[clamav-users] Fwd: Fwd: freshclam incremental update
Gene Heskett
gheskett at shentel.net
Tue Sep 3 12:48:06 UTC 2019
On Tuesday 03 September 2019 06:20:58 G.W. Haywood via clamav-users
wrote:
> Hi there,
>
> On Tue, 3 Sep 2019, Birger Birger via clamav-users wrote:
> > Sep 3 10:43:22 zentyal kernel: [266193.080510] zentyal-firewall
> > drop IN= OUT=eth0 SRC=192.168.1.30 DST=104.16.218.84 LEN=40 TOS=0x00
> > PREC=0x00 TTL=64 ID=52480 DF PROTO=TCP SPT=51666 DPT=80 WINDOW=9057
> > RES=0x00 ACK FIN URGP=0 MARK=0x1
>
> That's a Cloudflare destination IP. You see it in your freshclam log.
> Cloudflare delivers the ClamAV data and you're dropping packets sent
> to it from 192.168.1.30. I guess that's your immediate problem.
>
> Another question about "Ubuntu Syslog".
>
> > Sep 3 10:41:17 zentyal kernel: [266068.432972] zentyal-firewall
> > drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
> > SRC=112.85.42.229 DST=192.168.1.30 LEN=67 TOS=0x00 PREC=0x00 TTL=46
> > ID=58277 DF PROTO=TCP SPT=14305 DPT=22 WINDOW=229 RES=0x00 ACK PSH
> > UR$
>
> The IP address 112.85.42.229 appears to be in Shanghai, and it appears
> that it's trying to make SSH connections to 192.168.1.30. If that
> were my router, I would not let these attempts through it.
>
That router is passing stuff that should never get past it UNLESS you
have set a Port Forward NAT. If you have NOT set that up, it will get
you hacked, so apply a hammer to "take it out of the gene pool" and
deposit the remains in the outgoing trash forthwith and replace it with
something you can reflash to dd-wrt. Nothing comes in thru dd-wrt that
you don't specifically allow, and has stood guard here for nearly 20
years now. Unlike guard dogs, it never sleeps.
> I repeat that I sugggest you upgrade ClamAV to the latest version.
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>
More information about the clamav-users
mailing list