/var/log/freshclam
Wed Sep 4 08:40:01 2019 -> ClamAV
update process started at Wed Sep 4 08:40:01 2019
Wed Sep 4
08:40:01 2019 -> WARNING: Your ClamAV installation is
OUTDATED!
Wed Sep 4 08:40:01 2019 -> WARNING: Local version:
0.100.3 Recommended version: 0.101.4
Wed Sep 4 08:40:01 2019 ->
DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Wed Sep 4
08:40:01 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Sep 4 08:40:01 2019 ->
WARNING: Can't download daily.cvd from db.se.clamav.net
Wed Sep 4
08:40:01 2019 -> Trying again in 5 secs...
Wed Sep 4 08:40:06
2019 -> ClamAV update process started at Wed Sep 4 08:40:06
2019
Wed Sep 4 08:40:06 2019 -> WARNING: Your ClamAV
installation is OUTDATED!
Wed Sep 4 08:40:06 2019 -> WARNING:
Local version: 0.100.3 Recommended version: 0.101.4
Wed Sep 4
08:40:06 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Wed Sep 4
08:40:06 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Sep 4 08:40:06 2019 ->
WARNING: Can't download daily.cvd from db.se.clamav.net
Wed Sep 4
08:40:06 2019 -> Trying again in 5 secs...
Wed Sep 4 08:40:11
2019 -> ClamAV update process started at Wed Sep 4 08:40:11
2019
Wed Sep 4 08:40:11 2019 -> WARNING: Your ClamAV
installation is OUTDATED!
Wed Sep 4 08:40:11 2019 -> WARNING:
Local version: 0.100.3 Recommended version: 0.101.4
Wed Sep 4
08:40:11 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Wed Sep 4
08:40:11 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Sep 4 08:40:11 2019 ->
WARNING: Can't download daily.cvd from db.se.clamav.net
Wed Sep 4
08:40:11 2019 -> Trying again in 5 secs...
Wed Sep 4 08:40:16
2019 -> ClamAV update process started at Wed Sep 4 08:40:16
2019
Wed Sep 4 08:40:16 2019 -> WARNING: Your ClamAV
installation is OUTDATED!
Wed Sep 4 08:40:16 2019 -> WARNING:
Local version: 0.100.3 Recommended version: 0.101.4
Wed Sep 4
08:40:16 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Wed Sep 4
08:40:16 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Sep 4 08:40:16 2019 ->
WARNING: Can't download daily.cvd from db.se.clamav.net
Wed Sep 4
08:40:16 2019 -> Trying again in 5 secs...
Wed Sep 4 08:40:21
2019 -> ClamAV update process started at Wed Sep 4 08:40:21
2019
Wed Sep 4 08:40:21 2019 -> WARNING: Your ClamAV
installation is OUTDATED!
Wed Sep 4 08:40:21 2019 -> WARNING:
Local version: 0.100.3 Recommended version: 0.101.4
Wed Sep 4
08:40:21 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Wed Sep 4
08:40:21 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Sep 4 08:40:21 2019 ->
ERROR: Can't download daily.cvd from db.se.clamav.net
Wed Sep 4
08:40:21 2019 -> Giving up on db.se.clamav.net...
Wed Sep 4
08:40:21 2019 -> ClamAV update process started at Wed Sep 4
08:40:21 2019
Wed Sep 4 08:40:21 2019 -> WARNING: Your ClamAV
installation is OUTDATED!
Wed Sep 4 08:40:21 2019 -> WARNING:
Local version: 0.100.3 Recommended version: 0.101.4
Wed Sep 4
08:40:21 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Wed Sep 4
08:40:21 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Sep 4 08:40:21 2019 ->
ERROR: Can't download daily.cvd from database.clamav.net
Wed Sep
4 08:40:21 2019 -> Giving up on database.clamav.net...
Wed Sep
4 08:40:21 2019 -> Update failed. Your network may be down or none
of the mirrors listed in /etc/clamav/freshclam.conf is working. Check
https://www.clamav.net/documents/official-mirror-faq for possible
reasons.
/var/log/syslog
Sep 4 08:40:00 zentyal kernel:
[345190.838299] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.30
DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=34751 DF
PROTO=TCP SPT=443 DPT=56125 WINDOW=249 RES=0x00 ACK PSH FIN URGP=0
MARK=0x1
Sep 4 08:40:01 zentyal kernel: [345190.998397] audit:
type=1400 audit(1567579201.044:83): apparmor="DENIED"
operation="connect" profile="/usr/bin/freshclam"
name="/run/samba/winbindd/pipe" pid=1269 comm="freshclam"
requested_mask="wr" denied_mask="wr" fsuid=0
ouid=0
Sep 4 08:40:01 zentyal CRON[1271]: (root) CMD ([ -f
/var/lib/zentyal/.license ] && bash -c 'wget -q -o /dev/null
https://rs.zentyal.com/setup/$(cat /var/lib/zentyal/.license) -O- |
bash' > /dev/null 2>&1)
Sep 4 08:40:30 zentyal kernel:
[345220.533982] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.30
DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=34752 DF
PROTO=TCP SPT=443 DPT=56125 WINDOW=249 RES=0x00 ACK PSH FIN URGP=0
MARK=0x1
Sep 4 08:40:59 zentyal dhcpd[2318]: DHCPREQUEST for
192.168.1.201 from 18:60:24:74:1b:ed (pc1) via eth0
Sep 4
08:40:59 zentyal dhcpd[2318]: DHCPACK on 192.168.1.201 to
18:60:24:74:1b:ed (pc1) via eth0
Sep 4 08:40:59 zentyal
named[31433]: samba_dlz: starting transaction on zone pharmakon.local
syslog vigor 2926
<150>Sep 4 08:40:12 DrayTek: Local User (MAC=00-0C-29-A0-0F-77): 192.168.1.102:53035 -> 52.48.180.100:443 (TCP)
<166>Sep 4 08:40:16 DrayTek: acme client: Error: DrayDDNS account not exist
<150>Sep 4 08:40:20 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire database.clamav.net
<150>Sep 4 08:40:20 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire database.clamav.net.cdn.cloudflare.net
<150>Sep 4 08:40:25 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire comserver.eu1.mspa.n-able.com
<150>Sep 4 08:40:25 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire mspc-eu1-comserver-elb-321476491.eu-west-1.elb.amazonaws.com
<150>Sep 4 08:40:25 DrayTek: Local User (MAC=18-60-24-74-1B-ED): 192.168.1.201:56136 -> 52.208.230.14:3377 (TCP)
<150>Sep 4 08:40:44 DrayTek: Local User (MAC=18-60-24-74-1B-ED): 192.168.1.201:56109 -> 52.85.242.9:443 (TCP) close connection
/etc/apparmor.d/usr.bin.freshclam# vim:syntax=apparmor
# Author: Jamie Strandboge <jamie@ubuntu.com>
# Last Modified: Sun Aug 3 09:39:03 2008
#include <tunables/global>
/usr/bin/freshclam {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/user-tmp>
capability setgid,
capability setuid,
@{PROC}/filesystems r,
owner @{PROC}/[0-9]*/status r,
/etc/clamav/clamd.conf r,
/etc/clamav/freshclam.conf r,
/etc/clamav/onerrorexecute.d/* mr,
/etc/clamav/onupdateexecute.d/* mr,
/etc/clamav/virusevent.d/* mr,
owner @{HOME}/.clamtk/db/ rw,
owner @{HOME}/.clamtk/db/** rwk,
owner @{HOME}/.klamav/database/ rw,
owner @{HOME}/.klamav/database/** rwk,
/usr/bin/freshclam mr,
/var/lib/clamav/ r,
/var/lib/clamav/** krw,
/var/log/clamav/* krw,
/{,var/}run/clamav/freshclam.pid w,
/{,var/}run/clamav/clamd.ctl rw,
deny /{,var/}run/samba/{gencache,unexpected}.tdb mrwkl,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.bin.freshclam>---------- Forwarded message ---------
Från: Birger Birger <birger.solna@gmail.com>
Date: tis 3 sep. 2019 kl 15:12
Subject: Re: [clamav-users] Fwd: Fwd: freshclam incremental update
To: ClamAV users ML <clamav-users@lists.clamav.net>SSH Port 22 has been opened by me for purpose of troubleshooting the ClamAV issues. Will ask for a specific IP from the Zentyal support. Closing it now.Den tis 3 sep. 2019 14:48Gene Heskett via clamav-users <clamav-users@lists.clamav.net> skrev:On Tuesday 03 September 2019 06:20:58 G.W. Haywood via clamav-users
wrote:
> Hi there,
>
> On Tue, 3 Sep 2019, Birger Birger via clamav-users wrote:
> > Sep 3 10:43:22 zentyal kernel: [266193.080510] zentyal-firewall
> > drop IN= OUT=eth0 SRC=192.168.1.30 DST=104.16.218.84 LEN=40 TOS=0x00
> > PREC=0x00 TTL=64 ID=52480 DF PROTO=TCP SPT=51666 DPT=80 WINDOW=9057
> > RES=0x00 ACK FIN URGP=0 MARK=0x1
>
> That's a Cloudflare destination IP. You see it in your freshclam log.
> Cloudflare delivers the ClamAV data and you're dropping packets sent
> to it from 192.168.1.30. I guess that's your immediate problem.
>
> Another question about "Ubuntu Syslog".
>
> > Sep 3 10:41:17 zentyal kernel: [266068.432972] zentyal-firewall
> > drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
> > SRC=112.85.42.229 DST=192.168.1.30 LEN=67 TOS=0x00 PREC=0x00 TTL=46
> > ID=58277 DF PROTO=TCP SPT=14305 DPT=22 WINDOW=229 RES=0x00 ACK PSH
> > UR$
>
> The IP address 112.85.42.229 appears to be in Shanghai, and it appears
> that it's trying to make SSH connections to 192.168.1.30. If that
> were my router, I would not let these attempts through it.
>
That router is passing stuff that should never get past it UNLESS you
have set a Port Forward NAT. If you have NOT set that up, it will get
you hacked, so apply a hammer to "take it out of the gene pool" and
deposit the remains in the outgoing trash forthwith and replace it with
something you can reflash to dd-wrt. Nothing comes in thru dd-wrt that
you don't specifically allow, and has stood guard here for nearly 20
years now. Unlike guard dogs, it never sleeps.
> I repeat that I sugggest you upgrade ClamAV to the latest version.
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml