Now it seems the firewall is stopping freshclam to download updates. Any ideas? freshclam-log Wed Sep 11 11:04:53 2019 -> -------------------------------------- Wed Sep 11 11:04:53 2019 -> ClamAV update process started at Wed Sep 11 11:04:53 2019 Wed Sep 11 11:04:53 2019 -> WARNING: Your ClamAV installation is OUTDATED! Wed Sep 11 11:04:53 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4 Wed Sep 11 11:04:53 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Wed Sep 11 11:04:53 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Wed Sep 11 11:05:24 2019 -> nonblock_recv: recv timing out (30 secs) Wed Sep 11 11:05:24 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.219.84) Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Can't query daily.25569.93.0.0.6810DB54.ping.clamav.net Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:05:24 2019 -> WARNING: Incremental update failed, trying to download daily.cvd Wed Sep 11 11:06:09 2019 -> nonblock_recv: recv timing out (30 secs) Wed Sep 11 11:06:09 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.218.84) Wed Sep 11 11:06:09 2019 -> WARNING: Can't download daily.cvd from db.se.clamav.net Can't query daily.0.93.0.0.6810DA54.ping.clamav.net Wed Sep 11 11:06:09 2019 -> Trying again in 5 secs... Wed Sep 11 11:06:14 2019 -> ClamAV update process started at Wed Sep 11 11:06:14 2019 Wed Sep 11 11:06:14 2019 -> WARNING: Your ClamAV installation is OUTDATED! Wed Sep 11 11:06:14 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4 Wed Sep 11 11:06:14 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Wed Sep 11 11:06:14 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Wed Sep 11 11:06:15 2019 -> Trying host db.se.clamav.net (104.16.219.84)... Wed Sep 11 11:06:45 2019 -> nonblock_recv: recv timing out (30 secs) Wed Sep 11 11:06:45 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.219.84) Wed Sep 11 11:06:45 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Can't query daily.25569.93.0.0.6810DB54.ping.clamav.net Wed Sep 11 11:06:46 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:06:46 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:06:46 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:06:46 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:06:46 2019 -> WARNING: Incremental update failed, trying to download daily.cvd Wed Sep 11 11:07:30 2019 -> nonblock_recv: recv timing out (30 secs) Wed Sep 11 11:07:30 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.218.84) Wed Sep 11 11:07:30 2019 -> WARNING: Can't download daily.cvd from db.se.clamav.net Can't query daily.0.93.0.0.6810DA54.ping.clamav.net Wed Sep 11 11:07:30 2019 -> Trying again in 5 secs... Wed Sep 11 11:07:35 2019 -> ClamAV update process started at Wed Sep 11 11:07:35 2019 Wed Sep 11 11:07:35 2019 -> WARNING: Your ClamAV installation is OUTDATED! Wed Sep 11 11:07:35 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4 Wed Sep 11 11:07:35 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Wed Sep 11 11:07:35 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Wed Sep 11 11:08:07 2019 -> nonblock_recv: recv timing out (30 secs) Wed Sep 11 11:08:07 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.219.84) Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Can't query daily.25569.93.0.0.6810DB54.ping.clamav.net Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:08:07 2019 -> WARNING: Incremental update failed, trying to download daily.cvd Wed Sep 11 11:08:51 2019 -> nonblock_recv: recv timing out (30 secs) Wed Sep 11 11:08:51 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.219.84) Wed Sep 11 11:08:51 2019 -> WARNING: Can't download daily.cvd from db.se.clamav.net Can't query daily.0.93.0.0.6810DB54.ping.clamav.net Wed Sep 11 11:08:52 2019 -> Trying again in 5 secs... Wed Sep 11 11:08:57 2019 -> ClamAV update process started at Wed Sep 11 11:08:57 2019 Wed Sep 11 11:08:57 2019 -> WARNING: Your ClamAV installation is OUTDATED! Wed Sep 11 11:08:57 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4 Wed Sep 11 11:08:57 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Wed Sep 11 11:08:57 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Wed Sep 11 11:09:28 2019 -> nonblock_recv: recv timing out (30 secs) Wed Sep 11 11:09:28 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.218.84) Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Can't query daily.25569.93.0.0.6810DA54.ping.clamav.net Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:09:28 2019 -> WARNING: Incremental update failed, trying to download daily.cvd Wed Sep 11 11:10:13 2019 -> nonblock_recv: recv timing out (30 secs) Wed Sep 11 11:10:13 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.218.84) Wed Sep 11 11:10:13 2019 -> WARNING: Can't download daily.cvd from db.se.clamav.net Can't query daily.0.93.0.0.6810DA54.ping.clamav.net Wed Sep 11 11:10:13 2019 -> Trying again in 5 secs... Wed Sep 11 11:10:18 2019 -> ClamAV update process started at Wed Sep 11 11:10:18 2019 Wed Sep 11 11:10:18 2019 -> WARNING: Your ClamAV installation is OUTDATED! Wed Sep 11 11:10:18 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4 Wed Sep 11 11:10:18 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Wed Sep 11 11:10:18 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Wed Sep 11 11:10:19 2019 -> Trying host db.se.clamav.net (104.16.219.84)... Wed Sep 11 11:10:49 2019 -> nonblock_recv: recv timing out (30 secs) Wed Sep 11 11:10:49 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.219.84) Wed Sep 11 11:10:49 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Can't query daily.25569.93.0.0.6810DB54.ping.clamav.net Wed Sep 11 11:10:50 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:10:50 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:10:50 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:10:50 2019 -> ERROR: getpatch: Can't download daily-25569.cdiff from db.se.clamav.net Wed Sep 11 11:10:50 2019 -> WARNING: Incremental update failed, trying to download daily.cvd Wed Sep 11 11:11:34 2019 -> nonblock_recv: recv timing out (30 secs) Wed Sep 11 11:11:34 2019 -> ERROR: getfile: Download interrupted: Operation now in progress (IP: 104.16.219.84) Wed Sep 11 11:11:34 2019 -> ERROR: Can't download daily.cvd from db.se.clamav.net Can't query daily.0.93.0.0.6810DB54.ping.clamav.net Wed Sep 11 11:11:35 2019 -> Giving up on db.se.clamav.net... Wed Sep 11 11:11:35 2019 -> ClamAV update process started at Wed Sep 11 11:11:35 2019 Wed Sep 11 11:11:35 2019 -> WARNING: Your ClamAV installation is OUTDATED! Wed Sep 11 11:11:35 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.4 Wed Sep 11 11:11:35 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Wed Sep 11 11:11:35 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Wed Sep 11 11:11:36 2019 -> Trying host database.clamav.net (104.16.218.84)... Wed Sep 11 11:12:06 2019 -> nonblock_recv: recv timing out (30 secs) Wed Sep 11 11:12:06 2019 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 104.16.218.84) Wed Sep 11 11:12:06 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from database.clamav.net Can't query daily.25569.93.0.0.6810DA54.ping.clamav.net Wed Sep 11 11:12:06 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from database.clamav.net Wed Sep 11 11:12:06 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from database.clamav.net Wed Sep 11 11:12:06 2019 -> WARNING: getpatch: Can't download daily-25569.cdiff from database.clamav.net Wed Sep 11 11:12:06 2019 -> ERROR: getpatch: Can't download daily-25569.cdiff from database.clamav.net Wed Sep 11 11:12:06 2019 -> WARNING: Incremental update failed, trying to download daily.cvd Wed Sep 11 11:12:51 2019 -> nonblock_recv: recv timing out (30 secs) Wed Sep 11 11:12:51 2019 -> ERROR: getfile: Download interrupted: Operation now in progress (IP: 104.16.219.84) Wed Sep 11 11:12:51 2019 -> ERROR: Can't download daily.cvd from database.clamav.net Can't query daily.0.93.0.0.6810DB54.ping.clamav.net Wed Sep 11 11:12:52 2019 -> Giving up on database.clamav.net... Wed Sep 11 11:12:52 2019 -> Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons.
syslog Sep 11 11:00:16 zentyal kernel: [73529.621326] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=192.168.1.200 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=42938 DF PROTO=TCP SPT=139 DPT=61923 WINDOW=237 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:03:00 zentyal kernel: [73693.715692] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=29745 DF PROTO=TCP SPT=443 DPT=57505 WINDOW=249 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 11 11:03:19 zentyal kernel: [73712.692731] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31106 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 11 11:03:19 zentyal kernel: [73712.911476] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31107 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 11 11:03:20 zentyal kernel: [73713.363442] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31108 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 11 11:03:21 zentyal kernel: [73714.259487] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31109 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 11 11:03:23 zentyal kernel: [73716.019537] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31110 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 11 11:03:26 zentyal kernel: [73719.571417] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31111 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 11 11:03:29 zentyal kernel: [73722.131420] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=29746 DF PROTO=TCP SPT=443 DPT=57505 WINDOW=249 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 11 11:03:33 zentyal kernel: [73726.739373] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31112 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 11 11:03:47 zentyal kernel: [73740.819168] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31113 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 11 11:03:49 zentyal kernel: [73742.611226] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=37.2.232.59 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=58086 DF PROTO=TCP SPT=993 DPT=42342 WINDOW=284 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 11 11:03:49 zentyal kernel: [73742.611294] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=37.2.232.59 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=47645 DF PROTO=TCP SPT=993 DPT=42344 WINDOW=252 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 11 11:04:16 zentyal kernel: [73769.234948] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31114 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 11 11:04:30 zentyal kernel: [73783.504367] zentyal-firewall drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=60464 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1 Sep 11 11:04:34 zentyal kernel: [73787.503920] zentyal-firewall drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=60470 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1 Sep 11 11:04:38 zentyal kernel: [73791.504188] zentyal-firewall drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=60456 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1 Sep 11 11:04:38 zentyal kernel: [73791.504235] zentyal-firewall drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=60472 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1 Sep 11 11:04:54 zentyal kernel: [73807.504397] zentyal-firewall drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00 SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0 PROTO=TCP SPT=60466 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1 Sep 11 11:05:13 zentyal kernel: [73826.578340] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=31115 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 11 11:05:51 zentyal kernel: [73863.958073] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=57985 DF PROTO=TCP SPT=60672 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:06:19 zentyal kernel: [73892.113836] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=57986 DF PROTO=TCP SPT=60672 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:06:36 zentyal kernel: [73909.009614] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=37248 DF PROTO=TCP SPT=56872 DPT=80 WINDOW=6589 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:07:04 zentyal kernel: [73937.169358] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=37249 DF PROTO=TCP SPT=56872 DPT=80 WINDOW=6589 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:07:12 zentyal kernel: [73945.617287] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=60892 DF PROTO=TCP SPT=60748 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:07:39 zentyal kernel: [73971.985071] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=60893 DF PROTO=TCP SPT=60748 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:07:57 zentyal kernel: [73990.416899] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=1377 DF PROTO=TCP SPT=56950 DPT=80 WINDOW=4346 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:08:24 zentyal kernel: [74017.040697] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=1378 DF PROTO=TCP SPT=56950 DPT=80 WINDOW=4346 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:08:33 zentyal kernel: [74026.768528] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=44360 DF PROTO=TCP SPT=60828 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:09:00 zentyal kernel: [74053.904258] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=44361 DF PROTO=TCP SPT=60828 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:09:18 zentyal kernel: [74071.568090] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=63089 DF PROTO=TCP SPT=60856 DPT=80 WINDOW=3749 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:09:46 zentyal kernel: [74098.959822] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=63090 DF PROTO=TCP SPT=60856 DPT=80 WINDOW=3749 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:09:54 zentyal kernel: [74107.919806] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=2416 DF PROTO=TCP SPT=57076 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:10:22 zentyal kernel: [74135.827476] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=2417 DF PROTO=TCP SPT=57076 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:10:39 zentyal kernel: [74152.719302] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=11269 DF PROTO=TCP SPT=57106 DPT=80 WINDOW=7963 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:11:01 zentyal kernel: [74173.967086] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=38108 DF PROTO=TCP SPT=443 DPT=62800 WINDOW=249 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 11 11:11:07 zentyal kernel: [74180.879125] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=11270 DF PROTO=TCP SPT=57106 DPT=80 WINDOW=7963 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:11:16 zentyal kernel: [74189.327110] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=23818 DF PROTO=TCP SPT=60982 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:11:28 zentyal kernel: [74201.358824] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=38109 DF PROTO=TCP SPT=443 DPT=62800 WINDOW=249 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 11 11:11:42 zentyal kernel: [74215.694709] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=23819 DF PROTO=TCP SPT=60982 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:11:49 zentyal kernel: [74222.862652] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=192.168.1.200 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=53892 DF PROTO=TCP SPT=139 DPT=53802 WINDOW=237 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:12:00 zentyal kernel: [74233.870560] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=8868 DF PROTO=TCP SPT=443 DPT=62808 WINDOW=249 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 11 11:12:01 zentyal kernel: [74234.638531] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=10349 DF PROTO=TCP SPT=32794 DPT=80 WINDOW=3458 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:12:17 zentyal kernel: [74250.518383] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=192.168.1.200 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=53893 DF PROTO=TCP SPT=139 DPT=53802 WINDOW=237 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:12:29 zentyal kernel: [74262.798275] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=8869 DF PROTO=TCP SPT=443 DPT=62808 WINDOW=249 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 11 11:12:29 zentyal kernel: [74262.798399] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=10350 DF PROTO=TCP SPT=32794 DPT=80 WINDOW=3458 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:12:32 zentyal kernel: [74265.870253] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=13344 DF PROTO=TCP SPT=57242 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:13:00 zentyal kernel: [74293.518049] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=13345 DF PROTO=TCP SPT=57242 DPT=80 WINDOW=662 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:13:18 zentyal kernel: [74311.437869] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=61385 DF PROTO=TCP SPT=32868 DPT=80 WINDOW=3729 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:13:45 zentyal kernel: [74338.573560] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=61386 DF PROTO=TCP SPT=32868 DPT=80 WINDOW=3729 RES=0x00 ACK FIN URGP=0 MARK=0x1 Sep 11 11:15:23 zentyal kernel: [74436.876612] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=94.242.250.62 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=60853 DF PROTO=TCP SPT=993 DPT=40606 WINDOW=375 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 Sep 11 11:15:23 zentyal kernel: [74436.876615] zentyal-firewall drop IN= OUT=eth0 SRC=192.168.1.NN DST=94.242.250.62 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=39582 DF PROTO=TCP SPT=993 DPT=40608 WINDOW=269 RES=0x00 ACK PSH FIN URGP=0 MARK=0x1 ---------- Forwarded message --------- Från: Birger Birger <birger.so...@gmail.com> Date: tis 10 sep. 2019 kl 16:25 Subject: Fwd: [clamav-users] Fwd: Fwd: Fwd: freshclam incremental update To: ClamAV users ML <clamav-users@lists.clamav.net> Have added the following lines to /etc/apparmor.d/ usr.bin.freshclam and usr.sbin.clamd: 1. /etc/ssl/openssl.cnf r, 2. /{,var/}run/samba/winbindd/pipe rw, This made the apparmor DENIED lines in syslog and kernel.log disappear. Still no completed downoads with freshclam of daily and incremental updates. ---------- Forwarded message --------- Från: Birger Birger <birger.so...@gmail.com> Date: sön 8 sep. 2019 kl 12:35 Subject: Re: [clamav-users] Fwd: Fwd: Fwd: freshclam incremental update To: ClamAV users ML <clamav-users@lists.clamav.net> Cc: ClamAV users ML <clamav-users@lists.clamav.net> Tried to delete and install ClamAV again. No difference in behaviour from what I can see. Downloads with freshclam still halts, appearantly because of apparmor. Den tors 5 sep. 2019 21:54Joel Esler (jesler) <jes...@cisco.com> skrev: > How did you get this? > > Sent from my iPad > > On Sep 5, 2019, at 05:06, Birger Birger via clamav-users < > clamav-users@lists.clamav.net> wrote: > > > This might provide additional information. > > /usr/bin/freshclam > *Trying to retrieve CVD header of http://%s/%s > %cremote_cvdhead: write failed > %cremote_cvdhead: Error while reading CVD header from %s > %c%s not found on remote server > %cremote_cvdhead: Unknown response from %s (IP: %s): %s > %cremote_cvdhead: Unknown response from %s (IP: %s) > %cremote_cvdhead: Malformed CVD header (too short) > %cremote_cvdhead: Malformed CVD header (bad chars) > %cremote_cvdhead: Malformed CVD header (can't parse) > !getfile: Can't allocate memory for 'remotename' > *Trying to download http://%s/%s > *Trying to download http://%s/%s (IP: %s) > %cgetfile: Can't write to socket > %cgetfile: Error while reading database from %s: %s > %cgetfile: Error while reading database from %s (IP: %s): %s > ^getfile: %s not found on %s (IP: %s) > %cgetfile: Unknown response from %s: %s > %cgetfile: Unknown response from %s (IP: %s): %s > %cgetfile: Unknown response from %s > %cgetfile: Unknown response from %s (IP: %s) > !getfile: Can't create new file %s in %s > !getfile: Can't create new file %s in the current directory > Hint: The database directory must be writable for UID %d or GID %d > getfile: Can't write %d bytes to %s > %cgetfile: Download interrupted: %s (Host: %s) > %cgetfile: Download interrupted: %s (IP: %s) > GET %s/%s HTTP/1.0 > Host: %s > %sUser-Agent: %s > Connection: close > %s%s%s > !Can't allocate memory for filename! > !Can't read CVD header of new %s database. > ^Mirror %s is not synchronized. > ^Mirror is more than 1 version out of date. Recording mirror > failure. > !updatedb: Unknown database name (%s) passed. > ^Broken database version in TXT record. > ^Invalid DNS reply. Falling back to HTTP mode. > ^DNS record is older than 3 hours. > ^No timestamp in TXT record for %s > ^Broken database version in TXT record for %s > HTTPProxyUsername requires HTTPProxyPassword > %s is up to date (version: %d, sigs: %d, f-level: %d, builder: %s) > %s.%u.%u.%u.%u.%s.ping.clamav.net ^Can't read %s header from %s > ^Can't read %s header from %s (IP: %s) > ^Current functionality level = %d, recommended = %d > Please check if ClamAV tools are linked against the proper version of > libclamav > DON'T PANIC! Read > https://www.clamav.net/documents/installing-clamav > !getpatch: Can't get path of current working directory > !chdir_tmp: dbname parameter value too long to create cvd file name: %s > !chdir_tmp: dbname parameter value too long to create cld file > name: %s > !chdir_tmp: Can't access local %s database > !chdir_tmp: Can't create directory %s > !chdir_tmp: Can't unpack %s into %s > !chdir_tmp: Can't change directory to %s > Empty script %s, need to download entire database > %cgetpatch: Can't download %s from %s > !getpatch: Can't open %s for reading > ^Incremental update failed, trying to download %s > !buildcld: Can't get path of current working directory > !buildcld: Can't access directory %s > !buildcld: Can't open %s for writing > !buildcld: Can't open directory %s > !buildcld: gzopen() failed for %s > !buildcld: COPYING file not found > !buildcld: Can't add COPYING to new %s.cld - please check if there > is enough disk space available > Updates to main.cvd or safebrowsing.cvd may require 200MB of disk > space or more > !buildcld: Can't add %s to new %s.cld - please check if there is > enough disk space available > !buildcld: Can't add daily.cfg to new %s.cld - please check if there is > enough disk space available > !buildcld: gzclose() failed for %s > !buildcld: close() failed for %s > !buildcld: Can't return to previous directory %s > ^Can't unlink the old database file %s. Please remove it manually. > %s updated (version: %d, sigs: %d, f-level: %d, builder: %s) > ^Your ClamAV installation is OUTDATED! > !Can't create temporary directory %s > ClamAV update process started at %s *Software version from DNS: %s > ^Local version: %s Recommended version: %s > DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav > !DatabaseCustomURL: URL must be shorter than %llu > !DatabaseCustomURL: Incorrect URL > DatabaseCustomURL: Incorrect URL > %s is up to date (version: custom database) > DatabaseCustomURL: file %s missing > DatabaseCustomURL: Can't copy file %s into database directory > !DatabaseCustomURL: Not supported protocol > %s updated (version: custom database, sigs: %u) > !--update-db=custom requires DatabaseCustomURL > ^SafeBrowsing is disabled but can't remove old %s > ^Bytecode is disabled but can't remove old %s > !checkdbdir: Can't open directory %s > !Corrupted database file %s: %s > !Can't remove broken database file %s, please delete it manually > and restart freshclam > Corrupted database file renamed to %s > Database updated (%d signatures) from %s > Database updated (%d signatures) from %s (IP: %s) > !downloadmanager: OnOutdatedExecute: Incorrect version number string > !downloadmanager: Can't allocate memory for buffer > %s:%s *Loading signatures from %s > [...] ^pipe() failed: %s > ^dup2() failed: %s > ^fork() failed: %s > LibClamAV Warning: *%s ^waitpid() failed: %s > gmtime: %s > %a, %d %b %Y %X GMT TCP webcache %cinet_ntop() failed > Trying host %s (%s)... > !Can't create new socket: %s > ^Using default client ip. > *Using ip '%s' for fetching. > http://%s *If-Modified-Since: %s > Reading CVD header (%s): *Connected to %s. > *Connected to %s (IP: %s). > HTTP/1.1 404 HTTP/1.0 404 HTTP/1.1 304 HTTP/1.0 304 OK (IMS) > HTTP/1.1 200 HTTP/1.0 200 HTTP/1.1 206 HTTP/1.0 206 HTTP/1.0 HTTP/1.1 OK > > ---------- Forwarded message --------- > Från: Joel Esler (jesler) <jes...@cisco.com> > Date: ons 4 sep. 2019 kl 12:20 > Subject: Re: [clamav-users] Fwd: Fwd: freshclam incremental update > To: Birger Birger via clamav-users <clamav-users@lists.clamav.net> > Cc: Birger Birger <birger.so...@gmail.com> > > > This looks promising to troubleshoot. > > Sent from my iPhone > > > On Sep 4, 2019, at 03:01, Birger Birger via clamav-users < > clamav-users@lists.clamav.net> wrote: > > > > Sep 4 08:40:01 zentyal kernel: [345190.998397] audit: type=1400 > audit(1567579201.044:83): apparmor="DENIED" operation="connect" > profile="/usr/bin/freshclam" name="/run/samba/winbindd/pipe" pid=1269 > comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml