SSH Port 22 has been opened by me for purpose of troubleshooting the ClamAV issues. Will ask for a specific IP from the Zentyal support. Closing it now. 

Den tis 3 sep. 2019 14:48Gene Heskett via clamav-users <clamav-users@lists.clamav.net> skrev:
On Tuesday 03 September 2019 06:20:58 G.W. Haywood via clamav-users
wrote:

> Hi there,
>
> On Tue, 3 Sep 2019, Birger Birger via clamav-users wrote:
> > Sep  3 10:43:22 zentyal kernel: [266193.080510] zentyal-firewall
> > drop IN= OUT=eth0 SRC=192.168.1.30 DST=104.16.218.84 LEN=40 TOS=0x00
> > PREC=0x00 TTL=64 ID=52480 DF PROTO=TCP SPT=51666 DPT=80 WINDOW=9057
> > RES=0x00 ACK FIN URGP=0 MARK=0x1
>
> That's a Cloudflare destination IP.  You see it in your freshclam log.
> Cloudflare delivers the ClamAV data and you're dropping packets sent
> to it from 192.168.1.30.  I guess that's your immediate problem.
>
> Another question about "Ubuntu Syslog".
>
> > Sep  3 10:41:17 zentyal kernel: [266068.432972] zentyal-firewall
> > drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
> > SRC=112.85.42.229 DST=192.168.1.30 LEN=67 TOS=0x00 PREC=0x00 TTL=46
> > ID=58277 DF PROTO=TCP SPT=14305 DPT=22 WINDOW=229 RES=0x00 ACK PSH
> > UR$
>
> The IP address 112.85.42.229 appears to be in Shanghai, and it appears
> that it's trying to make SSH connections to 192.168.1.30.  If that
> were my router, I would not let these attempts through it.
>
That router is passing stuff that should never get past it UNLESS you
have set a Port Forward NAT. If you have NOT set that up, it will get
you hacked, so apply a hammer to "take it out of the gene pool" and
deposit the remains in the outgoing trash forthwith and replace it with
something you can reflash to dd-wrt. Nothing comes in thru dd-wrt that
you don't specifically allow, and has stood guard here for nearly 20
years now.  Unlike guard dogs, it never sleeps.

> I repeat that I sugggest you upgrade ClamAV to the latest version.


Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml