Blocked Access to ClamAV Database Mirrors (403 Forbidden)

[giga758]

I am encountering a 403 Forbidden error when attempting to update ClamAV virus databases using FreshClam or directly through wget. The issue appears to be related to restrictions from the ClamAV CDN. Below are the details:

• ClamAV Version: 1.4.1
• FreshClam Version: 1.4.1
• OS: Linux

Error Message:

ERROR: FreshClam received error code 403 from the ClamAV Content Delivery Network (CDN).
ERROR: Database update process failed: Forbidden; Blocked by CDN.

Steps Taken:

1. Confirmed that ClamAV and FreshClam are up-to-date.
2. Attempted to download databases directly from the following URLs:
   • https://database.clamav.net/main.cvd
   • https://database.clamav.net/daily.cvd
   • https://database.clamav.net/bytecode.cvd
3. Tried using alternative mirrors:
   • https://db.us.clamav.net
   • https://db.eu.clamav.net
4. Verified that my configuration complies with ClamAV’s documentation and the FreshClam usage policy.

The issue persists across all attempts.

Request:
Please verify if there are any known restrictions or blocking rules affecting the ClamAV CDN. I would appreciate guidance on how to resolve this issue or if there are alternative mirrors available that can bypass the restrictions.

Describe the bug

Replace this text with a clear and concise description of the bug or feature request.

How to reproduce the problem

Replace this text with specific steps needed to reproduce the issue.

Replace this text with the output from the ClamAV command:
clamconf -n

Attachments

If applicable, add screenshots to help explain your problem.

If the issue is reproducible only when scanning a specific file, attach it to the ticket.

[Ashraf-wan]

I also got that problem. I cant run freshclam.exe. I am able to visit database.clamav.net and download the daily.cvd manually but running freshclam.exe will always error with connection fail.

[val-ms]

We restrict downloads to the Freshclam and CVDUpdate clients. You should not be able to use a browser, curl, wget, etc to download the CVD files. The alternative mirrors (https://db.us.clamav.net/, etc) all point to the same cloudflare CDN now as database.clamav.net.

If you're getting a 403 forbidden message. It's possible we're blocking you based on location because of sanctions (sometimes that gets it wrong and we need to make adjustments), or you're being blocked by cloudflare (they do something similar).

If you can grab the CF-RAY ID from the HTTP response message from Cloudflare when you run freshclam --verbose, we can look up that ID in the logs to see what's going wrong.

Tip: If you've run freshclam already within the last 24 hours, it will back off to reduce network traffic and won't get that CF-RAY ID. You may need to delete the freshclam.dat file from the clamav database directory and try again. See also #1287 (comment)

[MarkyMarkDE]

my options from freshclam.conf

DatabaseOwner clamav
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror https://db.local.clamav.net
DatabaseMirror https://db.de.ipv6.clamav.net
DatabaseMirror https://db.dk.ipv6.clamav.net
DatabaseMirror https://db.pl.ipv6.clamav.net
DatabaseMirror https://db.cz.ipv6.clamav.net
DatabaseMirror https://db.at.ipv6.clamav.net
DatabaseMirror https://db.ch.ipv6.clamav.net
DatabaseMirror https://db.fr.ipv6.clamav.net
DatabaseMirror https://db.lu.ipv6.clamav.net
DatabaseMirror https://db.be.ipv6.clamav.net
DatabaseMirror https://db.nl.ipv6.clamav.net
DatabaseMirror https://db.us.ipv6.clamav.net
DatabaseMirror https://database.clamav.net
Bytecode yes
TestDatabases yes
CompressLocalDatabase no
DatabaseCustomURL file:///var/lib/clamav/whitelist.wdb

are working perfectly.
@micahsnyder my previous problems with .cld instead of .cvd ("Received an older CVD then advertised [...]") are solved with that too (added explicitly https|http and ipv6|ipv4).

Also the direct links:

https://database.clamav.net/daily.cvd
https://database.clamav.net/bytecode.cvd
https://database.clamav.net/main.cvd

do work for me.

[val-ms]

@giga758 Are you still having issues with access?