From: "Steven Levine" <ecs-isp@2rosenthals.com>
Received: from [192.168.100.201] (HELO mail.2rosenthals.com)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10)
  with ESMTPS id 8110491 for ecs-isp@2rosenthals.com; Thu, 12 Oct 2023 12:14:14 -0400
Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:57292 helo=mail2.2rosenthals.com)
	by mail.2rosenthals.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <steve53@earthlink.net>)
	id 1qqyKB-0000FD-1Z
	for ecs-isp@2rosenthals.com;
	Thu, 12 Oct 2023 12:14:11 -0400
Received: from mta-201b.earthlink-vadesecure.net ([51.81.229.181]:34699 helo=mta-201a.earthlink-vadesecure.net)
	by mail2.2rosenthals.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <steve53@earthlink.net>)
	id 1qqyK8-0001Td-1J
	for ecs-isp@2rosenthals.com;
	Thu, 12 Oct 2023 12:14:08 -0400
DKIM-Signature: v=1; a=rsa-sha256; bh=wRDsEKJanortu8u1SpPcTREM8i4j8ICw8yreiu
 Jjp/Y=; c=relaxed/relaxed; d=earthlink.net; h=from:reply-to:subject:
 date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to:
 references:list-id:list-help:list-unsubscribe:list-subscribe:list-post:
 list-owner:list-archive; q=dns/txt; s=dk12062016; t=1697127247;
 x=1697732047; b=Q15t+e00N/kV/MNkww1glikUYU7gYRPTnuWTW2HLZhVukNmHkurYAGs
 py4ANUk+CaQapEYWx32Xi09UYEE7S2RDzu2LTF3CnYBBBqu8bW51k9jEKFuMKgFC0wfxOGA
 mddNuDdTZaMsO4zv6eDCrbFissZAeNMv2e+czJtP/UVUD9z8mXiCHMk8Jm2Df7uRVZpwicY
 RvIErZkGZQlz5blpBNBdKfhPslwl9AEMGqiB85htFC2c6s6nr5ho7Vl4ZmlWXzxie/yQVph
 nte+TjwG3UlPiclNbekBkw7CnIGBPjHt7Uomu6ZQppFbXmCpHJhz4sprBMtTUt1cNMMVXrS
 8Ww==
Received: from slamain ([108.193.253.247])
 by vsel2nmtao01p.internal.vadesecure.com with ngmta
 id c530ee02-178d683d3cde09ab; Thu, 12 Oct 2023 16:14:06 +0000
Message-ID: <65282144.4.mr2ice.fgrirsq@earthlink.net>
Date: Thu, 12 Oct 2023 08:39:32 -0800
To: "eCS ISP Mailing List" <ecs-isp@2rosenthals.com>
In-Reply-To: <list-8110018@2rosenthals.com>
Subject: Re: [eCS-ISP] ClamAV
X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v3.00.11.24/60 

In <list-8110018@2rosenthals.com>, on 10/12/23
   at 10:27 AM, "Massimo S." <ecs-isp@2rosenthals.com> said:

Hi Massimo,

>they do not work from wget or curl

I'm starting to get the impression that the links we are finding are
stale.

I'm not sure it's possible to use wget or curl anymore.

The reason for the curl failure is obvious if you think to look at the
content of the downloaded web page.  How to avoid the failure is less
obvious. :-)

>http://db.local.clamav.net/main.cvd
>http://db.local.clamav.net/daily.cvd

Where did you get these URLs from?  On my currently partially working
ClamAV setup (ClamAV 0.103.6), freshclam is attempting to download

  https://database.clamav.net/daily.cvd

which fails because OpenSSL cannot find a certificate and complains:

 * error setting certificate verify locations:  CAfile:
/etc/ssl/cacert.pem CApath: none

Did you get this failure and if so what did you do to correct it?

>with wget i can use every option, but i still get:
>wget https://db.local.clamav.net/daily.cvd --no-check-certificate

>--2023-10-12 10:17:33--  https://db.local.clamav.net/daily.cvd
>Risoluzione di db.local.clamav.net (db.local.clamav.net)...
>104.16.219.84, 104.16.218.84 Connessione a db.local.clamav.net
>(db.local.clamav.net)|104.16.219.84|:443... connesso. AVVERTIMENTO:
>impossibile verificare il certificato di db.local.clamav.net, rilasciato
>da "CN=Cloudflare Inc  ECC CA-3,O=Cloudflare\\, Inc.,C=US":
>   Impossibile verificare localmente l'autorit  dell'emittente. Richiesta
>HTTP inviata, in attesa di risposta... 403 Forbidden 2023-10-12 10:17:33
>ERRORE 403: Forbidden.

Wget fails a bit differently here:

>wget https://db.local.clamav.net/daily.cvd --no-check-certificate
--2023-10-12 09:01:55--  https://db.local.clamav.net/daily.cvd Resolving
db.local.clamav.net (db.local.clamav.net)... 104.16.218.84, 104.16.219.84
Connecting to db.local.clamav.net
(db.local.clamav.net)|104.16.218.84|:443... connected. HTTP request sent,
awaiting response... 403 Forbidden
2023-10-12 09:01:56 ERROR 403: Forbidden.

For some reason, I don't get the certificate failure.

I get the same forbidden error attempting to wget
https://database.clamav.net/daily.cvd.

>of course i've the latest wget (check with yum updated wget)

Just to be sure, does wget --version report:

  GNU Wget 1.21.3 built on os2-emx.

>i can only download them from my pc with the browser, but i don't think
>this is an option

Why not?  I've not tried this yet.

The ClamAV folks provide a cfgupdate tool which I've not tracked down or
tested.

>i put the new signatures on the old ClamAV 0.102.0 i started clamscan and
>the server freezed :-(

Clamscan 0.103.6 to the level I've tested it here works fine with the
0.102.0 signatures Paul shipped.

----------- SCAN SUMMARY -----------
Known viruses: 4566249
Engine version: 0.103.6
Scanned directories: 8
Scanned files: 158
Infected files: 0
Data scanned: 23.64 MB
Data read: 16.32 MB (ratio 1.45:1)
Time: 43.756 sec (0 m 43 s)
Start Date: 2023:10:11 12:57:28
End Date:   2023:10:11 12:58:12

I plan to try with a larger set of files.

>damn me, during production hour here (10,23 AM)

Ooops. :-)


Steven

-- 
----------------------------------------------------------------------
"Steven Levine" <steve53@earthlink.net>  Warp/DIY/BlueLion etc.
www.scoug.com www.arcanoae.com www.warpcave.com
----------------------------------------------------------------------