[clamav-users] Fwd: Fwd: freshclam incremental update

Birger Birger birger.solna at gmail.com
Tue Sep 3 13:12:48 UTC 2019 

SSH Port 22 has been opened by me for purpose of troubleshooting the ClamAV
issues. Will ask for a specific IP from the Zentyal support. Closing it
now.

Den tis 3 sep. 2019 14:48Gene Heskett via clamav-users <
clamav-users at lists.clamav.net> skrev:

> On Tuesday 03 September 2019 06:20:58 G.W. Haywood via clamav-users
> wrote:
>
> > Hi there,
> >
> > On Tue, 3 Sep 2019, Birger Birger via clamav-users wrote:
> > > Sep  3 10:43:22 zentyal kernel: [266193.080510] zentyal-firewall
> > > drop IN= OUT=eth0 SRC=192.168.1.30 DST=104.16.218.84 LEN=40 TOS=0x00
> > > PREC=0x00 TTL=64 ID=52480 DF PROTO=TCP SPT=51666 DPT=80 WINDOW=9057
> > > RES=0x00 ACK FIN URGP=0 MARK=0x1
> >
> > That's a Cloudflare destination IP.  You see it in your freshclam log.
> > Cloudflare delivers the ClamAV data and you're dropping packets sent
> > to it from 192.168.1.30.  I guess that's your immediate problem.
> >
> > Another question about "Ubuntu Syslog".
> >
> > > Sep  3 10:41:17 zentyal kernel: [266068.432972] zentyal-firewall
> > > drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
> > > SRC=112.85.42.229 DST=192.168.1.30 LEN=67 TOS=0x00 PREC=0x00 TTL=46
> > > ID=58277 DF PROTO=TCP SPT=14305 DPT=22 WINDOW=229 RES=0x00 ACK PSH
> > > UR$
> >
> > The IP address 112.85.42.229 appears to be in Shanghai, and it appears
> > that it's trying to make SSH connections to 192.168.1.30.  If that
> > were my router, I would not let these attempts through it.
> >
> That router is passing stuff that should never get past it UNLESS you
> have set a Port Forward NAT. If you have NOT set that up, it will get
> you hacked, so apply a hammer to "take it out of the gene pool" and
> deposit the remains in the outgoing trash forthwith and replace it with
> something you can reflash to dd-wrt. Nothing comes in thru dd-wrt that
> you don't specifically allow, and has stood guard here for nearly 20
> years now.  Unlike guard dogs, it never sleeps.
>
> > I repeat that I sugggest you upgrade ClamAV to the latest version.
>
>
> Cheers, Gene Heskett
> --
> "There are four boxes to be used in defense of liberty:
>  soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> If we desire respect for the law, we must first make the law respectable.
>  - Louis D. Brandeis
> Genes Web page <http://geneslinuxbox.net:6309/gene>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190903/0fea1801/attachment.htm>

More information about the clamav-users mailing list