Now it seems the firewall is stopping freshclam to download updates. Any
ideas?
freshclam-log
Wed Sep 11 11:04:53 2019 -> --------------------------------------
Wed Sep 11 11:04:53 2019 -> ClamAV update process started at Wed Sep 11
11:04:53 2019
Wed Sep 11 11:04:53 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Sep 11 11:04:53 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Wed Sep 11 11:04:53 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Wed Sep 11 11:04:53 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Sep 11 11:05:24 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:05:24 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.219.84)
Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Can't query daily.25569.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:05:24 2019 -> WARNING: Incremental update failed, trying to
download daily.cvd
Wed Sep 11 11:06:09 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:06:09 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.218.84)
Wed Sep 11 11:06:09 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.net
Can't query daily.0.93.0.0.6810DA54.ping.clamav.net
Wed Sep 11 11:06:09 2019 -> Trying again in 5 secs...
Wed Sep 11 11:06:14 2019 -> ClamAV update process started at Wed Sep 11
11:06:14 2019
Wed Sep 11 11:06:14 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Sep 11 11:06:14 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Wed Sep 11 11:06:14 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Wed Sep 11 11:06:14 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Sep 11 11:06:15 2019 -> Trying host db.se.clamav.net (104.16.219.84)...
Wed Sep 11 11:06:45 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:06:45 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.219.84)
Wed Sep 11 11:06:45 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Can't query daily.25569.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:06:46 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:06:46 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:06:46 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:06:46 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:06:46 2019 -> WARNING: Incremental update failed, trying to
download daily.cvd
Wed Sep 11 11:07:30 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:07:30 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.218.84)
Wed Sep 11 11:07:30 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.net
Can't query daily.0.93.0.0.6810DA54.ping.clamav.net
Wed Sep 11 11:07:30 2019 -> Trying again in 5 secs...
Wed Sep 11 11:07:35 2019 -> ClamAV update process started at Wed Sep 11
11:07:35 2019
Wed Sep 11 11:07:35 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Sep 11 11:07:35 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Wed Sep 11 11:07:35 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Wed Sep 11 11:07:35 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Sep 11 11:08:07 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:08:07 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.219.84)
Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Can't query daily.25569.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:08:07 2019 -> WARNING: Incremental update failed, trying to
download daily.cvd
Wed Sep 11 11:08:51 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:08:51 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.219.84)
Wed Sep 11 11:08:51 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.net
Can't query daily.0.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:08:52 2019 -> Trying again in 5 secs...
Wed Sep 11 11:08:57 2019 -> ClamAV update process started at Wed Sep 11
11:08:57 2019
Wed Sep 11 11:08:57 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Sep 11 11:08:57 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Wed Sep 11 11:08:57 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Wed Sep 11 11:08:57 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Sep 11 11:09:28 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:09:28 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.218.84)
Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Can't query daily.25569.93.0.0.6810DA54.ping.clamav.net
Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:09:28 2019 -> WARNING: Incremental update failed, trying to
download daily.cvd
Wed Sep 11 11:10:13 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:10:13 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.218.84)
Wed Sep 11 11:10:13 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.net
Can't query daily.0.93.0.0.6810DA54.ping.clamav.net
Wed Sep 11 11:10:13 2019 -> Trying again in 5 secs...
Wed Sep 11 11:10:18 2019 -> ClamAV update process started at Wed Sep 11
11:10:18 2019
Wed Sep 11 11:10:18 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Sep 11 11:10:18 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Wed Sep 11 11:10:18 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Wed Sep 11 11:10:18 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Sep 11 11:10:19 2019 -> Trying host db.se.clamav.net (104.16.219.84)...
Wed Sep 11 11:10:49 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:10:49 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.219.84)
Wed Sep 11 11:10:49 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Can't query daily.25569.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:10:50 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:10:50 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:10:50 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:10:50 2019 -> ERROR: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:10:50 2019 -> WARNING: Incremental update failed, trying to
download daily.cvd
Wed Sep 11 11:11:34 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:11:34 2019 -> ERROR: getfile: Download interrupted: Operation
now in progress (IP: 104.16.219.84)
Wed Sep 11 11:11:34 2019 -> ERROR: Can't download daily.cvd from
db.se.clamav.net
Can't query daily.0.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:11:35 2019 -> Giving up on db.se.clamav.net...
Wed Sep 11 11:11:35 2019 -> ClamAV update process started at Wed Sep 11
11:11:35 2019
Wed Sep 11 11:11:35 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Sep 11 11:11:35 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Wed Sep 11 11:11:35 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Wed Sep 11 11:11:35 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Sep 11 11:11:36 2019 -> Trying host database.clamav.net
(104.16.218.84)...
Wed Sep 11 11:12:06 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:12:06 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.218.84)
Wed Sep 11 11:12:06 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from database.clamav.net
Can't query daily.25569.93.0.0.6810DA54.ping.clamav.net
Wed Sep 11 11:12:06 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from database.clamav.net
Wed Sep 11 11:12:06 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from database.clamav.net
Wed Sep 11 11:12:06 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from database.clamav.net
Wed Sep 11 11:12:06 2019 -> ERROR: getpatch: Can't download
daily-25569.cdiff from database.clamav.net
Wed Sep 11 11:12:06 2019 -> WARNING: Incremental update failed, trying to
download daily.cvd
Wed Sep 11 11:12:51 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:12:51 2019 -> ERROR: getfile: Download interrupted: Operation
now in progress (IP: 104.16.219.84)
Wed Sep 11 11:12:51 2019 -> ERROR: Can't download daily.cvd from
database.clamav.net
Can't query daily.0.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:12:52 2019 -> Giving up on database.clamav.net...
Wed Sep 11 11:12:52 2019 -> Update failed. Your network may be down or none
of the mirrors listed in /etc/clamav/freshclam.conf is working. Check
https://www.clamav.net/documents/official-mirror-faq for possible reasons.
syslog
Sep 11 11:00:16 zentyal kernel: [73529.621326] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=192.168.1.200 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=42938 DF PROTO=TCP SPT=139 DPT=61923 WINDOW=237 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:03:00 zentyal kernel: [73693.715692] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00
TTL=64 ID=29745 DF PROTO=TCP SPT=443 DPT=57505 WINDOW=249 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:19 zentyal kernel: [73712.692731] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31106 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:19 zentyal kernel: [73712.911476] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31107 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:20 zentyal kernel: [73713.363442] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31108 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:21 zentyal kernel: [73714.259487] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31109 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:23 zentyal kernel: [73716.019537] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31110 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:26 zentyal kernel: [73719.571417] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31111 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:29 zentyal kernel: [73722.131420] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00
TTL=64 ID=29746 DF PROTO=TCP SPT=443 DPT=57505 WINDOW=249 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:33 zentyal kernel: [73726.739373] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31112 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:47 zentyal kernel: [73740.819168] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31113 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:49 zentyal kernel: [73742.611226] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=37.2.232.59 LEN=148 TOS=0x00 PREC=0x00 TTL=64
ID=58086 DF PROTO=TCP SPT=993 DPT=42342 WINDOW=284 RES=0x00 ACK PSH FIN
URGP=0 MARK=0x1
Sep 11 11:03:49 zentyal kernel: [73742.611294] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=37.2.232.59 LEN=148 TOS=0x00 PREC=0x00 TTL=64
ID=47645 DF PROTO=TCP SPT=993 DPT=42344 WINDOW=252 RES=0x00 ACK PSH FIN
URGP=0 MARK=0x1
Sep 11 11:04:16 zentyal kernel: [73769.234948] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31114 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:04:30 zentyal kernel: [73783.504367] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0
PROTO=TCP SPT=60464 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Sep 11 11:04:34 zentyal kernel: [73787.503920] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0
PROTO=TCP SPT=60470 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Sep 11 11:04:38 zentyal kernel: [73791.504188] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0
PROTO=TCP SPT=60456 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Sep 11 11:04:38 zentyal kernel: [73791.504235] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0
PROTO=TCP SPT=60472 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Sep 11 11:04:54 zentyal kernel: [73807.504397] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0
PROTO=TCP SPT=60466 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Sep 11 11:05:13 zentyal kernel: [73826.578340] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31115 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:05:51 zentyal kernel: [73863.958073] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=57985 DF PROTO=TCP SPT=60672 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:06:19 zentyal kernel: [73892.113836] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=57986 DF PROTO=TCP SPT=60672 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:06:36 zentyal kernel: [73909.009614] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=37248 DF PROTO=TCP SPT=56872 DPT=80 WINDOW=6589 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:07:04 zentyal kernel: [73937.169358] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=37249 DF PROTO=TCP SPT=56872 DPT=80 WINDOW=6589 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:07:12 zentyal kernel: [73945.617287] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=60892 DF PROTO=TCP SPT=60748 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:07:39 zentyal kernel: [73971.985071] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=60893 DF PROTO=TCP SPT=60748 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:07:57 zentyal kernel: [73990.416899] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=1377 DF PROTO=TCP SPT=56950 DPT=80 WINDOW=4346 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:08:24 zentyal kernel: [74017.040697] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=1378 DF PROTO=TCP SPT=56950 DPT=80 WINDOW=4346 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:08:33 zentyal kernel: [74026.768528] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=44360 DF PROTO=TCP SPT=60828 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:09:00 zentyal kernel: [74053.904258] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=44361 DF PROTO=TCP SPT=60828 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:09:18 zentyal kernel: [74071.568090] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=63089 DF PROTO=TCP SPT=60856 DPT=80 WINDOW=3749 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:09:46 zentyal kernel: [74098.959822] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=63090 DF PROTO=TCP SPT=60856 DPT=80 WINDOW=3749 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:09:54 zentyal kernel: [74107.919806] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=2416 DF PROTO=TCP SPT=57076 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:10:22 zentyal kernel: [74135.827476] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=2417 DF PROTO=TCP SPT=57076 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:10:39 zentyal kernel: [74152.719302] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=11269 DF PROTO=TCP SPT=57106 DPT=80 WINDOW=7963 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:11:01 zentyal kernel: [74173.967086] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00
TTL=64 ID=38108 DF PROTO=TCP SPT=443 DPT=62800 WINDOW=249 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:11:07 zentyal kernel: [74180.879125] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=11270 DF PROTO=TCP SPT=57106 DPT=80 WINDOW=7963 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:11:16 zentyal kernel: [74189.327110] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=23818 DF PROTO=TCP SPT=60982 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:11:28 zentyal kernel: [74201.358824] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00
TTL=64 ID=38109 DF PROTO=TCP SPT=443 DPT=62800 WINDOW=249 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:11:42 zentyal kernel: [74215.694709] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=23819 DF PROTO=TCP SPT=60982 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:11:49 zentyal kernel: [74222.862652] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=192.168.1.200 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=53892 DF PROTO=TCP SPT=139 DPT=53802 WINDOW=237 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:12:00 zentyal kernel: [74233.870560] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00
TTL=64 ID=8868 DF PROTO=TCP SPT=443 DPT=62808 WINDOW=249 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:12:01 zentyal kernel: [74234.638531] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=10349 DF PROTO=TCP SPT=32794 DPT=80 WINDOW=3458 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:12:17 zentyal kernel: [74250.518383] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=192.168.1.200 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=53893 DF PROTO=TCP SPT=139 DPT=53802 WINDOW=237 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:12:29 zentyal kernel: [74262.798275] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00
TTL=64 ID=8869 DF PROTO=TCP SPT=443 DPT=62808 WINDOW=249 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:12:29 zentyal kernel: [74262.798399] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=10350 DF PROTO=TCP SPT=32794 DPT=80 WINDOW=3458 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:12:32 zentyal kernel: [74265.870253] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=13344 DF PROTO=TCP SPT=57242 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:13:00 zentyal kernel: [74293.518049] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=13345 DF PROTO=TCP SPT=57242 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:13:18 zentyal kernel: [74311.437869] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=61385 DF PROTO=TCP SPT=32868 DPT=80 WINDOW=3729 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:13:45 zentyal kernel: [74338.573560] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=61386 DF PROTO=TCP SPT=32868 DPT=80 WINDOW=3729 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:15:23 zentyal kernel: [74436.876612] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=94.242.250.62 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=60853 DF PROTO=TCP SPT=993 DPT=40606 WINDOW=375 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:15:23 zentyal kernel: [74436.876615] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=94.242.250.62 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=39582 DF PROTO=TCP SPT=993 DPT=40608 WINDOW=269 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
---------- Forwarded message ---------
Från: Birger Birger <birger.so...@gmail.com>
Date: tis 10 sep. 2019 kl 16:25
Subject: Fwd: [clamav-users] Fwd: Fwd: Fwd: freshclam incremental update
To: ClamAV users ML <clamav-users@lists.clamav.net>
Have added the following lines to /etc/apparmor.d/ usr.bin.freshclam and
usr.sbin.clamd:
1. /etc/ssl/openssl.cnf r,
2. /{,var/}run/samba/winbindd/pipe rw,
This made the apparmor DENIED lines in syslog and kernel.log disappear.
Still no completed downoads with freshclam of daily and incremental
updates.
---------- Forwarded message ---------
Från: Birger Birger <birger.so...@gmail.com>
Date: sön 8 sep. 2019 kl 12:35
Subject: Re: [clamav-users] Fwd: Fwd: Fwd: freshclam incremental update
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: ClamAV users ML <clamav-users@lists.clamav.net>
Tried to delete and install ClamAV again. No difference in behaviour from
what I can see. Downloads with freshclam still halts, appearantly because
of apparmor.
Den tors 5 sep. 2019 21:54Joel Esler (jesler) <jes...@cisco.com> skrev:
> How did you get this?
>
> Sent from my iPad
>
> On Sep 5, 2019, at 05:06, Birger Birger via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
>
> This might provide additional information.
>
> /usr/bin/freshclam
> *Trying to retrieve CVD header of http://%s/%s
> %cremote_cvdhead: write failed
> %cremote_cvdhead: Error while reading CVD header from %s
> %c%s not found on remote server
> %cremote_cvdhead: Unknown response from %s (IP: %s): %s
> %cremote_cvdhead: Unknown response from %s (IP: %s)
> %cremote_cvdhead: Malformed CVD header (too short)
> %cremote_cvdhead: Malformed CVD header (bad chars)
> %cremote_cvdhead: Malformed CVD header (can't parse)
> !getfile: Can't allocate memory for 'remotename'
> *Trying to download http://%s/%s
> *Trying to download http://%s/%s (IP: %s)
> %cgetfile: Can't write to socket
> %cgetfile: Error while reading database from %s: %s
> %cgetfile: Error while reading database from %s (IP: %s): %s
> ^getfile: %s not found on %s (IP: %s)
> %cgetfile: Unknown response from %s: %s
> %cgetfile: Unknown response from %s (IP: %s): %s
> %cgetfile: Unknown response from %s
> %cgetfile: Unknown response from %s (IP: %s)
> !getfile: Can't create new file %s in %s
> !getfile: Can't create new file %s in the current directory
> Hint: The database directory must be writable for UID %d or GID %d
> getfile: Can't write %d bytes to %s
> %cgetfile: Download interrupted: %s (Host: %s)
> %cgetfile: Download interrupted: %s (IP: %s)
> GET %s/%s HTTP/1.0
> Host: %s
> %sUser-Agent: %s
> Connection: close
> %s%s%s
> !Can't allocate memory for filename!
> !Can't read CVD header of new %s database.
> ^Mirror %s is not synchronized.
> ^Mirror is more than 1 version out of date. Recording mirror
> failure.
> !updatedb: Unknown database name (%s) passed.
> ^Broken database version in TXT record.
> ^Invalid DNS reply. Falling back to HTTP mode.
> ^DNS record is older than 3 hours.
> ^No timestamp in TXT record for %s
> ^Broken database version in TXT record for %s
> HTTPProxyUsername requires HTTPProxyPassword
> %s is up to date (version: %d, sigs: %d, f-level: %d, builder: %s)
> %s.%u.%u.%u.%u.%s.ping.clamav.net ^Can't read %s header from %s
> ^Can't read %s header from %s (IP: %s)
> ^Current functionality level = %d, recommended = %d
> Please check if ClamAV tools are linked against the proper version of
> libclamav
> DON'T PANIC! Read
> https://www.clamav.net/documents/installing-clamav
> !getpatch: Can't get path of current working directory
> !chdir_tmp: dbname parameter value too long to create cvd file name: %s
> !chdir_tmp: dbname parameter value too long to create cld file
> name: %s
> !chdir_tmp: Can't access local %s database
> !chdir_tmp: Can't create directory %s
> !chdir_tmp: Can't unpack %s into %s
> !chdir_tmp: Can't change directory to %s
> Empty script %s, need to download entire database
> %cgetpatch: Can't download %s from %s
> !getpatch: Can't open %s for reading
> ^Incremental update failed, trying to download %s
> !buildcld: Can't get path of current working directory
> !buildcld: Can't access directory %s
> !buildcld: Can't open %s for writing
> !buildcld: Can't open directory %s
> !buildcld: gzopen() failed for %s
> !buildcld: COPYING file not found
> !buildcld: Can't add COPYING to new %s.cld - please check if there
> is enough disk space available
> Updates to main.cvd or safebrowsing.cvd may require 200MB of disk
> space or more
> !buildcld: Can't add %s to new %s.cld - please check if there is
> enough disk space available
> !buildcld: Can't add daily.cfg to new %s.cld - please check if there is
> enough disk space available
> !buildcld: gzclose() failed for %s
> !buildcld: close() failed for %s
> !buildcld: Can't return to previous directory %s
> ^Can't unlink the old database file %s. Please remove it manually.
> %s updated (version: %d, sigs: %d, f-level: %d, builder: %s)
> ^Your ClamAV installation is OUTDATED!
> !Can't create temporary directory %s
> ClamAV update process started at %s *Software version from DNS: %s
> ^Local version: %s Recommended version: %s
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
> !DatabaseCustomURL: URL must be shorter than %llu
> !DatabaseCustomURL: Incorrect URL
> DatabaseCustomURL: Incorrect URL
> %s is up to date (version: custom database)
> DatabaseCustomURL: file %s missing
> DatabaseCustomURL: Can't copy file %s into database directory
> !DatabaseCustomURL: Not supported protocol
> %s updated (version: custom database, sigs: %u)
> !--update-db=custom requires DatabaseCustomURL
> ^SafeBrowsing is disabled but can't remove old %s
> ^Bytecode is disabled but can't remove old %s
> !checkdbdir: Can't open directory %s
> !Corrupted database file %s: %s
> !Can't remove broken database file %s, please delete it manually
> and restart freshclam
> Corrupted database file renamed to %s
> Database updated (%d signatures) from %s
> Database updated (%d signatures) from %s (IP: %s)
> !downloadmanager: OnOutdatedExecute: Incorrect version number string
> !downloadmanager: Can't allocate memory for buffer
> %s:%s *Loading signatures from %s
> [...] ^pipe() failed: %s
> ^dup2() failed: %s
> ^fork() failed: %s
> LibClamAV Warning: *%s ^waitpid() failed: %s
> gmtime: %s
> %a, %d %b %Y %X GMT TCP webcache %cinet_ntop() failed
> Trying host %s (%s)...
> !Can't create new socket: %s
> ^Using default client ip.
> *Using ip '%s' for fetching.
> http://%s *If-Modified-Since: %s
> Reading CVD header (%s): *Connected to %s.
> *Connected to %s (IP: %s).
> HTTP/1.1 404 HTTP/1.0 404 HTTP/1.1 304 HTTP/1.0 304 OK (IMS)
> HTTP/1.1 200 HTTP/1.0 200 HTTP/1.1 206 HTTP/1.0 206 HTTP/1.0 HTTP/1.1 OK
>
> ---------- Forwarded message ---------
> Från: Joel Esler (jesler) <jes...@cisco.com>
> Date: ons 4 sep. 2019 kl 12:20
> Subject: Re: [clamav-users] Fwd: Fwd: freshclam incremental update
> To: Birger Birger via clamav-users <clamav-users@lists.clamav.net>
> Cc: Birger Birger <birger.so...@gmail.com>
>
>
> This looks promising to troubleshoot.
>
> Sent from my iPhone
>
> > On Sep 4, 2019, at 03:01, Birger Birger via clamav-users <
> clamav-users@lists.clamav.net> wrote:
> >
> > Sep 4 08:40:01 zentyal kernel: [345190.998397] audit: type=1400
> audit(1567579201.044:83): apparmor="DENIED" operation="connect"
> profile="/usr/bin/freshclam" name="/run/samba/winbindd/pipe" pid=1269
> comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
