update of daily.cvd failed again after being removed. here comes the logs (syslog vigor2926, freshclam, syslog ubuntu)
Vigor 2926 Syslog
<150>Sep 3 10:41:12 DrayTek: Open port:
188.92.77.12:21585 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:16 DrayTek: Open port:
112.85.42.229:14305 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:28 DrayTek: Open port:
188.92.77.12:63263 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:28 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 ->
188.92.77.12:21585 (TCP) close connection
<150>Sep 3 10:41:31 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
mspc-eu1-comserver-elb-321476491.eu-west-1.elb.amazonaws.com<150>Sep 3 10:41:31 DrayTek: Local User (MAC=00-0C-29-A0-0F-77):
192.168.1.102:60175 ->
52.51.20.101:3377 (TCP)
<150>Sep 3 10:41:35 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 ->
188.92.77.12:63263 (TCP) close connection
<150>Sep 3 10:41:35 DrayTek: Open port:
188.92.77.12:23462 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:37 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
avery-eu-west-1-svc.logicnow.us<150>Sep 3 10:41:37 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
avery-web-1759575585.eu-west-1.elb.amazonaws.com<150>Sep 3 10:41:37 DrayTek: Local User (MAC=44-8A-5B-A5-30-3E):
192.168.1.200:55339 ->
52.214.156.124:443 (TCP)
<150>Sep 3 10:41:38 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:56309 ->
13.33.99.100:443 (TCP) close connection
<150>Sep 3 10:41:41 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
db.se.clamav.net<150>Sep 3 10:41:41 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
db.se.clamav.net.cdn.cloudflare.net<150>Sep 3 10:41:41 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:51666 ->
104.16.218.84:80 (TCP)Web
<150>Sep 3 10:41:46 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 ->
188.92.77.12:23462 (TCP) close connection
<150>Sep 3 10:41:47 DrayTek: Open port:
188.92.77.12:52821 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:53 DrayTek: Open port:
188.92.77.12:1938 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:53 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 ->
188.92.77.12:52821 (TCP) close connection
<150>Sep 3 10:41:55 DrayTek: Open port:
142.93.49.103:41840 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:58 DrayTek: Local User:
142.93.49.103:41840 ->
192.168.1.30:22 (TCP) close connection
<166>Sep 3 10:41:59 DrayTek: acme client: Error: DrayDDNS account not exist
<150>Sep 3 10:41:59 DrayTek: Local User (MAC=44-8A-5B-A5-30-3E):
192.168.1.200:56199 ->
52.51.20.101:443 (TCP)
<150>Sep 3 10:42:01 DrayTek: Open port:
142.93.92.232:25008 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:02 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 ->
188.92.77.12:1938 (TCP) close connection
<150>Sep 3 10:42:02 DrayTek: Open port:
188.92.77.12:27606 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:04 DrayTek: Local User:
142.93.92.232:25008 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:42:07 DrayTek: Open port:
112.85.42.229:44675 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:10 DrayTek: Open port:
188.92.77.12:44063 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:10 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 ->
188.92.77.12:27606 (TCP) close connection
<150>Sep 3 10:42:15 DrayTek: Open port:
167.71.221.167:45770 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:17 DrayTek: Local User:
112.85.42.229:44675 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:42:17 DrayTek: Open port:
51.15.50.79:38432 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:17 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 ->
188.92.77.12:44063 (TCP) close connection
<150>Sep 3 10:42:17 DrayTek: Open port:
188.92.77.12:64715 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:20 DrayTek: Local User:
51.15.50.79:38432 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:42:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
aus5.mozilla.org<150>Sep 3 10:42:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
balrog-aus5.r53-2.services.mozilla.com<150>Sep 3 10:42:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
balrog-aus5-noclip.r53-2.services.mozilla.com<150>Sep 3 10:42:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
balrog-cloudfront.prod.mozaws.net<150>Sep 3 10:42:24 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62576 ->
13.33.99.148:443 (TCP)
<150>Sep 3 10:42:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
balrog-cloudfront.prod.mozaws.net<150>Sep 3 10:42:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 ->
188.92.77.12:64715 (TCP) close connection
<150>Sep 3 10:42:25 DrayTek: Local User:
167.71.221.167:45770 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:42:25 DrayTek: Open port:
188.92.77.12:19406 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:26 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
daily.0.93.0.0.6810DA54.ping.clamav.net<150>Sep 3 10:42:27 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 198.41.0.4 inquire
daily.0.93.0.0.6810DA54.ping.clamav.net<150>Sep 3 10:42:27 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 192.26.92.30 inquire
daily.0.93.0.0.6810DA54.ping.clamav.net<150>Sep 3 10:42:27 DrayTek: Local User:
198.41.0.4:53 ->
192.168.1.30:37525 (TCP) close connection
<150>Sep 3 10:42:27 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 172.110.204.39 inquire
daily.0.93.0.0.6810DA54.ping.clamav.net<150>Sep 3 10:42:27 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 198.148.79.38 inquire
daily.0.93.0.0.6810DA54.ping.clamav.net<150>Sep 3 10:42:31 DrayTek: Open port:
104.248.159.129:36038 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:32 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 ->
188.92.77.12:19406 (TCP) close connection
<150>Sep 3 10:42:32 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62577 ->
91.238.51.50:443 (TCP)
<150>Sep 3 10:42:32 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:51814 ->
104.16.219.84:80 (TCP)Web
<150>Sep 3 10:42:32 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62578 ->
91.238.51.50:80 (TCP)Web
<150>Sep 3 10:42:35 DrayTek: Local User:
104.248.159.129:36038 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:42:37 DrayTek: Open port:
188.92.77.12:54346 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:37 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62578 ->
91.238.51.50:80 (TCP) close connection
<150>Sep 3 10:42:38 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
sip1.cellip.com<150>Sep 3 10:42:42 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62564 ->
93.184.220.29:80 (TCP) close connection
<150>Sep 3 10:42:44 DrayTek: Open port:
190.85.234.215:53572 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:47 DrayTek: Local User:
190.85.234.215:53572 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:42:48 DrayTek: Open port:
112.85.42.229:49186 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:53 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:123 ->
194.58.200.20:123 (UDP)
<150>Sep 3 10:42:55 DrayTek: Open port:
141.98.80.75:15586 ->
192.168.1.30:25 (TCP) SMTP
<150>Sep 3 10:42:55 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire 75.80.98.141.in-addr.arpa
<166>Sep 3 10:42:55 DrayTek: statistic: WAN2: Tx 55 Kbps, Rx 2641 Kbps (5 min average)
<166>Sep 3 10:42:55 DrayTek: statistic: Session Usage: 224 (5 min average)
<150>Sep 3 10:42:57 DrayTek: Local User (MAC=44-8A-5B-A5-30-3E):
192.168.1.200:56205 ->
91.238.51.50:443 (TCP)
<150>Sep 3 10:42:57 DrayTek: Local User (MAC=44-8A-5B-A5-30-3E):
192.168.1.200:56206 ->
91.238.51.50:80 (TCP)Web
<150>Sep 3 10:42:58 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 ->
188.92.77.12:54346 (TCP) close connection
<150>Sep 3 10:42:59 DrayTek: Open port:
188.92.77.12:38856 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:59 DrayTek: Open port:
141.98.80.75:62466 ->
192.168.1.30:25 (TCP) SMTP
<150>Sep 3 10:42:59 DrayTek: Local User:
141.98.80.75:15586 ->
192.168.1.30:25 (TCP) close connection
<166>Sep 3 10:42:59 DrayTek: acme client: Error: DrayDDNS account not exist
<150>Sep 3 10:43:02 DrayTek: Local User (MAC=44-8A-5B-A5-30-3E):
192.168.1.200:56206 ->
91.238.51.50:80 (TCP) close connection
<150>Sep 3 10:43:05 DrayTek: Open port:
62.215.6.11:51704 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:43:09 DrayTek: Local User:
62.215.6.11:51704 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:43:11 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
breck-eu-west-1-svc.logicnow.us<150>Sep 3 10:43:11 DrayTek: Local User (MAC=44-8A-5B-A5-30-3E):
192.168.1.200:56208 ->
34.249.179.175:443 (TCP)
<134>Sep 3 10:43:12 DrayTek: [ARP][Arp address mismatch - Ethernet destination address doesn't match ARP target adress]
<150>Sep 3 10:43:12 DrayTek: Local User:
141.98.80.75:62466 ->
192.168.1.30:25 (TCP) close connection
<150>Sep 3 10:43:17 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
daily.0.93.0.0.6810DB54.ping.clamav.net<150>Sep 3 10:43:17 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 198.148.79.38 inquire
daily.0.93.0.0.6810DB54.ping.clamav.net<150>Sep 3 10:43:19 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
arngw-mct04.mspa.n-able.com<150>Sep 3 10:43:19 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62597 ->
154.43.131.16:443 (TCP)
<150>Sep 3 10:43:19 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62598 ->
154.43.131.16:80 (TCP)Web
<150>Sep 3 10:43:19 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:56610 ->
154.43.131.16:1235 (UDP)
<150>Sep 3 10:43:22 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
upload3europe1.systemmonitor.eu.com<150>Sep 3 10:43:22 DrayTek: Local User (MAC=00-0C-29-A0-0F-77):
192.168.1.102:60183 ->
134.213.138.171:443 (TCP)
<150>Sep 3 10:43:22 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
db.se.clamav.net<150>Sep 3 10:43:23 DrayTek: Open port:
91.106.97.88:58564 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:43:24 DrayTek: Local User (MAC=00-0C-29-A0-0F-77): 192.168.1.102 DNS -> 8.8.8.8 inquire
dynupdate.no-ip.com<150>Sep 3 10:43:24 DrayTek: Local User (MAC=00-0C-29-A0-0F-77):
192.168.1.102:60184 ->
54.219.9.206:8245 (TCP)
<150>Sep 3 10:43:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
dynupdate.no-ip.com<150>Sep 3 10:43:26 DrayTek: Local User:
91.106.97.88:58564 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:43:28 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 ->
188.92.77.12:38856 (TCP) close connection
<150>Sep 3 10:43:28 DrayTek: Open port:
188.92.77.12:53838 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:43:30 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:993 ->
37.196.141.135:33650 (TCP)
<150>Sep 3 10:43:30 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:993 ->
37.196.141.135:33652 (TCP)
<150>Sep 3 10:43:30 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:993 ->
37.196.141.135:33654 (TCP)
<150>Sep 3 10:43:30 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:993 ->
37.196.141.135:33648 (TCP)
<150>Sep 3 10:43:30 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:993 ->
37.196.141.135:33656 (TCP)
<150>Sep 3 10:43:32 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
database.clamav.net<150>Sep 3 10:43:32 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
database.clamav.net.cdn.cloudflare.net<150>Sep 3 10:43:33 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire
kube-nimbus-1314339100.eu-central-1.elb.amazonaws.com<150>Sep 3 10:43:33 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62599 ->
18.196.144.30:443 (TCP)
Ubuntu Syslog
Sep 3 10:41:17 zentyal kernel: [266068.432972] zentyal-firewall drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 SRC=112.85.42.229 DST=192.168.1.30 LEN=67 TOS=0x00 PREC=0x00 TTL=46 ID=58277 DF PROTO=TCP SPT=14305 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0 MARK=0x1
Sep 3 10:41:18 zentyal kernel: [266069.260253] zentyal-firewall drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 SRC=112.85.42.229 DST=192.168.1.30 LEN=700 TOS=0x00 PREC=0x00 TTL=46 ID=58279 DF PROTO=TCP SPT=14305 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0 MARK=0x1
Sep 3 10:41:40 zentyal kernel: [266091.705497] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.30 DST=192.168.1.200 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=46452 DF PROTO=TCP SPT=139 DPT=55335 WINDOW=237 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 3 10:41:42 zentyal kernel: [266093.463049] audit: type=1400 audit(1567500102.736:78): apparmor="DENIED" operation="open" profile="/usr/bin/freshclam" name="/etc/ssl/openssl.cnf" pid=14221 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep 3 10:41:42 zentyal kernel: [266093.468537] audit: type=1400 audit(1567500102.740:79): apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/samba/winbindd/pipe" pid=14221 comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
Sep 3 10:41:58 zentyal dhcpd[2318]: DHCPREQUEST for 192.168.1.200 from 44:8a:5b:a5:30:3e (spc1) via eth0
Sep 3 10:41:58 zentyal dhcpd[2318]: DHCPACK on 192.168.1.200 to 44:8a:5b:a5:30:3e (spc1) via eth0
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: starting transaction on zone company.local
Sep 3 10:41:58 zentyal named[31433]: client @0x7f39cc098ef0 192.168.1.200#52376: update 'company.local/IN' denied
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: cancelling transaction on zone company.local
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: starting transaction on zone company.local
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: allowing update of signer=spc1\$\@company.LOCAL name=spc1.company.local tcpaddr=192.168.1.200 type=AAAA key=1880-ms-7.478-19917bcc.02c13bf7-ca40-11e9-5583-3010b35e266d/160/0
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: allowing update of signer=spc1\$\@company.LOCAL name=spc1.company.local tcpaddr=192.168.1.200 type=A key=1880-ms-7.478-19917bcc.02c13bf7-ca40-11e9-5583-3010b35e266d/160/0
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: allowing update of signer=spc1\$\@company.LOCAL name=spc1.company.local tcpaddr=192.168.1.200 type=A key=1880-ms-7.478-19917bcc.02c13bf7-ca40-11e9-5583-3010b35e266d/160/0
Sep 3 10:41:58 zentyal named[31433]: client @0x7f39cc098ef0 192.168.1.200#56976/key spc1\$\@company.LOCAL: updating zone 'company.local/NONE': deleting rrset at 'spc1.company.local' AAAA
Sep 3 10:41:58 zentyal named[31433]: client @0x7f39cc098ef0 192.168.1.200#56976/key spc1\$\@company.LOCAL: updating zone 'company.local/NONE': deleting rrset at 'spc1.company.local' A
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: subtracted rdataset spc1.company.local 'spc1.company.local.#0111200#011IN#011A#011192.168.1.200'
Sep 3 10:41:58 zentyal named[31433]: client @0x7f39cc098ef0 192.168.1.200#56976/key spc1\$\@company.LOCAL: updating zone 'company.local/NONE': adding an RR at 'spc1.company.local' A 192.168.1.200
Sep 3 10:41:59 zentyal named[31433]: samba_dlz: added rdataset spc1.company.local 'spc1.company.local.#0111200#011IN#011A#011192.168.1.200'
Sep 3 10:41:59 zentyal named[31433]: samba_dlz: committed transaction on zone company.local
Sep 3 10:42:08 zentyal kernel: [266119.353208] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.30 DST=192.168.1.200 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=46453 DF PROTO=TCP SPT=139 DPT=55335 WINDOW=237 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 3 10:42:08 zentyal kernel: [266119.507436] zentyal-firewall drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 SRC=112.85.42.229 DST=192.168.1.30 LEN=67 TOS=0x00 PREC=0x00 TTL=46 ID=22575 DF PROTO=TCP SPT=44675 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0 MARK=0x1
Sep 3 10:42:09 zentyal kernel: [266120.308040] zentyal-firewall drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 SRC=112.85.42.229 DST=192.168.1.30 LEN=700 TOS=0x00 PREC=0x00 TTL=46 ID=22577 DF PROTO=TCP SPT=44675 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0 MARK=0x1
Sep 3 10:42:33 zentyal samba[3524]: [2019/09/03 10:42:33.921837, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Sep 3 10:42:33 zentyal samba[3524]: /usr/sbin/samba_kcc: ldb_wrap open of secrets.ldb
Sep 3 10:42:50 zentyal kernel: [266161.088957] zentyal-firewall drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 SRC=112.85.42.229 DST=192.168.1.30 LEN=67 TOS=0x00 PREC=0x00 TTL=46 ID=15370 DF PROTO=TCP SPT=49186 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0 MARK=0x1
Sep 3 10:42:51 zentyal kernel: [266161.979994] zentyal-firewall drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 SRC=112.85.42.229 DST=192.168.1.30 LEN=700 TOS=0x00 PREC=0x00 TTL=46 ID=15372 DF PROTO=TCP SPT=49186 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0 MARK=0x1
Sep 3 10:42:54 zentyal kernel: [266165.432765] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.30 DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=52479 DF PROTO=TCP SPT=51666 DPT=80 WINDOW=9057 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 3 10:42:56 zentyal postfix/smtpd[14305]: connect from unknown[141.98.80.75]
Sep 3 10:43:00 zentyal postfix/smtpd[14305]: warning: unknown[141.98.80.75]: SASL PLAIN authentication failed:
Sep 3 10:43:00 zentyal postfix/smtpd[14305]: lost connection after AUTH from unknown[141.98.80.75]
Sep 3 10:43:00 zentyal postfix/smtpd[14305]: disconnect from unknown[141.98.80.75] ehlo=1 auth=0/1 commands=1/2
Sep 3 10:43:00 zentyal postfix/smtpd[14305]: connect from unknown[141.98.80.75]
Sep 3 10:43:13 zentyal postfix/smtpd[14305]: warning: unknown[141.98.80.75]: SASL PLAIN authentication failed:
Sep 3 10:43:13 zentyal dhcpd[2318]: DHCPREQUEST for 192.168.1.202 from ec:e1:a9:ca:43:bb (SEPECE1A9CA43BB) via eth0
Sep 3 10:43:13 zentyal dhcpd[2318]: DHCPACK on 192.168.1.202 to ec:e1:a9:ca:43:bb (SEPECE1A9CA43BB) via eth0
Sep 3 10:43:14 zentyal postfix/smtpd[14305]: lost connection after AUTH from unknown[141.98.80.75]
Sep 3 10:43:14 zentyal postfix/smtpd[14305]: disconnect from unknown[141.98.80.75] ehlo=1 auth=0/1 commands=1/2
Sep 3 10:43:22 zentyal kernel: [266193.080510] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.30 DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=52480 DF PROTO=TCP SPT=51666 DPT=80 WINDOW=9057 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 3 10:43:37 zentyal kernel: [266208.618132] zentyal-firewall drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 SRC=112.85.42.229 DST=192.168.1.30 LEN=67 TOS=0x00 PREC=0x00 TTL=46 ID=15251 DF PROTO=TCP SPT=47148 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0 MARK=0x1
Sep 3 10:43:38 zentyal kernel: [266209.439147] zentyal-firewall drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 SRC=112.85.42.229 DST=192.168.1.30 LEN=700 TOS=0x00 PREC=0x00 TTL=46 ID=15253 DF PROTO=TCP SPT=47148 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0 MARK=0x1
Sep 3 10:43:40 zentyal postfix/smtpd[14305]: connect from unknown[185.234.216.206]
Sep 3 10:43:40 zentyal postfix/smtpd[14305]: warning: unknown[185.234.216.206]: SASL LOGIN authentication failed: Invalid authentication mechanism
Sep 3 10:43:40 zentyal postfix/smtpd[14305]: lost connection after AUTH from unknown[185.234.216.206]
Sep 3 10:43:40 zentyal postfix/smtpd[14305]: disconnect from unknown[185.234.216.206] ehlo=1 auth=0/1 commands=1/2
Sep 3 10:43:45 zentyal kernel: [266215.864343] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.30 DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=64724 DF PROTO=TCP SPT=51814 DPT=80 WINDOW=6750 RES=0x00 ACK FIN URGP=0 MARK=0x1
freshclam log
Tue Sep 3 10:41:42 2019 -> ClamAV update process started at Tue Sep 3 10:41:42 2019
Tue Sep 3 10:41:42 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Sep 3 10:41:42 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4
Tue Sep 3 10:41:42 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamavTue Sep 3 10:41:42 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Tue Sep 3 10:42:28 2019 -> nonblock_recv: recv timing out (30 secs)
Tue Sep 3 10:42:28 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.218.84)
Tue Sep 3 10:42:28 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.netCan't query
daily.0.93.0.0.6810DA54.ping.clamav.netTue Sep 3 10:42:28 2019 -> Trying again in 5 secs...
Tue Sep 3 10:42:33 2019 -> ClamAV update process started at Tue Sep 3 10:42:33 2019
Tue Sep 3 10:42:33 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Sep 3 10:42:33 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4
Tue Sep 3 10:42:33 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamavTue Sep 3 10:42:33 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Tue Sep 3 10:43:18 2019 -> nonblock_recv: recv timing out (30 secs)
Tue Sep 3 10:43:18 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.219.84)
Tue Sep 3 10:43:18 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.netCan't query
daily.0.93.0.0.6810DB54.ping.clamav.netTue Sep 3 10:43:18 2019 -> Trying again in 5 secs...
Tue Sep 3 10:43:23 2019 -> ClamAV update process started at Tue Sep 3 10:43:23 2019
Tue Sep 3 10:43:23 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Sep 3 10:43:23 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4
Tue Sep 3 10:43:23 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamavTue Sep 3 10:43:23 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Tue Sep 3 10:43:24 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.netTue Sep 3 10:43:24 2019 -> Trying again in 5 secs...
Tue Sep 3 10:43:29 2019 -> ClamAV update process started at Tue Sep 3 10:43:29 2019
Tue Sep 3 10:43:29 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Sep 3 10:43:29 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4
Tue Sep 3 10:43:29 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamavTue Sep 3 10:43:29 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Tue Sep 3 10:43:29 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.netTue Sep 3 10:43:29 2019 -> Trying again in 5 secs...
Tue Sep 3 10:43:34 2019 -> ClamAV update process started at Tue Sep 3 10:43:34 2019
Tue Sep 3 10:43:34 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Sep 3 10:43:34 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4
Tue Sep 3 10:43:34 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamavTue Sep 3 10:43:34 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Tue Sep 3 10:43:34 2019 -> ERROR: Can't download daily.cvd from
db.se.clamav.netTue Sep 3 10:43:34 2019 -> Giving up on db.se.clamav.net...
Tue Sep 3 10:43:34 2019 -> ClamAV update process started at Tue Sep 3 10:43:34 2019
Tue Sep 3 10:43:34 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Sep 3 10:43:34 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4
Tue Sep 3 10:43:34 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamavTue Sep 3 10:43:34 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Tue Sep 3 10:43:34 2019 -> ERROR: Can't download daily.cvd from
database.clamav.netTue Sep 3 10:43:34 2019 -> Giving up on database.clamav.net...
Tue Sep 3 10:43:34 2019 -> Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check
https://www.clamav.net/documents/official-mirror-faq for possible reasons.