update of daily.cvd failed again after being removed. here comes the logs
(syslog vigor2926, freshclam, syslog ubuntu)
Vigor 2926 Syslog
<150>Sep 3 10:41:12 DrayTek: Open port: 188.92.77.12:21585 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:16 DrayTek: Open port: 112.85.42.229:14305 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:28 DrayTek: Open port: 188.92.77.12:63263 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:28 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:21585 (TCP) close connection
<150>Sep 3 10:41:31 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire
mspc-eu1-comserver-elb-321476491.eu-west-1.elb.amazonaws.com
<150>Sep 3 10:41:31 DrayTek: Local User (MAC=00-0C-29-A0-0F-77):
192.168.1.102:60175 -> 52.51.20.101:3377 (TCP)
<150>Sep 3 10:41:35 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:63263 (TCP) close connection
<150>Sep 3 10:41:35 DrayTek: Open port: 188.92.77.12:23462 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:37 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire avery-eu-west-1-svc.logicnow.us
<150>Sep 3 10:41:37 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire
avery-web-1759575585.eu-west-1.elb.amazonaws.com
<150>Sep 3 10:41:37 DrayTek: Local User (MAC=44-8A-5B-A5-30-3E):
192.168.1.200:55339 -> 52.214.156.124:443 (TCP)
<150>Sep 3 10:41:38 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:56309 -> 13.33.99.100:443 (TCP) close connection
<150>Sep 3 10:41:41 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire db.se.clamav.net
<150>Sep 3 10:41:41 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire db.se.clamav.net.cdn.cloudflare.net
<150>Sep 3 10:41:41 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:51666 -> 104.16.218.84:80 (TCP)Web
<150>Sep 3 10:41:46 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:23462 (TCP) close connection
<150>Sep 3 10:41:47 DrayTek: Open port: 188.92.77.12:52821 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:53 DrayTek: Open port: 188.92.77.12:1938 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:53 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:52821 (TCP) close connection
<150>Sep 3 10:41:55 DrayTek: Open port: 142.93.49.103:41840 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:58 DrayTek: Local User: 142.93.49.103:41840 ->
192.168.1.30:22 (TCP) close connection
<166>Sep 3 10:41:59 DrayTek: acme client: Error: DrayDDNS account not exist
<150>Sep 3 10:41:59 DrayTek: Local User (MAC=44-8A-5B-A5-30-3E):
192.168.1.200:56199 -> 52.51.20.101:443 (TCP)
<150>Sep 3 10:42:01 DrayTek: Open port: 142.93.92.232:25008 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:02 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:1938 (TCP) close connection
<150>Sep 3 10:42:02 DrayTek: Open port: 188.92.77.12:27606 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:04 DrayTek: Local User: 142.93.92.232:25008 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:42:07 DrayTek: Open port: 112.85.42.229:44675 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:10 DrayTek: Open port: 188.92.77.12:44063 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:10 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:27606 (TCP) close connection
<150>Sep 3 10:42:15 DrayTek: Open port: 167.71.221.167:45770 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:17 DrayTek: Local User: 112.85.42.229:44675 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:42:17 DrayTek: Open port: 51.15.50.79:38432 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:17 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:44063 (TCP) close connection
<150>Sep 3 10:42:17 DrayTek: Open port: 188.92.77.12:64715 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:20 DrayTek: Local User: 51.15.50.79:38432 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:42:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire aus5.mozilla.org
<150>Sep 3 10:42:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire balrog-aus5.r53-2.services.mozilla.com
<150>Sep 3 10:42:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire
balrog-aus5-noclip.r53-2.services.mozilla.com
<150>Sep 3 10:42:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire balrog-cloudfront.prod.mozaws.net
<150>Sep 3 10:42:24 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62576 -> 13.33.99.148:443 (TCP)
<150>Sep 3 10:42:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire balrog-cloudfront.prod.mozaws.net
<150>Sep 3 10:42:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:64715 (TCP) close connection
<150>Sep 3 10:42:25 DrayTek: Local User: 167.71.221.167:45770 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:42:25 DrayTek: Open port: 188.92.77.12:19406 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:26 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire daily.0.93.0.0.6810DA54.ping.clamav.net
<150>Sep 3 10:42:27 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 198.41.0.4 inquire
daily.0.93.0.0.6810DA54.ping.clamav.net
<150>Sep 3 10:42:27 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 192.26.92.30 inquire
daily.0.93.0.0.6810DA54.ping.clamav.net
<150>Sep 3 10:42:27 DrayTek: Local User: 198.41.0.4:53 ->
192.168.1.30:37525 (TCP) close connection
<150>Sep 3 10:42:27 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 172.110.204.39 inquire
daily.0.93.0.0.6810DA54.ping.clamav.net
<150>Sep 3 10:42:27 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 198.148.79.38 inquire
daily.0.93.0.0.6810DA54.ping.clamav.net
<150>Sep 3 10:42:31 DrayTek: Open port: 104.248.159.129:36038 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:32 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:19406 (TCP) close connection
<150>Sep 3 10:42:32 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62577 -> 91.238.51.50:443 (TCP)
<150>Sep 3 10:42:32 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:51814 -> 104.16.219.84:80 (TCP)Web
<150>Sep 3 10:42:32 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62578 -> 91.238.51.50:80 (TCP)Web
<150>Sep 3 10:42:35 DrayTek: Local User: 104.248.159.129:36038 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:42:37 DrayTek: Open port: 188.92.77.12:54346 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:37 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62578 -> 91.238.51.50:80 (TCP) close connection
<150>Sep 3 10:42:38 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire sip1.cellip.com
<150>Sep 3 10:42:42 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62564 -> 93.184.220.29:80 (TCP) close connection
<150>Sep 3 10:42:44 DrayTek: Open port: 190.85.234.215:53572 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:47 DrayTek: Local User: 190.85.234.215:53572 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:42:48 DrayTek: Open port: 112.85.42.229:49186 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:53 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:123 -> 194.58.200.20:123 (UDP)
<150>Sep 3 10:42:55 DrayTek: Open port: 141.98.80.75:15586 ->
192.168.1.30:25 (TCP) SMTP
<150>Sep 3 10:42:55 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire 75.80.98.141.in-addr.arpa
<166>Sep 3 10:42:55 DrayTek: statistic: WAN2: Tx 55 Kbps, Rx 2641 Kbps (5
min average)
<166>Sep 3 10:42:55 DrayTek: statistic: Session Usage: 224 (5 min average)
<150>Sep 3 10:42:57 DrayTek: Local User (MAC=44-8A-5B-A5-30-3E):
192.168.1.200:56205 -> 91.238.51.50:443 (TCP)
<150>Sep 3 10:42:57 DrayTek: Local User (MAC=44-8A-5B-A5-30-3E):
192.168.1.200:56206 -> 91.238.51.50:80 (TCP)Web
<150>Sep 3 10:42:58 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:54346 (TCP) close connection
<150>Sep 3 10:42:59 DrayTek: Open port: 188.92.77.12:38856 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:59 DrayTek: Open port: 141.98.80.75:62466 ->
192.168.1.30:25 (TCP) SMTP
<150>Sep 3 10:42:59 DrayTek: Local User: 141.98.80.75:15586 ->
192.168.1.30:25 (TCP) close connection
<166>Sep 3 10:42:59 DrayTek: acme client: Error: DrayDDNS account not exist
<150>Sep 3 10:43:02 DrayTek: Local User (MAC=44-8A-5B-A5-30-3E):
192.168.1.200:56206 -> 91.238.51.50:80 (TCP) close connection
<150>Sep 3 10:43:05 DrayTek: Open port: 62.215.6.11:51704 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:43:09 DrayTek: Local User: 62.215.6.11:51704 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:43:11 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire breck-eu-west-1-svc.logicnow.us
<150>Sep 3 10:43:11 DrayTek: Local User (MAC=44-8A-5B-A5-30-3E):
192.168.1.200:56208 -> 34.249.179.175:443 (TCP)
<134>Sep 3 10:43:12 DrayTek: [ARP][.Arp address mismatch - Ethernet
destination address doesn't match ARP target adress]
<150>Sep 3 10:43:12 DrayTek: Local User: 141.98.80.75:62466 ->
192.168.1.30:25 (TCP) close connection
<150>Sep 3 10:43:17 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire daily.0.93.0.0.6810DB54.ping.clamav.net
<150>Sep 3 10:43:17 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 198.148.79.38 inquire
daily.0.93.0.0.6810DB54.ping.clamav.net
<150>Sep 3 10:43:19 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire arngw-mct04.mspa.n-able.com
<150>Sep 3 10:43:19 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62597 -> 154.43.131.16:443 (TCP)
<150>Sep 3 10:43:19 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62598 -> 154.43.131.16:80 (TCP)Web
<150>Sep 3 10:43:19 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:56610 -> 154.43.131.16:1235 (UDP)
<150>Sep 3 10:43:22 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire upload3europe1.systemmonitor.eu.com
<150>Sep 3 10:43:22 DrayTek: Local User (MAC=00-0C-29-A0-0F-77):
192.168.1.102:60183 -> 134.213.138.171:443 (TCP)
<150>Sep 3 10:43:22 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire db.se.clamav.net
<150>Sep 3 10:43:23 DrayTek: Open port: 91.106.97.88:58564 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:43:24 DrayTek: Local User (MAC=00-0C-29-A0-0F-77):
192.168.1.102 DNS -> 8.8.8.8 inquire dynupdate.no-ip.com
<150>Sep 3 10:43:24 DrayTek: Local User (MAC=00-0C-29-A0-0F-77):
192.168.1.102:60184 -> 54.219.9.206:8245 (TCP)
<150>Sep 3 10:43:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire dynupdate.no-ip.com
<150>Sep 3 10:43:26 DrayTek: Local User: 91.106.97.88:58564 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:43:28 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:38856 (TCP) close connection
<150>Sep 3 10:43:28 DrayTek: Open port: 188.92.77.12:53838 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:43:30 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:993 -> 37.196.141.135:33650 (TCP)
<150>Sep 3 10:43:30 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:993 -> 37.196.141.135:33652 (TCP)
<150>Sep 3 10:43:30 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:993 -> 37.196.141.135:33654 (TCP)
<150>Sep 3 10:43:30 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:993 -> 37.196.141.135:33648 (TCP)
<150>Sep 3 10:43:30 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:993 -> 37.196.141.135:33656 (TCP)
<150>Sep 3 10:43:32 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire database.clamav.net
<150>Sep 3 10:43:32 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire database.clamav.net.cdn.cloudflare.net
<150>Sep 3 10:43:33 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire
kube-nimbus-1314339100.eu-central-1.elb.amazonaws.com
<150>Sep 3 10:43:33 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62599 -> 18.196.144.30:443 (TCP)
Ubuntu Syslog
Sep 3 10:41:17 zentyal kernel: [266068.432972] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=112.85.42.229 DST=192.168.1.30 LEN=67 TOS=0x00 PREC=0x00 TTL=46
ID=58277 DF PROTO=TCP SPT=14305 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0
MARK=0x1
Sep 3 10:41:18 zentyal kernel: [266069.260253] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=112.85.42.229 DST=192.168.1.30 LEN=700 TOS=0x00 PREC=0x00 TTL=46
ID=58279 DF PROTO=TCP SPT=14305 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0
MARK=0x1
Sep 3 10:41:40 zentyal kernel: [266091.705497] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.30 DST=192.168.1.200 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=46452 DF PROTO=TCP SPT=139 DPT=55335 WINDOW=237 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 3 10:41:42 zentyal kernel: [266093.463049] audit: type=1400
audit(1567500102.736:78): apparmor="DENIED" operation="open"
profile="/usr/bin/freshclam" name="/etc/ssl/openssl.cnf" pid=14221
comm="freshclam" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep 3 10:41:42 zentyal kernel: [266093.468537] audit: type=1400
audit(1567500102.740:79): apparmor="DENIED" operation="connect"
profile="/usr/bin/freshclam" name="/run/samba/winbindd/pipe" pid=14221
comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
Sep 3 10:41:58 zentyal dhcpd[2318]: DHCPREQUEST for 192.168.1.200 from
44:8a:5b:a5:30:3e (spc1) via eth0
Sep 3 10:41:58 zentyal dhcpd[2318]: DHCPACK on 192.168.1.200 to
44:8a:5b:a5:30:3e (spc1) via eth0
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: starting transaction on
zone company.local
Sep 3 10:41:58 zentyal named[31433]: client @0x7f39cc098ef0
192.168.1.200#52376: update 'company.local/IN' denied
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: cancelling transaction on
zone company.local
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: starting transaction on
zone company.local
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: allowing update of
signer=spc1\$\@company.LOCAL name=spc1.company.local tcpaddr=192.168.1.200
type=AAAA
key=1880-ms-7.478-19917bcc.02c13bf7-ca40-11e9-5583-3010b35e266d/160/0
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: allowing update of
signer=spc1\$\@company.LOCAL name=spc1.company.local tcpaddr=192.168.1.200
type=A key=1880-ms-7.478-19917bcc.02c13bf7-ca40-11e9-5583-3010b35e266d/160/0
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: allowing update of
signer=spc1\$\@company.LOCAL name=spc1.company.local tcpaddr=192.168.1.200
type=A key=1880-ms-7.478-19917bcc.02c13bf7-ca40-11e9-5583-3010b35e266d/160/0
Sep 3 10:41:58 zentyal named[31433]: client @0x7f39cc098ef0
192.168.1.200#56976/key spc1\$\@company.LOCAL: updating zone
'company.local/NONE': deleting rrset at 'spc1.company.local' AAAA
Sep 3 10:41:58 zentyal named[31433]: client @0x7f39cc098ef0
192.168.1.200#56976/key spc1\$\@company.LOCAL: updating zone
'company.local/NONE': deleting rrset at 'spc1.company.local' A
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: subtracted rdataset
spc1.company.local 'spc1.company.local.#0111200#011IN#011A#011192.168.1.200'
Sep 3 10:41:58 zentyal named[31433]: client @0x7f39cc098ef0
192.168.1.200#56976/key spc1\$\@company.LOCAL: updating zone
'company.local/NONE': adding an RR at 'spc1.company.local' A 192.168.1.200
Sep 3 10:41:59 zentyal named[31433]: samba_dlz: added rdataset
spc1.company.local 'spc1.company.local.#0111200#011IN#011A#011192.168.1.200'
Sep 3 10:41:59 zentyal named[31433]: samba_dlz: committed transaction on
zone company.local
Sep 3 10:42:08 zentyal kernel: [266119.353208] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.30 DST=192.168.1.200 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=46453 DF PROTO=TCP SPT=139 DPT=55335 WINDOW=237 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 3 10:42:08 zentyal kernel: [266119.507436] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=112.85.42.229 DST=192.168.1.30 LEN=67 TOS=0x00 PREC=0x00 TTL=46
ID=22575 DF PROTO=TCP SPT=44675 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0
MARK=0x1
Sep 3 10:42:09 zentyal kernel: [266120.308040] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=112.85.42.229 DST=192.168.1.30 LEN=700 TOS=0x00 PREC=0x00 TTL=46
ID=22577 DF PROTO=TCP SPT=44675 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0
MARK=0x1
Sep 3 10:42:33 zentyal samba[3524]: [2019/09/03 10:42:33.921837, 0]
../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Sep 3 10:42:33 zentyal samba[3524]: /usr/sbin/samba_kcc: ldb_wrap open
of secrets.ldb
Sep 3 10:42:50 zentyal kernel: [266161.088957] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=112.85.42.229 DST=192.168.1.30 LEN=67 TOS=0x00 PREC=0x00 TTL=46
ID=15370 DF PROTO=TCP SPT=49186 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0
MARK=0x1
Sep 3 10:42:51 zentyal kernel: [266161.979994] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=112.85.42.229 DST=192.168.1.30 LEN=700 TOS=0x00 PREC=0x00 TTL=46
ID=15372 DF PROTO=TCP SPT=49186 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0
MARK=0x1
Sep 3 10:42:54 zentyal kernel: [266165.432765] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.30 DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=52479 DF PROTO=TCP SPT=51666 DPT=80 WINDOW=9057 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 3 10:42:56 zentyal postfix/smtpd[14305]: connect from
unknown[141.98.80.75]
Sep 3 10:43:00 zentyal postfix/smtpd[14305]: warning:
unknown[141.98.80.75]: SASL PLAIN authentication failed:
Sep 3 10:43:00 zentyal postfix/smtpd[14305]: lost connection after AUTH
from unknown[141.98.80.75]
Sep 3 10:43:00 zentyal postfix/smtpd[14305]: disconnect from
unknown[141.98.80.75] ehlo=1 auth=0/1 commands=1/2
Sep 3 10:43:00 zentyal postfix/smtpd[14305]: connect from
unknown[141.98.80.75]
Sep 3 10:43:13 zentyal postfix/smtpd[14305]: warning:
unknown[141.98.80.75]: SASL PLAIN authentication failed:
Sep 3 10:43:13 zentyal dhcpd[2318]: DHCPREQUEST for 192.168.1.202 from
ec:e1:a9:ca:43:bb (SEPECE1A9CA43BB) via eth0
Sep 3 10:43:13 zentyal dhcpd[2318]: DHCPACK on 192.168.1.202 to
ec:e1:a9:ca:43:bb (SEPECE1A9CA43BB) via eth0
Sep 3 10:43:14 zentyal postfix/smtpd[14305]: lost connection after AUTH
from unknown[141.98.80.75]
Sep 3 10:43:14 zentyal postfix/smtpd[14305]: disconnect from
unknown[141.98.80.75] ehlo=1 auth=0/1 commands=1/2
Sep 3 10:43:22 zentyal kernel: [266193.080510] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.30 DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=52480 DF PROTO=TCP SPT=51666 DPT=80 WINDOW=9057 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 3 10:43:37 zentyal kernel: [266208.618132] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=112.85.42.229 DST=192.168.1.30 LEN=67 TOS=0x00 PREC=0x00 TTL=46
ID=15251 DF PROTO=TCP SPT=47148 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0
MARK=0x1
Sep 3 10:43:38 zentyal kernel: [266209.439147] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=112.85.42.229 DST=192.168.1.30 LEN=700 TOS=0x00 PREC=0x00 TTL=46
ID=15253 DF PROTO=TCP SPT=47148 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0
MARK=0x1
Sep 3 10:43:40 zentyal postfix/smtpd[14305]: connect from
unknown[185.234.216.206]
Sep 3 10:43:40 zentyal postfix/smtpd[14305]: warning:
unknown[185.234.216.206]: SASL LOGIN authentication failed: Invalid
authentication mechanism
Sep 3 10:43:40 zentyal postfix/smtpd[14305]: lost connection after AUTH
from unknown[185.234.216.206]
Sep 3 10:43:40 zentyal postfix/smtpd[14305]: disconnect from
unknown[185.234.216.206] ehlo=1 auth=0/1 commands=1/2
Sep 3 10:43:45 zentyal kernel: [266215.864343] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.30 DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=64724 DF PROTO=TCP SPT=51814 DPT=80 WINDOW=6750 RES=0x00 ACK FIN
URGP=0 MARK=0x1
freshclam log
Tue Sep 3 10:41:42 2019 -> ClamAV update process started at Tue Sep 3
10:41:42 2019
Tue Sep 3 10:41:42 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Sep 3 10:41:42 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Tue Sep 3 10:41:42 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Tue Sep 3 10:41:42 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Tue Sep 3 10:42:28 2019 -> nonblock_recv: recv timing out (30 secs)
Tue Sep 3 10:42:28 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.218.84)
Tue Sep 3 10:42:28 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.net
Can't query daily.0.93.0.0.6810DA54.ping.clamav.net
Tue Sep 3 10:42:28 2019 -> Trying again in 5 secs...
Tue Sep 3 10:42:33 2019 -> ClamAV update process started at Tue Sep 3
10:42:33 2019
Tue Sep 3 10:42:33 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Sep 3 10:42:33 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Tue Sep 3 10:42:33 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Tue Sep 3 10:42:33 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Tue Sep 3 10:43:18 2019 -> nonblock_recv: recv timing out (30 secs)
Tue Sep 3 10:43:18 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.219.84)
Tue Sep 3 10:43:18 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.net
Can't query daily.0.93.0.0.6810DB54.ping.clamav.net
Tue Sep 3 10:43:18 2019 -> Trying again in 5 secs...
Tue Sep 3 10:43:23 2019 -> ClamAV update process started at Tue Sep 3
10:43:23 2019
Tue Sep 3 10:43:23 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Sep 3 10:43:23 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Tue Sep 3 10:43:23 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Tue Sep 3 10:43:23 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Tue Sep 3 10:43:24 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.net
Tue Sep 3 10:43:24 2019 -> Trying again in 5 secs...
Tue Sep 3 10:43:29 2019 -> ClamAV update process started at Tue Sep 3
10:43:29 2019
Tue Sep 3 10:43:29 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Sep 3 10:43:29 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Tue Sep 3 10:43:29 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Tue Sep 3 10:43:29 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Tue Sep 3 10:43:29 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.net
Tue Sep 3 10:43:29 2019 -> Trying again in 5 secs...
Tue Sep 3 10:43:34 2019 -> ClamAV update process started at Tue Sep 3
10:43:34 2019
Tue Sep 3 10:43:34 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Sep 3 10:43:34 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Tue Sep 3 10:43:34 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Tue Sep 3 10:43:34 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Tue Sep 3 10:43:34 2019 -> ERROR: Can't download daily.cvd from
db.se.clamav.net
Tue Sep 3 10:43:34 2019 -> Giving up on db.se.clamav.net...
Tue Sep 3 10:43:34 2019 -> ClamAV update process started at Tue Sep 3
10:43:34 2019
Tue Sep 3 10:43:34 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Sep 3 10:43:34 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Tue Sep 3 10:43:34 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Tue Sep 3 10:43:34 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Tue Sep 3 10:43:34 2019 -> ERROR: Can't download daily.cvd from
database.clamav.net
Tue Sep 3 10:43:34 2019 -> Giving up on database.clamav.net...
Tue Sep 3 10:43:34 2019 -> Update failed. Your network may be down or none
of the mirrors listed in /etc/clamav/freshclam.conf is working. Check
https://www.clamav.net/documents/official-mirror-faq for possible reasons.
---------- Forwarded message ---------
Från: Birger Birger <birger.solna@gmail.com>
Date: mån 2 sep. 2019 kl 17:51
Subject: Re: [clamav-users] Fwd: freshclam incremental update
To: ClamAV users ML <clamav-users@lists.clamav.net>
Have upgraded the firmware on vigor 2926.
Started a syslog job on the router. I will post what I get there when I run
a freshclam tomorrow.
Den mån 2 sep. 2019 12:32G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> skrev:
> Hi there,
>
> On Mon, 2 Sep 2019, Birger Birger via clamav-users wrote:
>
> > I have a Vigor 2926 router between computer and internet.
>
> https://www.switchnetservices.co.uk/draytek-zero-day/
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
(syslog vigor2926, freshclam, syslog ubuntu)
Vigor 2926 Syslog
<150>Sep 3 10:41:12 DrayTek: Open port: 188.92.77.12:21585 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:16 DrayTek: Open port: 112.85.42.229:14305 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:28 DrayTek: Open port: 188.92.77.12:63263 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:28 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:21585 (TCP) close connection
<150>Sep 3 10:41:31 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire
mspc-eu1-comserver-elb-321476491.eu-west-1.elb.amazonaws.com
<150>Sep 3 10:41:31 DrayTek: Local User (MAC=00-0C-29-A0-0F-77):
192.168.1.102:60175 -> 52.51.20.101:3377 (TCP)
<150>Sep 3 10:41:35 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:63263 (TCP) close connection
<150>Sep 3 10:41:35 DrayTek: Open port: 188.92.77.12:23462 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:37 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire avery-eu-west-1-svc.logicnow.us
<150>Sep 3 10:41:37 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire
avery-web-1759575585.eu-west-1.elb.amazonaws.com
<150>Sep 3 10:41:37 DrayTek: Local User (MAC=44-8A-5B-A5-30-3E):
192.168.1.200:55339 -> 52.214.156.124:443 (TCP)
<150>Sep 3 10:41:38 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:56309 -> 13.33.99.100:443 (TCP) close connection
<150>Sep 3 10:41:41 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire db.se.clamav.net
<150>Sep 3 10:41:41 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire db.se.clamav.net.cdn.cloudflare.net
<150>Sep 3 10:41:41 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:51666 -> 104.16.218.84:80 (TCP)Web
<150>Sep 3 10:41:46 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:23462 (TCP) close connection
<150>Sep 3 10:41:47 DrayTek: Open port: 188.92.77.12:52821 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:53 DrayTek: Open port: 188.92.77.12:1938 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:53 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:52821 (TCP) close connection
<150>Sep 3 10:41:55 DrayTek: Open port: 142.93.49.103:41840 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:41:58 DrayTek: Local User: 142.93.49.103:41840 ->
192.168.1.30:22 (TCP) close connection
<166>Sep 3 10:41:59 DrayTek: acme client: Error: DrayDDNS account not exist
<150>Sep 3 10:41:59 DrayTek: Local User (MAC=44-8A-5B-A5-30-3E):
192.168.1.200:56199 -> 52.51.20.101:443 (TCP)
<150>Sep 3 10:42:01 DrayTek: Open port: 142.93.92.232:25008 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:02 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:1938 (TCP) close connection
<150>Sep 3 10:42:02 DrayTek: Open port: 188.92.77.12:27606 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:04 DrayTek: Local User: 142.93.92.232:25008 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:42:07 DrayTek: Open port: 112.85.42.229:44675 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:10 DrayTek: Open port: 188.92.77.12:44063 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:10 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:27606 (TCP) close connection
<150>Sep 3 10:42:15 DrayTek: Open port: 167.71.221.167:45770 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:17 DrayTek: Local User: 112.85.42.229:44675 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:42:17 DrayTek: Open port: 51.15.50.79:38432 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:17 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:44063 (TCP) close connection
<150>Sep 3 10:42:17 DrayTek: Open port: 188.92.77.12:64715 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:20 DrayTek: Local User: 51.15.50.79:38432 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:42:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire aus5.mozilla.org
<150>Sep 3 10:42:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire balrog-aus5.r53-2.services.mozilla.com
<150>Sep 3 10:42:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire
balrog-aus5-noclip.r53-2.services.mozilla.com
<150>Sep 3 10:42:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire balrog-cloudfront.prod.mozaws.net
<150>Sep 3 10:42:24 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62576 -> 13.33.99.148:443 (TCP)
<150>Sep 3 10:42:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire balrog-cloudfront.prod.mozaws.net
<150>Sep 3 10:42:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:64715 (TCP) close connection
<150>Sep 3 10:42:25 DrayTek: Local User: 167.71.221.167:45770 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:42:25 DrayTek: Open port: 188.92.77.12:19406 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:26 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire daily.0.93.0.0.6810DA54.ping.clamav.net
<150>Sep 3 10:42:27 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 198.41.0.4 inquire
daily.0.93.0.0.6810DA54.ping.clamav.net
<150>Sep 3 10:42:27 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 192.26.92.30 inquire
daily.0.93.0.0.6810DA54.ping.clamav.net
<150>Sep 3 10:42:27 DrayTek: Local User: 198.41.0.4:53 ->
192.168.1.30:37525 (TCP) close connection
<150>Sep 3 10:42:27 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 172.110.204.39 inquire
daily.0.93.0.0.6810DA54.ping.clamav.net
<150>Sep 3 10:42:27 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 198.148.79.38 inquire
daily.0.93.0.0.6810DA54.ping.clamav.net
<150>Sep 3 10:42:31 DrayTek: Open port: 104.248.159.129:36038 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:32 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:19406 (TCP) close connection
<150>Sep 3 10:42:32 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62577 -> 91.238.51.50:443 (TCP)
<150>Sep 3 10:42:32 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:51814 -> 104.16.219.84:80 (TCP)Web
<150>Sep 3 10:42:32 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62578 -> 91.238.51.50:80 (TCP)Web
<150>Sep 3 10:42:35 DrayTek: Local User: 104.248.159.129:36038 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:42:37 DrayTek: Open port: 188.92.77.12:54346 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:37 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62578 -> 91.238.51.50:80 (TCP) close connection
<150>Sep 3 10:42:38 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire sip1.cellip.com
<150>Sep 3 10:42:42 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62564 -> 93.184.220.29:80 (TCP) close connection
<150>Sep 3 10:42:44 DrayTek: Open port: 190.85.234.215:53572 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:47 DrayTek: Local User: 190.85.234.215:53572 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:42:48 DrayTek: Open port: 112.85.42.229:49186 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:53 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:123 -> 194.58.200.20:123 (UDP)
<150>Sep 3 10:42:55 DrayTek: Open port: 141.98.80.75:15586 ->
192.168.1.30:25 (TCP) SMTP
<150>Sep 3 10:42:55 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire 75.80.98.141.in-addr.arpa
<166>Sep 3 10:42:55 DrayTek: statistic: WAN2: Tx 55 Kbps, Rx 2641 Kbps (5
min average)
<166>Sep 3 10:42:55 DrayTek: statistic: Session Usage: 224 (5 min average)
<150>Sep 3 10:42:57 DrayTek: Local User (MAC=44-8A-5B-A5-30-3E):
192.168.1.200:56205 -> 91.238.51.50:443 (TCP)
<150>Sep 3 10:42:57 DrayTek: Local User (MAC=44-8A-5B-A5-30-3E):
192.168.1.200:56206 -> 91.238.51.50:80 (TCP)Web
<150>Sep 3 10:42:58 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:54346 (TCP) close connection
<150>Sep 3 10:42:59 DrayTek: Open port: 188.92.77.12:38856 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:42:59 DrayTek: Open port: 141.98.80.75:62466 ->
192.168.1.30:25 (TCP) SMTP
<150>Sep 3 10:42:59 DrayTek: Local User: 141.98.80.75:15586 ->
192.168.1.30:25 (TCP) close connection
<166>Sep 3 10:42:59 DrayTek: acme client: Error: DrayDDNS account not exist
<150>Sep 3 10:43:02 DrayTek: Local User (MAC=44-8A-5B-A5-30-3E):
192.168.1.200:56206 -> 91.238.51.50:80 (TCP) close connection
<150>Sep 3 10:43:05 DrayTek: Open port: 62.215.6.11:51704 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:43:09 DrayTek: Local User: 62.215.6.11:51704 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:43:11 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire breck-eu-west-1-svc.logicnow.us
<150>Sep 3 10:43:11 DrayTek: Local User (MAC=44-8A-5B-A5-30-3E):
192.168.1.200:56208 -> 34.249.179.175:443 (TCP)
<134>Sep 3 10:43:12 DrayTek: [ARP][.Arp address mismatch - Ethernet
destination address doesn't match ARP target adress]
<150>Sep 3 10:43:12 DrayTek: Local User: 141.98.80.75:62466 ->
192.168.1.30:25 (TCP) close connection
<150>Sep 3 10:43:17 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire daily.0.93.0.0.6810DB54.ping.clamav.net
<150>Sep 3 10:43:17 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 198.148.79.38 inquire
daily.0.93.0.0.6810DB54.ping.clamav.net
<150>Sep 3 10:43:19 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire arngw-mct04.mspa.n-able.com
<150>Sep 3 10:43:19 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62597 -> 154.43.131.16:443 (TCP)
<150>Sep 3 10:43:19 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62598 -> 154.43.131.16:80 (TCP)Web
<150>Sep 3 10:43:19 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:56610 -> 154.43.131.16:1235 (UDP)
<150>Sep 3 10:43:22 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire upload3europe1.systemmonitor.eu.com
<150>Sep 3 10:43:22 DrayTek: Local User (MAC=00-0C-29-A0-0F-77):
192.168.1.102:60183 -> 134.213.138.171:443 (TCP)
<150>Sep 3 10:43:22 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire db.se.clamav.net
<150>Sep 3 10:43:23 DrayTek: Open port: 91.106.97.88:58564 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:43:24 DrayTek: Local User (MAC=00-0C-29-A0-0F-77):
192.168.1.102 DNS -> 8.8.8.8 inquire dynupdate.no-ip.com
<150>Sep 3 10:43:24 DrayTek: Local User (MAC=00-0C-29-A0-0F-77):
192.168.1.102:60184 -> 54.219.9.206:8245 (TCP)
<150>Sep 3 10:43:24 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire dynupdate.no-ip.com
<150>Sep 3 10:43:26 DrayTek: Local User: 91.106.97.88:58564 ->
192.168.1.30:22 (TCP) close connection
<150>Sep 3 10:43:28 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:22 -> 188.92.77.12:38856 (TCP) close connection
<150>Sep 3 10:43:28 DrayTek: Open port: 188.92.77.12:53838 ->
192.168.1.30:22 (TCP)
<150>Sep 3 10:43:30 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:993 -> 37.196.141.135:33650 (TCP)
<150>Sep 3 10:43:30 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:993 -> 37.196.141.135:33652 (TCP)
<150>Sep 3 10:43:30 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:993 -> 37.196.141.135:33654 (TCP)
<150>Sep 3 10:43:30 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:993 -> 37.196.141.135:33648 (TCP)
<150>Sep 3 10:43:30 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30:993 -> 37.196.141.135:33656 (TCP)
<150>Sep 3 10:43:32 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire database.clamav.net
<150>Sep 3 10:43:32 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire database.clamav.net.cdn.cloudflare.net
<150>Sep 3 10:43:33 DrayTek: Local User (MAC=00-0C-29-BE-5D-F2):
192.168.1.30 DNS -> 8.8.8.8 inquire
kube-nimbus-1314339100.eu-central-1.elb.amazonaws.com
<150>Sep 3 10:43:33 DrayTek: Local User (MAC=18-60-24-74-1B-ED):
192.168.1.201:62599 -> 18.196.144.30:443 (TCP)
Ubuntu Syslog
Sep 3 10:41:17 zentyal kernel: [266068.432972] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=112.85.42.229 DST=192.168.1.30 LEN=67 TOS=0x00 PREC=0x00 TTL=46
ID=58277 DF PROTO=TCP SPT=14305 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0
MARK=0x1
Sep 3 10:41:18 zentyal kernel: [266069.260253] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=112.85.42.229 DST=192.168.1.30 LEN=700 TOS=0x00 PREC=0x00 TTL=46
ID=58279 DF PROTO=TCP SPT=14305 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0
MARK=0x1
Sep 3 10:41:40 zentyal kernel: [266091.705497] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.30 DST=192.168.1.200 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=46452 DF PROTO=TCP SPT=139 DPT=55335 WINDOW=237 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 3 10:41:42 zentyal kernel: [266093.463049] audit: type=1400
audit(1567500102.736:78): apparmor="DENIED" operation="open"
profile="/usr/bin/freshclam" name="/etc/ssl/openssl.cnf" pid=14221
comm="freshclam" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep 3 10:41:42 zentyal kernel: [266093.468537] audit: type=1400
audit(1567500102.740:79): apparmor="DENIED" operation="connect"
profile="/usr/bin/freshclam" name="/run/samba/winbindd/pipe" pid=14221
comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
Sep 3 10:41:58 zentyal dhcpd[2318]: DHCPREQUEST for 192.168.1.200 from
44:8a:5b:a5:30:3e (spc1) via eth0
Sep 3 10:41:58 zentyal dhcpd[2318]: DHCPACK on 192.168.1.200 to
44:8a:5b:a5:30:3e (spc1) via eth0
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: starting transaction on
zone company.local
Sep 3 10:41:58 zentyal named[31433]: client @0x7f39cc098ef0
192.168.1.200#52376: update 'company.local/IN' denied
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: cancelling transaction on
zone company.local
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: starting transaction on
zone company.local
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: allowing update of
signer=spc1\$\@company.LOCAL name=spc1.company.local tcpaddr=192.168.1.200
type=AAAA
key=1880-ms-7.478-19917bcc.02c13bf7-ca40-11e9-5583-3010b35e266d/160/0
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: allowing update of
signer=spc1\$\@company.LOCAL name=spc1.company.local tcpaddr=192.168.1.200
type=A key=1880-ms-7.478-19917bcc.02c13bf7-ca40-11e9-5583-3010b35e266d/160/0
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: allowing update of
signer=spc1\$\@company.LOCAL name=spc1.company.local tcpaddr=192.168.1.200
type=A key=1880-ms-7.478-19917bcc.02c13bf7-ca40-11e9-5583-3010b35e266d/160/0
Sep 3 10:41:58 zentyal named[31433]: client @0x7f39cc098ef0
192.168.1.200#56976/key spc1\$\@company.LOCAL: updating zone
'company.local/NONE': deleting rrset at 'spc1.company.local' AAAA
Sep 3 10:41:58 zentyal named[31433]: client @0x7f39cc098ef0
192.168.1.200#56976/key spc1\$\@company.LOCAL: updating zone
'company.local/NONE': deleting rrset at 'spc1.company.local' A
Sep 3 10:41:58 zentyal named[31433]: samba_dlz: subtracted rdataset
spc1.company.local 'spc1.company.local.#0111200#011IN#011A#011192.168.1.200'
Sep 3 10:41:58 zentyal named[31433]: client @0x7f39cc098ef0
192.168.1.200#56976/key spc1\$\@company.LOCAL: updating zone
'company.local/NONE': adding an RR at 'spc1.company.local' A 192.168.1.200
Sep 3 10:41:59 zentyal named[31433]: samba_dlz: added rdataset
spc1.company.local 'spc1.company.local.#0111200#011IN#011A#011192.168.1.200'
Sep 3 10:41:59 zentyal named[31433]: samba_dlz: committed transaction on
zone company.local
Sep 3 10:42:08 zentyal kernel: [266119.353208] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.30 DST=192.168.1.200 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=46453 DF PROTO=TCP SPT=139 DPT=55335 WINDOW=237 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 3 10:42:08 zentyal kernel: [266119.507436] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=112.85.42.229 DST=192.168.1.30 LEN=67 TOS=0x00 PREC=0x00 TTL=46
ID=22575 DF PROTO=TCP SPT=44675 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0
MARK=0x1
Sep 3 10:42:09 zentyal kernel: [266120.308040] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=112.85.42.229 DST=192.168.1.30 LEN=700 TOS=0x00 PREC=0x00 TTL=46
ID=22577 DF PROTO=TCP SPT=44675 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0
MARK=0x1
Sep 3 10:42:33 zentyal samba[3524]: [2019/09/03 10:42:33.921837, 0]
../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Sep 3 10:42:33 zentyal samba[3524]: /usr/sbin/samba_kcc: ldb_wrap open
of secrets.ldb
Sep 3 10:42:50 zentyal kernel: [266161.088957] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=112.85.42.229 DST=192.168.1.30 LEN=67 TOS=0x00 PREC=0x00 TTL=46
ID=15370 DF PROTO=TCP SPT=49186 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0
MARK=0x1
Sep 3 10:42:51 zentyal kernel: [266161.979994] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=112.85.42.229 DST=192.168.1.30 LEN=700 TOS=0x00 PREC=0x00 TTL=46
ID=15372 DF PROTO=TCP SPT=49186 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0
MARK=0x1
Sep 3 10:42:54 zentyal kernel: [266165.432765] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.30 DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=52479 DF PROTO=TCP SPT=51666 DPT=80 WINDOW=9057 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 3 10:42:56 zentyal postfix/smtpd[14305]: connect from
unknown[141.98.80.75]
Sep 3 10:43:00 zentyal postfix/smtpd[14305]: warning:
unknown[141.98.80.75]: SASL PLAIN authentication failed:
Sep 3 10:43:00 zentyal postfix/smtpd[14305]: lost connection after AUTH
from unknown[141.98.80.75]
Sep 3 10:43:00 zentyal postfix/smtpd[14305]: disconnect from
unknown[141.98.80.75] ehlo=1 auth=0/1 commands=1/2
Sep 3 10:43:00 zentyal postfix/smtpd[14305]: connect from
unknown[141.98.80.75]
Sep 3 10:43:13 zentyal postfix/smtpd[14305]: warning:
unknown[141.98.80.75]: SASL PLAIN authentication failed:
Sep 3 10:43:13 zentyal dhcpd[2318]: DHCPREQUEST for 192.168.1.202 from
ec:e1:a9:ca:43:bb (SEPECE1A9CA43BB) via eth0
Sep 3 10:43:13 zentyal dhcpd[2318]: DHCPACK on 192.168.1.202 to
ec:e1:a9:ca:43:bb (SEPECE1A9CA43BB) via eth0
Sep 3 10:43:14 zentyal postfix/smtpd[14305]: lost connection after AUTH
from unknown[141.98.80.75]
Sep 3 10:43:14 zentyal postfix/smtpd[14305]: disconnect from
unknown[141.98.80.75] ehlo=1 auth=0/1 commands=1/2
Sep 3 10:43:22 zentyal kernel: [266193.080510] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.30 DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=52480 DF PROTO=TCP SPT=51666 DPT=80 WINDOW=9057 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 3 10:43:37 zentyal kernel: [266208.618132] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=112.85.42.229 DST=192.168.1.30 LEN=67 TOS=0x00 PREC=0x00 TTL=46
ID=15251 DF PROTO=TCP SPT=47148 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0
MARK=0x1
Sep 3 10:43:38 zentyal kernel: [266209.439147] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=112.85.42.229 DST=192.168.1.30 LEN=700 TOS=0x00 PREC=0x00 TTL=46
ID=15253 DF PROTO=TCP SPT=47148 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0
MARK=0x1
Sep 3 10:43:40 zentyal postfix/smtpd[14305]: connect from
unknown[185.234.216.206]
Sep 3 10:43:40 zentyal postfix/smtpd[14305]: warning:
unknown[185.234.216.206]: SASL LOGIN authentication failed: Invalid
authentication mechanism
Sep 3 10:43:40 zentyal postfix/smtpd[14305]: lost connection after AUTH
from unknown[185.234.216.206]
Sep 3 10:43:40 zentyal postfix/smtpd[14305]: disconnect from
unknown[185.234.216.206] ehlo=1 auth=0/1 commands=1/2
Sep 3 10:43:45 zentyal kernel: [266215.864343] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.30 DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=64724 DF PROTO=TCP SPT=51814 DPT=80 WINDOW=6750 RES=0x00 ACK FIN
URGP=0 MARK=0x1
freshclam log
Tue Sep 3 10:41:42 2019 -> ClamAV update process started at Tue Sep 3
10:41:42 2019
Tue Sep 3 10:41:42 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Sep 3 10:41:42 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Tue Sep 3 10:41:42 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Tue Sep 3 10:41:42 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Tue Sep 3 10:42:28 2019 -> nonblock_recv: recv timing out (30 secs)
Tue Sep 3 10:42:28 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.218.84)
Tue Sep 3 10:42:28 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.net
Can't query daily.0.93.0.0.6810DA54.ping.clamav.net
Tue Sep 3 10:42:28 2019 -> Trying again in 5 secs...
Tue Sep 3 10:42:33 2019 -> ClamAV update process started at Tue Sep 3
10:42:33 2019
Tue Sep 3 10:42:33 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Sep 3 10:42:33 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Tue Sep 3 10:42:33 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Tue Sep 3 10:42:33 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Tue Sep 3 10:43:18 2019 -> nonblock_recv: recv timing out (30 secs)
Tue Sep 3 10:43:18 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.219.84)
Tue Sep 3 10:43:18 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.net
Can't query daily.0.93.0.0.6810DB54.ping.clamav.net
Tue Sep 3 10:43:18 2019 -> Trying again in 5 secs...
Tue Sep 3 10:43:23 2019 -> ClamAV update process started at Tue Sep 3
10:43:23 2019
Tue Sep 3 10:43:23 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Sep 3 10:43:23 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Tue Sep 3 10:43:23 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Tue Sep 3 10:43:23 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Tue Sep 3 10:43:24 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.net
Tue Sep 3 10:43:24 2019 -> Trying again in 5 secs...
Tue Sep 3 10:43:29 2019 -> ClamAV update process started at Tue Sep 3
10:43:29 2019
Tue Sep 3 10:43:29 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Sep 3 10:43:29 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Tue Sep 3 10:43:29 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Tue Sep 3 10:43:29 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Tue Sep 3 10:43:29 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.net
Tue Sep 3 10:43:29 2019 -> Trying again in 5 secs...
Tue Sep 3 10:43:34 2019 -> ClamAV update process started at Tue Sep 3
10:43:34 2019
Tue Sep 3 10:43:34 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Sep 3 10:43:34 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Tue Sep 3 10:43:34 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Tue Sep 3 10:43:34 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Tue Sep 3 10:43:34 2019 -> ERROR: Can't download daily.cvd from
db.se.clamav.net
Tue Sep 3 10:43:34 2019 -> Giving up on db.se.clamav.net...
Tue Sep 3 10:43:34 2019 -> ClamAV update process started at Tue Sep 3
10:43:34 2019
Tue Sep 3 10:43:34 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Sep 3 10:43:34 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Tue Sep 3 10:43:34 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Tue Sep 3 10:43:34 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Tue Sep 3 10:43:34 2019 -> ERROR: Can't download daily.cvd from
database.clamav.net
Tue Sep 3 10:43:34 2019 -> Giving up on database.clamav.net...
Tue Sep 3 10:43:34 2019 -> Update failed. Your network may be down or none
of the mirrors listed in /etc/clamav/freshclam.conf is working. Check
https://www.clamav.net/documents/official-mirror-faq for possible reasons.
---------- Forwarded message ---------
Från: Birger Birger <birger.solna@gmail.com>
Date: mån 2 sep. 2019 kl 17:51
Subject: Re: [clamav-users] Fwd: freshclam incremental update
To: ClamAV users ML <clamav-users@lists.clamav.net>
Have upgraded the firmware on vigor 2926.
Started a syslog job on the router. I will post what I get there when I run
a freshclam tomorrow.
Den mån 2 sep. 2019 12:32G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> skrev:
> Hi there,
>
> On Mon, 2 Sep 2019, Birger Birger via clamav-users wrote:
>
> > I have a Vigor 2926 router between computer and internet.
>
> https://www.switchnetservices.co.uk/draytek-zero-day/
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>