Hi there, On Tue, 3 Sep 2019, Birger Birger via clamav-users wrote:
Sep 3 10:43:22 zentyal kernel: [266193.080510] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.30 DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=52480 DF PROTO=TCP SPT=51666 DPT=80 WINDOW=9057 RES=0x00 ACK FIN URGP=0 MARK=0x1
That's a Cloudflare destination IP. You see it in your freshclam log. Cloudflare delivers the ClamAV data and you're dropping packets sent to it from 192.168.1.30. I guess that's your immediate problem. Another question about "Ubuntu Syslog".
Sep 3 10:41:17 zentyal kernel: [266068.432972] zentyal-firewall drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 SRC=112.85.42.229 DST=192.168.1.30 LEN=67 TOS=0x00 PREC=0x00 TTL=46 ID=58277 DF PROTO=TCP SPT=14305 DPT=22 WINDOW=229 RES=0x00 ACK PSH UR$
The IP address 112.85.42.229 appears to be in Shanghai, and it appears that it's trying to make SSH connections to 192.168.1.30. If that were my router, I would not let these attempts through it. I repeat that I sugggest you upgrade ClamAV to the latest version. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml