Now it seems the firewall is stopping freshclam to download updates. Any ideas?
freshclam-log
Wed Sep 11 11:04:53 2019 -> --------------------------------------
Wed Sep 11 11:04:53 2019 -> ClamAV update process started at Wed Sep 11 11:04:53 2019
Wed Sep 11 11:04:53 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Sep 11 11:04:53 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4
Wed Sep 11 11:04:53 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Wed Sep 11 11:04:53 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Wed Sep 11 11:05:24 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:05:24 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.219.84)
Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Can't query daily.25569.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:05:24 2019 -> WARNING: Incremental update failed, trying to download daily.cvd
Wed Sep 11 11:06:09 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:06:09 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.218.84)
Wed Sep 11 11:06:09 2019 -> WARNING: Can't download daily.cvd from db.se.clamav.net
Can't query daily.0.93.0.0.6810DA54.ping.clamav.net
Wed Sep 11 11:06:09 2019 -> Trying again in 5 secs...
Wed Sep 11 11:06:14 2019 -> ClamAV update process started at Wed Sep 11 11:06:14 2019
Wed Sep 11 11:06:14 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Sep 11 11:06:14 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4
Wed Sep 11 11:06:14 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Wed Sep 11 11:06:14 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Wed Sep 11 11:06:15 2019 -> Trying host db.se.clamav.net (104.16.219.84)...
Wed Sep 11 11:06:45 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:06:45 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.219.84)
Wed Sep 11 11:06:45 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Can't query daily.25569.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:06:46 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:06:46 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:06:46 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:06:46 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:06:46 2019 -> WARNING: Incremental update failed, trying to download daily.cvd
Wed Sep 11 11:07:30 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:07:30 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.218.84)
Wed Sep 11 11:07:30 2019 -> WARNING: Can't download daily.cvd from db.se.clamav.net
Can't query daily.0.93.0.0.6810DA54.ping.clamav.net
Wed Sep 11 11:07:30 2019 -> Trying again in 5 secs...
Wed Sep 11 11:07:35 2019 -> ClamAV update process started at Wed Sep 11 11:07:35 2019
Wed Sep 11 11:07:35 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Sep 11 11:07:35 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4
Wed Sep 11 11:07:35 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Wed Sep 11 11:07:35 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Wed Sep 11 11:08:07 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:08:07 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.219.84)
Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Can't query daily.25569.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:08:07 2019 -> WARNING: Incremental update failed, trying to download daily.cvd
Wed Sep 11 11:08:51 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:08:51 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.219.84)
Wed Sep 11 11:08:51 2019 -> WARNING: Can't download daily.cvd from db.se.clamav.net
Can't query daily.0.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:08:52 2019 -> Trying again in 5 secs...
Wed Sep 11 11:08:57 2019 -> ClamAV update process started at Wed Sep 11 11:08:57 2019
Wed Sep 11 11:08:57 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Sep 11 11:08:57 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4
Wed Sep 11 11:08:57 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Wed Sep 11 11:08:57 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Wed Sep 11 11:09:28 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:09:28 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.218.84)
Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Can't query daily.25569.93.0.0.6810DA54.ping.clamav.net
Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:09:28 2019 -> WARNING: Incremental update failed, trying to download daily.cvd
Wed Sep 11 11:10:13 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:10:13 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.218.84)
Wed Sep 11 11:10:13 2019 -> WARNING: Can't download daily.cvd from db.se.clamav.net
Can't query daily.0.93.0.0.6810DA54.ping.clamav.net
Wed Sep 11 11:10:13 2019 -> Trying again in 5 secs...
Wed Sep 11 11:10:18 2019 -> ClamAV update process started at Wed Sep 11 11:10:18 2019
Wed Sep 11 11:10:18 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Sep 11 11:10:18 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4
Wed Sep 11 11:10:18 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Wed Sep 11 11:10:18 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Wed Sep 11 11:10:19 2019 -> Trying host db.se.clamav.net (104.16.219.84)...
Wed Sep 11 11:10:49 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:10:49 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.219.84)
Wed Sep 11 11:10:49 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Can't query daily.25569.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:10:50 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:10:50 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:10:50 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:10:50 2019 -> ERROR: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:10:50 2019 -> WARNING: Incremental update failed, trying to download daily.cvd
Wed Sep 11 11:11:34 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:11:34 2019 -> ERROR: getfile: Download interrupted: Operation now in progress (IP: 104.16.219.84)
Wed Sep 11 11:11:34 2019 -> ERROR: Can't download daily.cvd from db.se.clamav.net
Can't query daily.0.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:11:35 2019 -> Giving up on db.se.clamav.net...
Wed Sep 11 11:11:35 2019 -> ClamAV update process started at Wed Sep 11 11:11:35 2019
Wed Sep 11 11:11:35 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Sep 11 11:11:35 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4
Wed Sep 11 11:11:35 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Wed Sep 11 11:11:35 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Wed Sep 11 11:11:36 2019 -> Trying host database.clamav.net (104.16.218.84)...
Wed Sep 11 11:12:06 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:12:06 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.218.84)
Wed Sep 11 11:12:06 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from database.clamav.net
Can't query daily.25569.93.0.0.6810DA54.ping.clamav.net
Wed Sep 11 11:12:06 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from database.clamav.net
Wed Sep 11 11:12:06 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from database.clamav.net
Wed Sep 11 11:12:06 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from database.clamav.net
Wed Sep 11 11:12:06 2019 -> ERROR: getpatch: Can't download daily-25569.cdiff from database.clamav.net
Wed Sep 11 11:12:06 2019 -> WARNING: Incremental update failed, trying to download daily.cvd
Wed Sep 11 11:12:51 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:12:51 2019 -> ERROR: getfile: Download interrupted: Operation now in progress (IP: 104.16.219.84)
Wed Sep 11 11:12:51 2019 -> ERROR: Can't download daily.cvd from database.clamav.net
Can't query daily.0.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:12:52 2019 -> Giving up on database.clamav.net...
Wed Sep 11 11:12:52 2019 -> Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons.



syslog
Sep 11 11:00:16 zentyal kernel: [73529.621326] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=192.168.1.200 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=42938 DF PROTO=TCP SPT=139 DPT=61923 WINDOW=237 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:03:00 zentyal kernel: [73693.715692] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=29745 DF PROTO=TCP SPT=443 DPT=57505 WINDOW=249 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
Sep 11 11:03:19 zentyal kernel: [73712.692731] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31106 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
Sep 11 11:03:19 zentyal kernel: [73712.911476] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31107 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
Sep 11 11:03:20 zentyal kernel: [73713.363442] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31108 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
Sep 11 11:03:21 zentyal kernel: [73714.259487] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31109 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
Sep 11 11:03:23 zentyal kernel: [73716.019537] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31110 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
Sep 11 11:03:26 zentyal kernel: [73719.571417] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31111 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
Sep 11 11:03:29 zentyal kernel: [73722.131420] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=29746 DF PROTO=TCP SPT=443 DPT=57505 WINDOW=249 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
Sep 11 11:03:33 zentyal kernel: [73726.739373] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31112 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
Sep 11 11:03:47 zentyal kernel: [73740.819168] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31113 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
Sep 11 11:03:49 zentyal kernel: [73742.611226] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=37.2.232.59 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=58086 DF PROTO=TCP SPT=993 DPT=42342 WINDOW=284 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
Sep 11 11:03:49 zentyal kernel: [73742.611294] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=37.2.232.59 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=47645 DF PROTO=TCP SPT=993 DPT=42344 WINDOW=252 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
Sep 11 11:04:16 zentyal kernel: [73769.234948] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31114 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
Sep 11 11:04:30 zentyal kernel: [73783.504367] zentyal-firewall drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=60464 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Sep 11 11:04:34 zentyal kernel: [73787.503920] zentyal-firewall drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=60470 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Sep 11 11:04:38 zentyal kernel: [73791.504188] zentyal-firewall drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=60456 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Sep 11 11:04:38 zentyal kernel: [73791.504235] zentyal-firewall drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=60472 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Sep 11 11:04:54 zentyal kernel: [73807.504397] zentyal-firewall drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=60466 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Sep 11 11:05:13 zentyal kernel: [73826.578340] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31115 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
Sep 11 11:05:51 zentyal kernel: [73863.958073] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=57985 DF PROTO=TCP SPT=60672 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:06:19 zentyal kernel: [73892.113836] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=57986 DF PROTO=TCP SPT=60672 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:06:36 zentyal kernel: [73909.009614] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=37248 DF PROTO=TCP SPT=56872 DPT=80 WINDOW=6589 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:07:04 zentyal kernel: [73937.169358] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=37249 DF PROTO=TCP SPT=56872 DPT=80 WINDOW=6589 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:07:12 zentyal kernel: [73945.617287] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=60892 DF PROTO=TCP SPT=60748 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:07:39 zentyal kernel: [73971.985071] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=60893 DF PROTO=TCP SPT=60748 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:07:57 zentyal kernel: [73990.416899] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=1377 DF PROTO=TCP SPT=56950 DPT=80 WINDOW=4346 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:08:24 zentyal kernel: [74017.040697] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=1378 DF PROTO=TCP SPT=56950 DPT=80 WINDOW=4346 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:08:33 zentyal kernel: [74026.768528] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=44360 DF PROTO=TCP SPT=60828 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:09:00 zentyal kernel: [74053.904258] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=44361 DF PROTO=TCP SPT=60828 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:09:18 zentyal kernel: [74071.568090] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=63089 DF PROTO=TCP SPT=60856 DPT=80 WINDOW=3749 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:09:46 zentyal kernel: [74098.959822] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=63090 DF PROTO=TCP SPT=60856 DPT=80 WINDOW=3749 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:09:54 zentyal kernel: [74107.919806] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=2416 DF PROTO=TCP SPT=57076 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:10:22 zentyal kernel: [74135.827476] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=2417 DF PROTO=TCP SPT=57076 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:10:39 zentyal kernel: [74152.719302] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=11269 DF PROTO=TCP SPT=57106 DPT=80 WINDOW=7963 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:11:01 zentyal kernel: [74173.967086] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=38108 DF PROTO=TCP SPT=443 DPT=62800 WINDOW=249 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
Sep 11 11:11:07 zentyal kernel: [74180.879125] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=11270 DF PROTO=TCP SPT=57106 DPT=80 WINDOW=7963 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:11:16 zentyal kernel: [74189.327110] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=23818 DF PROTO=TCP SPT=60982 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:11:28 zentyal kernel: [74201.358824] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=38109 DF PROTO=TCP SPT=443 DPT=62800 WINDOW=249 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
Sep 11 11:11:42 zentyal kernel: [74215.694709] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=23819 DF PROTO=TCP SPT=60982 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:11:49 zentyal kernel: [74222.862652] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=192.168.1.200 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=53892 DF PROTO=TCP SPT=139 DPT=53802 WINDOW=237 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:12:00 zentyal kernel: [74233.870560] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=8868 DF PROTO=TCP SPT=443 DPT=62808 WINDOW=249 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
Sep 11 11:12:01 zentyal kernel: [74234.638531] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=10349 DF PROTO=TCP SPT=32794 DPT=80 WINDOW=3458 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:12:17 zentyal kernel: [74250.518383] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=192.168.1.200 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=53893 DF PROTO=TCP SPT=139 DPT=53802 WINDOW=237 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:12:29 zentyal kernel: [74262.798275] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=8869 DF PROTO=TCP SPT=443 DPT=62808 WINDOW=249 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
Sep 11 11:12:29 zentyal kernel: [74262.798399] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=10350 DF PROTO=TCP SPT=32794 DPT=80 WINDOW=3458 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:12:32 zentyal kernel: [74265.870253] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=13344 DF PROTO=TCP SPT=57242 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:13:00 zentyal kernel: [74293.518049] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=13345 DF PROTO=TCP SPT=57242 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:13:18 zentyal kernel: [74311.437869] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=61385 DF PROTO=TCP SPT=32868 DPT=80 WINDOW=3729 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:13:45 zentyal kernel: [74338.573560] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=61386 DF PROTO=TCP SPT=32868 DPT=80 WINDOW=3729 RES=0x00 ACK FIN URGP=0 MARK=0x1
Sep 11 11:15:23 zentyal kernel: [74436.876612] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=94.242.250.62 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=60853 DF PROTO=TCP SPT=993 DPT=40606 WINDOW=375 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1
Sep 11 11:15:23 zentyal kernel: [74436.876615] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=94.242.250.62 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=39582 DF PROTO=TCP SPT=993 DPT=40608 WINDOW=269 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1

---------- Forwarded message ---------
Från: Birger Birger <birger.solna@gmail.com>
Date: tis 10 sep. 2019 kl 16:25
Subject: Fwd: [clamav-users] Fwd: Fwd: Fwd: freshclam incremental update
To: ClamAV users ML <clamav-users@lists.clamav.net>


Have added the following lines to /etc/apparmor.d/ usr.bin.freshclam and usr.sbin.clamd:
1. /etc/ssl/openssl.cnf r,
2. /{,var/}run/samba/winbindd/pipe rw,

This made the apparmor DENIED lines in syslog and kernel.log disappear.

Still no completed downoads with freshclam of daily and incremental updates.

---------- Forwarded message ---------
Från: Birger Birger <birger.solna@gmail.com>
Date: sön 8 sep. 2019 kl 12:35
Subject: Re: [clamav-users] Fwd: Fwd: Fwd: freshclam incremental update
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: ClamAV users ML <clamav-users@lists.clamav.net>


Tried to delete and install ClamAV again. No difference in behaviour from what I can see. Downloads with freshclam still halts, appearantly because of apparmor. 

Den tors 5 sep. 2019 21:54Joel Esler (jesler) <jesler@cisco.com> skrev:
How did you get this?

Sent from my  iPad

On Sep 5, 2019, at 05:06, Birger Birger via clamav-users <clamav-users@lists.clamav.net> wrote:


This might provide additional information.

/usr/bin/freshclam
 *Trying to retrieve CVD header of http://%s/%s
 %cremote_cvdhead: write failed
 %cremote_cvdhead: Error while reading CVD header from %s
       %c%s not found on remote server
        %cremote_cvdhead: Unknown response from %s (IP: %s): %s
        %cremote_cvdhead: Unknown response from %s (IP: %s)
    %cremote_cvdhead: Malformed CVD header (too short)
     %cremote_cvdhead: Malformed CVD header (bad chars)
     %cremote_cvdhead: Malformed CVD header (can't parse)
   !getfile: Can't allocate memory for 'remotename'
       *Trying to download http://%s/%s
       *Trying to download http://%s/%s (IP: %s)
      %cgetfile: Can't write to socket
       %cgetfile: Error while reading database from %s: %s
    %cgetfile: Error while reading database from %s (IP: %s): %s
   ^getfile: %s not found on %s (IP: %s)
  %cgetfile: Unknown response from %s: %s
        %cgetfile: Unknown response from %s (IP: %s): %s
       %cgetfile: Unknown response from %s
    %cgetfile: Unknown response from %s (IP: %s)
   !getfile: Can't create new file %s in %s
       !getfile: Can't create new file %s in the current directory
    Hint: The database directory must be writable for UID %d or GID %d
     getfile: Can't write %d bytes to %s
    %cgetfile: Download interrupted: %s (Host: %s)
 %cgetfile: Download interrupted: %s (IP: %s)
   GET %s/%s HTTP/1.0
Host: %s
%sUser-Agent: %s
Connection: close
%s%s%s
     !Can't allocate memory for filename!
   !Can't read CVD header of new %s database.
     ^Mirror %s is not synchronized.
        ^Mirror is more than 1 version out of date. Recording mirror failure.
  !updatedb: Unknown database name (%s) passed.
  ^Broken database version in TXT record.
        ^Invalid DNS reply. Falling back to HTTP mode.
 ^DNS record is older than 3 hours.
     ^No timestamp in TXT record for %s
     ^Broken database version in TXT record for %s
  HTTPProxyUsername requires HTTPProxyPassword
   %s is up to date (version: %d, sigs: %d, f-level: %d, builder: %s)
     %s.%u.%u.%u.%u.%s.ping.clamav.net       ^Can't read %s header from %s
  ^Can't read %s header from %s (IP: %s)
 ^Current functionality level = %d, recommended = %d
    Please check if ClamAV tools are linked against the proper version of libclamav
        DON'T PANIC! Read https://www.clamav.net/documents/installing-clamav
   !getpatch: Can't get path of current working directory
 !chdir_tmp: dbname parameter value too long to create cvd file name: %s
        !chdir_tmp: dbname parameter value too long to create cld file name: %s
        !chdir_tmp: Can't access local %s database
     !chdir_tmp: Can't create directory %s
  !chdir_tmp: Can't unpack %s into %s
    !chdir_tmp: Can't change directory to %s
       Empty script %s, need to download entire database
      %cgetpatch: Can't download %s from %s
  !getpatch: Can't open %s for reading
   ^Incremental update failed, trying to download %s
      !buildcld: Can't get path of current working directory
 !buildcld: Can't access directory %s
   !buildcld: Can't open %s for writing
   !buildcld: Can't open directory %s
     !buildcld: gzopen() failed for %s
      !buildcld: COPYING file not found
      !buildcld: Can't add COPYING to new %s.cld - please check if there is enough disk space available
      Updates to main.cvd or safebrowsing.cvd may require 200MB of disk space or more
        !buildcld: Can't add %s to new %s.cld - please check if there is enough disk space available
   !buildcld: Can't add daily.cfg to new %s.cld - please check if there is enough disk space available
    !buildcld: gzclose() failed for %s
     !buildcld: close() failed for %s
       !buildcld: Can't return to previous directory %s
       ^Can't unlink the old database file %s. Please remove it manually.
     %s updated (version: %d, sigs: %d, f-level: %d, builder: %s)
   ^Your ClamAV installation is OUTDATED!
 !Can't create temporary directory %s
   ClamAV update process started at %s     *Software version from DNS: %s
 ^Local version: %s Recommended version: %s
     DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
    !DatabaseCustomURL: URL must be shorter than %llu
      !DatabaseCustomURL: Incorrect URL
      DatabaseCustomURL: Incorrect URL
       %s is up to date (version: custom database)
    DatabaseCustomURL: file %s missing
     DatabaseCustomURL: Can't copy file %s into database directory
  !DatabaseCustomURL: Not supported protocol
     %s updated (version: custom database, sigs: %u)
        !--update-db=custom requires DatabaseCustomURL
 ^SafeBrowsing is disabled but can't remove old %s
      ^Bytecode is disabled but can't remove old %s
  !checkdbdir: Can't open directory %s
   !Corrupted database file %s: %s
        !Can't remove broken database file %s, please delete it manually and restart freshclam
 Corrupted database file renamed to %s
  Database updated (%d signatures) from %s
       Database updated (%d signatures) from %s (IP: %s)
      !downloadmanager: OnOutdatedExecute: Incorrect version number string
   !downloadmanager: Can't allocate memory for buffer
 %s:%s *Loading signatures from %s
  [...]  ^pipe() failed: %s
 ^dup2() failed: %s
 ^fork() failed: %s
 LibClamAV Warning: *%s ^waitpid() failed: %s
 gmtime: %s
 %a, %d %b %Y %X GMT TCP webcache %cinet_ntop() failed
 Trying host %s (%s)...
 !Can't create new socket: %s
 ^Using default client ip.
 *Using ip '%s' for fetching.
 http://%s *If-Modified-Since: %s
 Reading CVD header (%s):  *Connected to %s.
 *Connected to %s (IP: %s).
 HTTP/1.1 404 HTTP/1.0 404 HTTP/1.1 304 HTTP/1.0 304 OK (IMS)
 HTTP/1.1 200 HTTP/1.0 200 HTTP/1.1 206 HTTP/1.0 206 HTTP/1.0  HTTP/1.1  OK

---------- Forwarded message ---------
Från: Joel Esler (jesler) <jesler@cisco.com>
Date: ons 4 sep. 2019 kl 12:20
Subject: Re: [clamav-users] Fwd: Fwd: freshclam incremental update
To: Birger Birger via clamav-users <clamav-users@lists.clamav.net>
Cc: Birger Birger <birger.solna@gmail.com>


This looks promising to troubleshoot.

Sent from my  iPhone

> On Sep 4, 2019, at 03:01, Birger Birger via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> Sep 4 08:40:01 zentyal kernel: [345190.998397] audit: type=1400 audit(1567579201.044:83): apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/samba/winbindd/pipe" pid=1269 comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml