Disposition: attachment; filename="securiteinfoandroid.hdb"
< Content-Security-Policy: base-uri 'self' www.securiteinfo.com securiteinfo.com ; default-src 'self' www.securiteinfo.com securiteinfo.com ajax.cloudflare.com www.printfriendly.com www.worldcommunitygrid.org static.cloudflareinsights.com www.youtube-nocookie.com hcaptcha.com *.hcaptcha.com chrome-extension: 'unsafe-inline'; script-src 'self' www.securiteinfo.com securiteinfo.com ajax.cloudflare.com static.cloudflareinsights.com https://static.cloudflareinsights.com/beacon.min.js maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com hcaptcha.com *.hcaptcha.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.securiteinfo.com securiteinfo.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline' data: translate.googleapis.com hcaptcha.com *.hcaptcha.com ; font-src 'self' www.securiteinfo.com securiteinfo.com maxcdn.bootstrapcdn.com fonts.gstatic.com github.com data: ; frame-ancestors www.worldcommunitygrid.org www.youtube-nocookie.com hcaptcha.com .hcaptcha.com ; img-src 'self' www.securiteinfo.com securiteinfo.com https:// data: blob: ; object-src 'self' www.securiteinfo.com securiteinfo.com ; connect-src 'self' www.securiteinfo.com securiteinfo.com api.cognitive.microsofttranslator.com hcaptcha.com *.hcaptcha.com ;
< Last-Modified: Sun, 22 Nov 2020 09:21:30 GMT
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: ALLOW-FROM https://www.worldcommunitygrid.org/
< Permissions-Policy: geolocation=(), midi=(), camera=(), usb=(), magnetometer=(), accelerometer=(), gyroscope=(), microphone=()
< Referrer-Policy: no-referrer-when-downgrade
< CF-Cache-Status: HIT
< Age: 180
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Report-To: {"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v3?s=K%2BLxmRK8iOHg2MxUibMZXn8r02ky4xWfjE%2BI%2BAudj18lMcXUJOX4JhpugW%2FeDnm2zzmaeCyGV%2F53lA4ZKoEHlUpXeEPRySobI%2BPh%2BMb%2Bs3lVntd1p4CK1PEcI1reGh175NdSUPrV"}],"group":"cf-nel","max_age":604800}
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< Server: cloudflare
< CF-RAY: 6dd45e313d306c77-SIN
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<

• Closing connection 6
  securiteinfoandroid.hdb is up-to-date (version: custom database)
  fc_download_url_database: securiteinfoandroid.hdb already up-to-date.
  Current working dir is /var/lib/clamav/
  Retrieving https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfoold.hdb
  downloadFile: Download source: https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfoold.hdb
  downloadFile: Download destination: /var/lib/clamav/tmp.401eddb137/clamav-4d86b380f893cb38d94c3e2de13d825a.tmp
• About to connect() to www.securiteinfo.com port 443 (Linkfixing #7)
• Trying 104.26.11.102...
• Connected to www.securiteinfo.com (104.26.11.102) port 443 (Linkfixing #7)
• CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
• SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• Server certificate:

•   subject: CN=sni.cloudflaressl.com,O="Cloudflare, Inc.",L=San Francisco,ST=California,C=US
  

•   start date: Jul 12 00:00:00 2021 GMT
  

•   expire date: Jul 11 23:59:59 2022 GMT
  

•   common name: sni.cloudflaressl.com
  

•   issuer: CN=Cloudflare Inc ECC CA-3,O="Cloudflare, Inc.",C=US
  

GET /get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securiteinfoold.hdb HTTP/1.1
User-Agent: ClamAV/0.103.5 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64, UUID: 3c9ec12c-7612-449f-bf35-ec0c0d1ab8b9)
Host: www.securiteinfo.com
Accept: /
If-Modified-Since: Mon, 07 Feb 2022 07:09:17 GMT
Connection: close

< HTTP/1.1 304 Not Modified
< Date: Mon, 14 Feb 2022 06:51:26 GMT
< Connection: close
< expires: Tue, 15 Feb 2022 06:51:26 GMT
< pragma: no-cache
< cache-control: public, max-age=86400
< content-disposition: attachment; filename="securiteinfoold.hdb"
< content-security-policy: base-uri 'self' www.securiteinfo.com securiteinfo.com ; default-src 'self' www.securiteinfo.com securiteinfo.com ajax.cloudflare.com www.printfriendly.com www.worldcommunitygrid.org static.cloudflareinsights.com www.youtube-nocookie.com hcaptcha.com *.hcaptcha.com chrome-extension: 'unsafe-inline'; script-src 'self' www.securiteinfo.com securiteinfo.com ajax.cloudflare.com static.cloudflareinsights.com https://static.cloudflareinsights.com/beacon.min.js maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com hcaptcha.com *.hcaptcha.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.securiteinfo.com securiteinfo.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline' data: translate.googleapis.com hcaptcha.com *.hcaptcha.com ; font-src 'self' www.securiteinfo.com securiteinfo.com maxcdn.bootstrapcdn.com fonts.gstatic.com github.com data: ; frame-ancestors www.worldcommunitygrid.org www.youtube-nocookie.com hcaptcha.com .hcaptcha.com ; img-src 'self' www.securiteinfo.com securiteinfo.com https:// data: blob: ; object-src 'self' www.securiteinfo.com securiteinfo.com ; connect-src 'self' www.securiteinfo.com securiteinfo.com api.cognitive.microsofttranslator.com hcaptcha.com *.hcaptcha.com ;
< last-modified: Tue, 01 Feb 2022 12:22:21 GMT
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< x-frame-options: ALLOW-FROM https://www.worldcommunitygrid.org/
< permissions-policy: geolocation=(), midi=(), camera=(), usb=(), magnetometer=(), accelerometer=(), gyroscope=(), microphone=()
< referrer-policy: no-referrer-when-downgrade
< CF-Cache-Status: HIT
< Age: 21781
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Report-To: {"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v3?s=uslsp5xoTL8ORfzUi02nuI3hUVhgI%2BF68yf1dF3a8aGouTXZEsaoQ15oElIbcX5FxHHdO1XNMVPru8XXEEKlPRjIUf%2B6kQ7HfP2B79xutguMJDpvnSBayQ1549f0%2FMxi9JI7JNAU"}],"group":"cf-nel","max_age":604800}
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< Server: cloudflare
< CF-RAY: 6dd45e31ce426bc3-SIN
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<

• Closing connection 7
  securiteinfoold.hdb is up-to-date (version: custom database)
  fc_download_url_database: securiteinfoold.hdb already up-to-date.
  Current working dir is /var/lib/clamav/
  Retrieving https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securitybiteinfo.pdf
  downloadFile: Download source: https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securitybiteinfo.pdf
  downloadFile: Download destination: /var/lib/clamav/tmp.401eddb137/clamav-fdfe9ecda89818908ed19eedbb7fdae1.tmp
• About to connect() to www.securiteinfo.com port 443 (Initial work to provide better-usable fanotify for on-access scanning under Linux.. #8)
• Trying 172.67.69.190...
• Connected to www.securiteinfo.com (172.67.69.190) port 443 (Initial work to provide better-usable fanotify for on-access scanning under Linux.. #8)
• CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
• SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• Server certificate:

•   subject: CN=sni.cloudflaressl.com,O="Cloudflare, Inc.",L=San Francisco,ST=California,C=US
  

•   start date: Jul 12 00:00:00 2021 GMT
  

•   expire date: Jul 11 23:59:59 2022 GMT
  

•   common name: sni.cloudflaressl.com
  

•   issuer: CN=Cloudflare Inc ECC CA-3,O="Cloudflare, Inc.",C=US
  

GET /get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securitybiteinfo.pdf HTTP/1.1
User-Agent: ClamAV/0.103.5 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64, UUID: 3c9ec12c-7612-449f-bf35-ec0c0d1ab8b9)
Host: www.securiteinfo.com
Accept: /
Connection: close

< HTTP/1.1 403 Forbidden
< Date: Mon, 14 Feb 2022 06:51:27 GMT
< Content-Type: text/html; charset=iso-8859-1
< Transfer-Encoding: chunked
< Connection: close
< content-security-policy: base-uri 'self' www.securiteinfo.com securiteinfo.com ; default-src 'self' www.securiteinfo.com securiteinfo.com ajax.cloudflare.com www.printfriendly.com www.worldcommunitygrid.org static.cloudflareinsights.com www.youtube-nocookie.com hcaptcha.com *.hcaptcha.com chrome-extension: 'unsafe-inline'; script-src 'self' www.securiteinfo.com securiteinfo.com ajax.cloudflare.com static.cloudflareinsights.com https://static.cloudflareinsights.com/beacon.min.js maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com hcaptcha.com *.hcaptcha.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.securiteinfo.com securiteinfo.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline' data: translate.googleapis.com hcaptcha.com *.hcaptcha.com ; font-src 'self' www.securiteinfo.com securiteinfo.com maxcdn.bootstrapcdn.com fonts.gstatic.com github.com data: ; frame-ancestors www.worldcommunitygrid.org www.youtube-nocookie.com hcaptcha.com .hcaptcha.com ; img-src 'self' www.securiteinfo.com securiteinfo.com https:// data: blob: ; object-src 'self' www.securiteinfo.com securiteinfo.com ; connect-src 'self' www.securiteinfo.com securiteinfo.com api.cognitive.microsofttranslator.com hcaptcha.com *.hcaptcha.com ;
< expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< pragma: no-cache
< set-cookie: PHPSESSID=o3it454s38gldgo2hebloucfk7; path=/
< CF-Cache-Status: DYNAMIC
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Report-To: {"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v3?s=0q6rqvnPBifaE%2B16x8gTg6%2BJOzlM0VxR7xBZWc%2B7uhyNMdSf7JBjvPc%2BM6BxV%2FEoI37Oipk0j1esiUZJMhgnKvcd1PLGE4cXoXeDsC2K%2B4sb3dDmKC0u9o7xLkRLysexKtQ18kX6"}],"group":"cf-nel","max_age":604800}
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< Server: cloudflare
< CF-RAY: 6dd45e32683f4947-SIN
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<

• Closing connection 8
  Saved freshclam.dat
  WARNING: Can't download securitybiteinfo.pdf from https://www.securiteinfo.com/get/signatures/ca375cc328e23b5c703cda1642c189ac826939bacb6ed5324570739e648226ef9c8b71d254b83504b71e1e378f4dd9e404f173dc1ea93c54bf3b5977e2e8aca0/securitybiteinfo.pdf
  WARNING: FreshClam received error code 403 from the ClamAV Content Delivery Network (CDN).
  This could mean several things:

1. You are running an out-of-date version of ClamAV / FreshClam.
   Ensure you are the most updated version by visiting https://www.clamav.net/downloads
2. Your network is explicitly denied by the FreshClam CDN.
   In order to rectify this please check that you are:
   a. Running an up-to-date version of FreshClam
   b. Running FreshClam no more than once an hour
   c. If you have checked (a) and (b), please open a ticket at
   https://github.com/Cisco-Talos/clamav/issues
   and we will investigate why your network is blocked.
   WARNING: You are on cool-down until after: 2022-02-15 11:51:27
   WARNING: fc_download_url_databases: fc_download_url_database failed: Forbidden; Blocked by CDN (17)
   ERROR: Database update process failed: Forbidden; Blocked by CDN
   ERROR: Update failed.

[micahsnyder]

@junaid27

Unfortunately cloudflare doesn't give us good data past >24h out. At least in the last 24-hours there's nothing showing that IP as being blocked.

I see from your logs (above) that Freshclam was rate-limited at one time and that Freshclam is now waiting on a self-imposed 24-hour cooldown before it tries again. If the datetime was changed on that box after it was first rate-limited, then it could be that Freshclam is confused and will wait for a very long time, maybe? From what I can tell from your situation, you should not be rate limited -- provided that you are not trying to use some other tool to download the files from that IP, like curl or something.

Please delete /var/lib/clamav/freshclam.dat and retry. This will cause Freshclam to actually try again. Hopefully the situation will be resolved and things will just work after that.

[micahsnyder]

@junaid27 this ticket has been idle for a long time. Are you still having issues? May I close the issue?

[AirNetUz]

Hi,
I'll write here so as not to duplicate topics.
We have a similar situation, CDN blocks our IP addresses.
Is it possible to check if this is the case?
Our IP:
176.96.241.0/24
176.96.243.0/24
AS 12860
Сountry Uzbekistan (UZ)