Hi, We installed and configured ClamAV 0.102.3 on all of our AIX servers running on 7.1 version. We do have a centralized server in our environment where we installed a proxy server squid and then configured our clients to use it by setting the HTTPProxyServer parameter in freshclam.conf. This centralized server is the only server where the firewall is opened to download any updates from database.clamav.net. Below example, has XXXX server being the client and YYYY being the centralized proxy server where all clients are trying to download the updates.
But when running a freshclam, its throwing up the error as SSL peer certificate or SSH remote key was not OK. We never used SSL certificates before with any of the previous version of clamAV. I even tried resintalling back the previous version clamav 0.102.2 but this SSL peer certificate error still remains. Any help in guiding me to the correct configuration would be greatly appreciated as I have tried installing/reinstalling configuring the squid proxy server YYYY multiple times, but the error remains intact. We don't really have any certificates or SSL configured on the proxy server. Majority of the settings that we have in the squid.conf are by default. root@XXXX/usr/local/etc # freshclam LibClamAV Warning: Connecting via YYYY.state.mo.us Thu Jun 11 13:49:29 2020 -> ClamAV update process started at Thu Jun 11 13:49:29 2020 Thu Jun 11 13:49:29 2020 -> ^Can't query state.mo.us Thu Jun 11 13:49:29 2020 -> ^Invalid DNS reply. Falling back to HTTP mode. Thu Jun 11 13:49:29 2020 -> Reading CVD header (daily.cvd): Thu Jun 11 13:49:29 2020 -> ^remote_cvdhead: Download failed (60) Thu Jun 11 13:49:29 2020 -> ^ Message: SSL peer certificate or SSH remote key was not OK Thu Jun 11 13:49:29 2020 -> ^Failed to get daily database version information from server: https://database.clamav.net Thu Jun 11 13:49:29 2020 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net. Thu Jun 11 13:49:29 2020 -> Trying again in 5 secs... Thu Jun 11 13:49:34 2020 -> Reading CVD header (daily.cvd): Thu Jun 11 13:49:34 2020 -> ^remote_cvdhead: Download failed (60) Thu Jun 11 13:49:34 2020 -> ^ Message: SSL peer certificate or SSH remote key was not OK Thu Jun 11 13:49:34 2020 -> ^Failed to get daily database version information from server: https://database.clamav.net Thu Jun 11 13:49:34 2020 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net. Thu Jun 11 13:49:34 2020 -> Trying again in 5 secs... Thu Jun 11 13:49:39 2020 -> Reading CVD header (daily.cvd): Thu Jun 11 13:49:39 2020 -> !remote_cvdhead: Download failed (60) Thu Jun 11 13:49:39 2020 -> ! Message: SSL peer certificate or SSH remote key was not OK Thu Jun 11 13:49:39 2020 -> ^Failed to get daily database version information from server: https://database.clamav.net Thu Jun 11 13:49:39 2020 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net. Thu Jun 11 13:49:39 2020 -> Giving up on https://database.clamav.net... Thu Jun 11 13:49:39 2020 -> !Update failed for database: daily Thu Jun 11 13:49:39 2020 -> ^fc_update_databases: fc_update_database failed: HTTP GET failed (11) Thu Jun 11 13:49:39 2020 -> !Database update process failed: HTTP GET failed (11) Thu Jun 11 13:49:39 2020 -> !Update failed. root@XXXX/usr/local/etc # freshclam -V ClamAV 0.102.3 root@XXXX /usr/local/etc # telnet YYYY 3128 Trying... Connected to YYYY.state.mo.us. Escape character is '^]'. root@XXXX/usr/local/etc # cat freshclam.conf | grep -v ^# DatabaseDirectory /var/lib/clamav UpdateLogFile /var/log/clamav/freshclam.log LogTime yes LogSyslog yes LogRotate yes DatabaseMirror database.clamav.net HTTPProxyServer YYYY.state.mo.us HTTPProxyPort 3128 Proxy server(YYYY) [root@YYYY~]# freshclam -V ClamAV 0.102.3/25840/Thu Jun 11 07:52:31 2020 [root@YYYY~]# cat /etc/squid/squid.conf | grep -v ^# visible_hostname YYYY acl localnet src state.mo.us acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl CONNECT method CONNECT acl access_to_clamav_updates dstdomain "/etc/squid/clamavupdate.txt" http_access allow access_to_clamav_updates http_access deny all http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localnet http_access allow localhost http_access deny all http_port 3128 cache_dir ufs /var/spool/squid 100 16 256 coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 [root@YYYY~]# cat "/etc/squid/clamavupdate.txt" db.US.clamav.net database.clamav.net [root@YYYY~]#
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
