applied this https://www.mail-archive.com/[email protected]/msg5629164.html
this one was already applied: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1582767 This was the result (still no successful update) but looks like one of the apparmor "denials" have disappeared: /var/log/freshclam Wed Sep 4 08:40:01 2019 -> ClamAV update process started at Wed Sep 4 08:40:01 2019 Wed Sep 4 08:40:01 2019 -> WARNING: Your ClamAV installation is OUTDATED! Wed Sep 4 08:40:01 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4 Wed Sep 4 08:40:01 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Wed Sep 4 08:40:01 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Wed Sep 4 08:40:01 2019 -> WARNING: Can't download daily.cvd from db.se.clamav.net Wed Sep 4 08:40:01 2019 -> Trying again in 5 secs... Wed Sep 4 08:40:06 2019 -> ClamAV update process started at Wed Sep 4 08:40:06 2019 Wed Sep 4 08:40:06 2019 -> WARNING: Your ClamAV installation is OUTDATED! Wed Sep 4 08:40:06 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4 Wed Sep 4 08:40:06 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Wed Sep 4 08:40:06 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Wed Sep 4 08:40:06 2019 -> WARNING: Can't download daily.cvd from db.se.clamav.net Wed Sep 4 08:40:06 2019 -> Trying again in 5 secs... Wed Sep 4 08:40:11 2019 -> ClamAV update process started at Wed Sep 4 08:40:11 2019 Wed Sep 4 08:40:11 2019 -> WARNING: Your ClamAV installation is OUTDATED! Wed Sep 4 08:40:11 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4 Wed Sep 4 08:40:11 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Wed Sep 4 08:40:11 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Wed Sep 4 08:40:11 2019 -> WARNING: Can't download daily.cvd from db.se.clamav.net Wed Sep 4 08:40:11 2019 -> Trying again in 5 secs... Wed Sep 4 08:40:16 2019 -> ClamAV update process started at Wed Sep 4 08:40:16 2019 Wed Sep 4 08:40:16 2019 -> WARNING: Your ClamAV installation is OUTDATED! Wed Sep 4 08:40:16 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4 Wed Sep 4 08:40:16 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Wed Sep 4 08:40:16 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Wed Sep 4 08:40:16 2019 -> WARNING: Can't download daily.cvd from db.se.clamav.net Wed Sep 4 08:40:16 2019 -> Trying again in 5 secs... Wed Sep 4 08:40:21 2019 -> ClamAV update process started at Wed Sep 4 08:40:21 2019 Wed Sep 4 08:40:21 2019 -> WARNING: Your ClamAV installation is OUTDATED! Wed Sep 4 08:40:21 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4 Wed Sep 4 08:40:21 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Wed Sep 4 08:40:21 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Wed Sep 4 08:40:21 2019 -> ERROR: Can't download daily.cvd from db.se.clamav.net Wed Sep 4 08:40:21 2019 -> Giving up on db.se.clamav.net... Wed Sep 4 08:40:21 2019 -> ClamAV update process started at Wed Sep 4 08:40:21 2019 Wed Sep 4 08:40:21 2019 -> WARNING: Your ClamAV installation is OUTDATED! Wed Sep 4 08:40:21 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4 Wed Sep 4 08:40:21 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Wed Sep 4 08:40:21 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Wed Sep 4 08:40:21 2019 -> ERROR: Can't download daily.cvd from database.clamav.net Wed Sep 4 08:40:21 2019 -> Giving up on database.clamav.net... Wed Sep 4 08:40:21 2019 -> Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons. /var/log/syslog Sep 4 08:40:00 zentyal kernel: [345190.838299] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.30 DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=34751 DF PROTO=TCP SPT=443 DPT=56125 WINDOW=249 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 4 08:40:01 zentyal kernel: [345190.998397] audit: type=1400 audit(1567579201.044:83): apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/samba/winbindd/pipe" pid=1269 comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 Sep 4 08:40:01 zentyal CRON[1271]: (root) CMD ([ -f /var/lib/zentyal/.license ] && bash -c 'wget -q -o /dev/null https://rs.zentyal.com/setup/$(cat /var/lib/zentyal/.license) -O- | bash' > /dev/null 2>&1) Sep 4 08:40:30 zentyal kernel: [345220.533982] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.30 DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=34752 DF PROTO=TCP SPT=443 DPT=56125 WINDOW=249 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 4 08:40:59 zentyal dhcpd[2318]: DHCPREQUEST for 192.168.1.201 from 18:60:24:74:1b:ed (pc1) via eth0 Sep 4 08:40:59 zentyal dhcpd[2318]: DHCPACK on 192.168.1.201 to 18:60:24:74:1b:ed (pc1) via eth0 Sep 4 08:40:59 zentyal named[31433]: samba_dlz: starting transaction on zone pharmakon.local syslog vigor 2926 <150>Sep 4 08:40:12 DrayTek: Local User (MAC=00-0C-29-A0-0F-77): 192.168.1.102:53035 -> 52.48.180.100:443 (TCP) <166>Sep 4 08:40:16 DrayTek: acme client: Error: DrayDDNS account not exist <150>Sep 4 08:40:20 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire database.clamav.net <150>Sep 4 08:40:20 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire database.clamav.net.cdn.cloudflare.net <150>Sep 4 08:40:25 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire comserver.eu1.mspa.n-able.com <150>Sep 4 08:40:25 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2): 192.168.1.30 DNS -> 8.8.8.8 inquire mspc-eu1-comserver-elb-321476491.eu-west-1.elb.amazonaws.com <150>Sep 4 08:40:25 DrayTek: Local User (MAC=18-60-24-74-1B-ED): 192.168.1.201:56136 -> 52.208.230.14:3377 (TCP) <150>Sep 4 08:40:44 DrayTek: Local User (MAC=18-60-24-74-1B-ED): 192.168.1.201:56109 -> 52.85.242.9:443 (TCP) close connection Den tis 3 sep. 2019 kl 16:06 skrev Birger Birger <[email protected]>: > /etc/apparmor.d/usr.bin.freshclam > # vim:syntax=apparmor > # Author: Jamie Strandboge <[email protected]> > # Last Modified: Sun Aug 3 09:39:03 2008 > > #include <tunables/global> > > /usr/bin/freshclam { > #include <abstractions/base> > #include <abstractions/nameservice> > #include <abstractions/user-tmp> > > capability setgid, > capability setuid, > > @{PROC}/filesystems r, > owner @{PROC}/[0-9]*/status r, > > /etc/clamav/clamd.conf r, > /etc/clamav/freshclam.conf r, > /etc/clamav/onerrorexecute.d/* mr, > /etc/clamav/onupdateexecute.d/* mr, > /etc/clamav/virusevent.d/* mr, > > owner @{HOME}/.clamtk/db/ rw, > owner @{HOME}/.clamtk/db/** rwk, > > owner @{HOME}/.klamav/database/ rw, > owner @{HOME}/.klamav/database/** rwk, > > /usr/bin/freshclam mr, > > /var/lib/clamav/ r, > /var/lib/clamav/** krw, > > /var/log/clamav/* krw, > /{,var/}run/clamav/freshclam.pid w, > /{,var/}run/clamav/clamd.ctl rw, > > deny /{,var/}run/samba/{gencache,unexpected}.tdb mrwkl, > > # Site-specific additions and overrides. See local/README for details. > #include <local/usr.bin.freshclam> > > ---------- Forwarded message --------- > Från: Birger Birger <[email protected]> > Date: tis 3 sep. 2019 kl 15:12 > Subject: Re: [clamav-users] Fwd: Fwd: freshclam incremental update > To: ClamAV users ML <[email protected]> > > > SSH Port 22 has been opened by me for purpose of troubleshooting the > ClamAV issues. Will ask for a specific IP from the Zentyal support. Closing > it now. > > Den tis 3 sep. 2019 14:48Gene Heskett via clamav-users < > [email protected]> skrev: > >> On Tuesday 03 September 2019 06:20:58 G.W. Haywood via clamav-users >> wrote: >> >> > Hi there, >> > >> > On Tue, 3 Sep 2019, Birger Birger via clamav-users wrote: >> > > Sep 3 10:43:22 zentyal kernel: [266193.080510] zentyal-firewall >> > > drop IN= OUT=eth0 SRC=192.168.1.30 DST=104.16.218.84 LEN=40 TOS=0x00 >> > > PREC=0x00 TTL=64 ID=52480 DF PROTO=TCP SPT=51666 DPT=80 WINDOW=9057 >> > > RES=0x00 ACK FIN URGP=0 MARK=0x1 >> > >> > That's a Cloudflare destination IP. You see it in your freshclam log. >> > Cloudflare delivers the ClamAV data and you're dropping packets sent >> > to it from 192.168.1.30. I guess that's your immediate problem. >> > >> > Another question about "Ubuntu Syslog". >> > >> > > Sep 3 10:41:17 zentyal kernel: [266068.432972] zentyal-firewall >> > > drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 >> > > SRC=112.85.42.229 DST=192.168.1.30 LEN=67 TOS=0x00 PREC=0x00 TTL=46 >> > > ID=58277 DF PROTO=TCP SPT=14305 DPT=22 WINDOW=229 RES=0x00 ACK PSH >> > > UR$ >> > >> > The IP address 112.85.42.229 appears to be in Shanghai, and it appears >> > that it's trying to make SSH connections to 192.168.1.30. If that >> > were my router, I would not let these attempts through it. >> > >> That router is passing stuff that should never get past it UNLESS you >> have set a Port Forward NAT. If you have NOT set that up, it will get >> you hacked, so apply a hammer to "take it out of the gene pool" and >> deposit the remains in the outgoing trash forthwith and replace it with >> something you can reflash to dd-wrt. Nothing comes in thru dd-wrt that >> you don't specifically allow, and has stood guard here for nearly 20 >> years now. Unlike guard dogs, it never sleeps. >> >> > I repeat that I sugggest you upgrade ClamAV to the latest version. >> >> >> Cheers, Gene Heskett >> -- >> "There are four boxes to be used in defense of liberty: >> soap, ballot, jury, and ammo. Please use in that order." >> -Ed Howdershelt (Author) >> If we desire respect for the law, we must first make the law respectable. >> - Louis D. Brandeis >> Genes Web page <http://geneslinuxbox.net:6309/gene> >> >> _______________________________________________ >> >> clamav-users mailing list >> [email protected] >> https://lists.clamav.net/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> >
_______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
