Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ClamAV>
  3. win32
[clamav-users] Fwd: Fwd: Fwd: Fwd: freshclam incremental update
clamav-users at lists
Sep 10, 2019, 7:25 AM
Post #1 of 7 (303 views)
Permalink
Have added the following lines to /etc/apparmor.d/ usr.bin.freshclam and
usr.sbin.clamd:
1. /etc/ssl/openssl.cnf r,
2. /{,var/}run/samba/winbindd/pipe rw,

This made the apparmor DENIED lines in syslog and kernel.log disappear.

Still no completed downoads with freshclam of daily and incremental
updates.

---------- Forwarded message ---------
Från: Birger Birger <birger.solna@gmail.com>
Date: sön 8 sep. 2019 kl 12:35
Subject: Re: [clamav-users] Fwd: Fwd: Fwd: freshclam incremental update
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: ClamAV users ML <clamav-users@lists.clamav.net>


Tried to delete and install ClamAV again. No difference in behaviour from
what I can see. Downloads with freshclam still halts, appearantly because
of apparmor.

Den tors 5 sep. 2019 21:54Joel Esler (jesler) <jesler@cisco.com> skrev:

> How did you get this?
>
> Sent from my ? iPad
>
> On Sep 5, 2019, at 05:06, Birger Birger via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> ?
> This might provide additional information.
>
> /usr/bin/freshclam
> *Trying to retrieve CVD header of http://%s/%s
> %cremote_cvdhead: write failed
> %cremote_cvdhead: Error while reading CVD header from %s
> %c%s not found on remote server
> %cremote_cvdhead: Unknown response from %s (IP: %s): %s
> %cremote_cvdhead: Unknown response from %s (IP: %s)
> %cremote_cvdhead: Malformed CVD header (too short)
> %cremote_cvdhead: Malformed CVD header (bad chars)
> %cremote_cvdhead: Malformed CVD header (can't parse)
> !getfile: Can't allocate memory for 'remotename'
> *Trying to download http://%s/%s
> *Trying to download http://%s/%s (IP: %s)
> %cgetfile: Can't write to socket
> %cgetfile: Error while reading database from %s: %s
> %cgetfile: Error while reading database from %s (IP: %s): %s
> ^getfile: %s not found on %s (IP: %s)
> %cgetfile: Unknown response from %s: %s
> %cgetfile: Unknown response from %s (IP: %s): %s
> %cgetfile: Unknown response from %s
> %cgetfile: Unknown response from %s (IP: %s)
> !getfile: Can't create new file %s in %s
> !getfile: Can't create new file %s in the current directory
> Hint: The database directory must be writable for UID %d or GID %d
> getfile: Can't write %d bytes to %s
> %cgetfile: Download interrupted: %s (Host: %s)
> %cgetfile: Download interrupted: %s (IP: %s)
> GET %s/%s HTTP/1.0
> Host: %s
> %sUser-Agent: %s
> Connection: close
> %s%s%s
> !Can't allocate memory for filename!
> !Can't read CVD header of new %s database.
> ^Mirror %s is not synchronized.
> ^Mirror is more than 1 version out of date. Recording mirror
> failure.
> !updatedb: Unknown database name (%s) passed.
> ^Broken database version in TXT record.
> ^Invalid DNS reply. Falling back to HTTP mode.
> ^DNS record is older than 3 hours.
> ^No timestamp in TXT record for %s
> ^Broken database version in TXT record for %s
> HTTPProxyUsername requires HTTPProxyPassword
> %s is up to date (version: %d, sigs: %d, f-level: %d, builder: %s)
> %s.%u.%u.%u.%u.%s.ping.clamav.net ^Can't read %s header from %s
> ^Can't read %s header from %s (IP: %s)
> ^Current functionality level = %d, recommended = %d
> Please check if ClamAV tools are linked against the proper version of
> libclamav
> DON'T PANIC! Read
> https://www.clamav.net/documents/installing-clamav
> !getpatch: Can't get path of current working directory
> !chdir_tmp: dbname parameter value too long to create cvd file name: %s
> !chdir_tmp: dbname parameter value too long to create cld file
> name: %s
> !chdir_tmp: Can't access local %s database
> !chdir_tmp: Can't create directory %s
> !chdir_tmp: Can't unpack %s into %s
> !chdir_tmp: Can't change directory to %s
> Empty script %s, need to download entire database
> %cgetpatch: Can't download %s from %s
> !getpatch: Can't open %s for reading
> ^Incremental update failed, trying to download %s
> !buildcld: Can't get path of current working directory
> !buildcld: Can't access directory %s
> !buildcld: Can't open %s for writing
> !buildcld: Can't open directory %s
> !buildcld: gzopen() failed for %s
> !buildcld: COPYING file not found
> !buildcld: Can't add COPYING to new %s.cld - please check if there
> is enough disk space available
> Updates to main.cvd or safebrowsing.cvd may require 200MB of disk
> space or more
> !buildcld: Can't add %s to new %s.cld - please check if there is
> enough disk space available
> !buildcld: Can't add daily.cfg to new %s.cld - please check if there is
> enough disk space available
> !buildcld: gzclose() failed for %s
> !buildcld: close() failed for %s
> !buildcld: Can't return to previous directory %s
> ^Can't unlink the old database file %s. Please remove it manually.
> %s updated (version: %d, sigs: %d, f-level: %d, builder: %s)
> ^Your ClamAV installation is OUTDATED!
> !Can't create temporary directory %s
> ClamAV update process started at %s *Software version from DNS: %s
> ^Local version: %s Recommended version: %s
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
> !DatabaseCustomURL: URL must be shorter than %llu
> !DatabaseCustomURL: Incorrect URL
> DatabaseCustomURL: Incorrect URL
> %s is up to date (version: custom database)
> DatabaseCustomURL: file %s missing
> DatabaseCustomURL: Can't copy file %s into database directory
> !DatabaseCustomURL: Not supported protocol
> %s updated (version: custom database, sigs: %u)
> !--update-db=custom requires DatabaseCustomURL
> ^SafeBrowsing is disabled but can't remove old %s
> ^Bytecode is disabled but can't remove old %s
> !checkdbdir: Can't open directory %s
> !Corrupted database file %s: %s
> !Can't remove broken database file %s, please delete it manually
> and restart freshclam
> Corrupted database file renamed to %s
> Database updated (%d signatures) from %s
> Database updated (%d signatures) from %s (IP: %s)
> !downloadmanager: OnOutdatedExecute: Incorrect version number string
> !downloadmanager: Can't allocate memory for buffer
> %s:%s *Loading signatures from %s
> [...] ^pipe() failed: %s
> ^dup2() failed: %s
> ^fork() failed: %s
> LibClamAV Warning: *%s ^waitpid() failed: %s
> gmtime: %s
> %a, %d %b %Y %X GMT TCP webcache %cinet_ntop() failed
> Trying host %s (%s)...
> !Can't create new socket: %s
> ^Using default client ip.
> *Using ip '%s' for fetching.
> http://%s *If-Modified-Since: %s
> Reading CVD header (%s): *Connected to %s.
> *Connected to %s (IP: %s).
> HTTP/1.1 404 HTTP/1.0 404 HTTP/1.1 304 HTTP/1.0 304 OK (IMS)
> HTTP/1.1 200 HTTP/1.0 200 HTTP/1.1 206 HTTP/1.0 206 HTTP/1.0 HTTP/1.1 OK
>
> ---------- Forwarded message ---------
> Från: Joel Esler (jesler) <jesler@cisco.com>
> Date: ons 4 sep. 2019 kl 12:20
> Subject: Re: [clamav-users] Fwd: Fwd: freshclam incremental update
> To: Birger Birger via clamav-users <clamav-users@lists.clamav.net>
> Cc: Birger Birger <birger.solna@gmail.com>
>
>
> This looks promising to troubleshoot.
>
> Sent from my ? iPhone
>
> > On Sep 4, 2019, at 03:01, Birger Birger via clamav-users <
> clamav-users@lists.clamav.net> wrote:
> >
> > Sep 4 08:40:01 zentyal kernel: [345190.998397] audit: type=1400
> audit(1567579201.044:83): apparmor="DENIED" operation="connect"
> profile="/usr/bin/freshclam" name="/run/samba/winbindd/pipe" pid=1269
> comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
[clamav-users] Fwd: Fwd: Fwd: Fwd: freshclam incremental update [ In reply to ]
clamav-users at lists
Sep 11, 2019, 2:24 AM
Post #2 of 7 (301 views)
Permalink
Now it seems the firewall is stopping freshclam to download updates. Any
ideas?
freshclam-log
Wed Sep 11 11:04:53 2019 -> --------------------------------------
Wed Sep 11 11:04:53 2019 -> ClamAV update process started at Wed Sep 11
11:04:53 2019
Wed Sep 11 11:04:53 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Sep 11 11:04:53 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Wed Sep 11 11:04:53 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Wed Sep 11 11:04:53 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Sep 11 11:05:24 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:05:24 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.219.84)
Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Can't query daily.25569.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:05:24 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:05:24 2019 -> WARNING: Incremental update failed, trying to
download daily.cvd
Wed Sep 11 11:06:09 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:06:09 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.218.84)
Wed Sep 11 11:06:09 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.net
Can't query daily.0.93.0.0.6810DA54.ping.clamav.net
Wed Sep 11 11:06:09 2019 -> Trying again in 5 secs...
Wed Sep 11 11:06:14 2019 -> ClamAV update process started at Wed Sep 11
11:06:14 2019
Wed Sep 11 11:06:14 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Sep 11 11:06:14 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Wed Sep 11 11:06:14 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Wed Sep 11 11:06:14 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Sep 11 11:06:15 2019 -> Trying host db.se.clamav.net (104.16.219.84)...
Wed Sep 11 11:06:45 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:06:45 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.219.84)
Wed Sep 11 11:06:45 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Can't query daily.25569.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:06:46 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:06:46 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:06:46 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:06:46 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:06:46 2019 -> WARNING: Incremental update failed, trying to
download daily.cvd
Wed Sep 11 11:07:30 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:07:30 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.218.84)
Wed Sep 11 11:07:30 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.net
Can't query daily.0.93.0.0.6810DA54.ping.clamav.net
Wed Sep 11 11:07:30 2019 -> Trying again in 5 secs...
Wed Sep 11 11:07:35 2019 -> ClamAV update process started at Wed Sep 11
11:07:35 2019
Wed Sep 11 11:07:35 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Sep 11 11:07:35 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Wed Sep 11 11:07:35 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Wed Sep 11 11:07:35 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Sep 11 11:08:07 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:08:07 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.219.84)
Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Can't query daily.25569.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:08:07 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:08:07 2019 -> WARNING: Incremental update failed, trying to
download daily.cvd
Wed Sep 11 11:08:51 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:08:51 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.219.84)
Wed Sep 11 11:08:51 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.net
Can't query daily.0.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:08:52 2019 -> Trying again in 5 secs...
Wed Sep 11 11:08:57 2019 -> ClamAV update process started at Wed Sep 11
11:08:57 2019
Wed Sep 11 11:08:57 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Sep 11 11:08:57 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Wed Sep 11 11:08:57 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Wed Sep 11 11:08:57 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Sep 11 11:09:28 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:09:28 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.218.84)
Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Can't query daily.25569.93.0.0.6810DA54.ping.clamav.net
Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:09:28 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:09:28 2019 -> WARNING: Incremental update failed, trying to
download daily.cvd
Wed Sep 11 11:10:13 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:10:13 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.218.84)
Wed Sep 11 11:10:13 2019 -> WARNING: Can't download daily.cvd from
db.se.clamav.net
Can't query daily.0.93.0.0.6810DA54.ping.clamav.net
Wed Sep 11 11:10:13 2019 -> Trying again in 5 secs...
Wed Sep 11 11:10:18 2019 -> ClamAV update process started at Wed Sep 11
11:10:18 2019
Wed Sep 11 11:10:18 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Sep 11 11:10:18 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Wed Sep 11 11:10:18 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Wed Sep 11 11:10:18 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Sep 11 11:10:19 2019 -> Trying host db.se.clamav.net (104.16.219.84)...
Wed Sep 11 11:10:49 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:10:49 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.219.84)
Wed Sep 11 11:10:49 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Can't query daily.25569.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:10:50 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:10:50 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:10:50 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:10:50 2019 -> ERROR: getpatch: Can't download
daily-25569.cdiff from db.se.clamav.net
Wed Sep 11 11:10:50 2019 -> WARNING: Incremental update failed, trying to
download daily.cvd
Wed Sep 11 11:11:34 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:11:34 2019 -> ERROR: getfile: Download interrupted: Operation
now in progress (IP: 104.16.219.84)
Wed Sep 11 11:11:34 2019 -> ERROR: Can't download daily.cvd from
db.se.clamav.net
Can't query daily.0.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:11:35 2019 -> Giving up on db.se.clamav.net...
Wed Sep 11 11:11:35 2019 -> ClamAV update process started at Wed Sep 11
11:11:35 2019
Wed Sep 11 11:11:35 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Sep 11 11:11:35 2019 -> WARNING: Local version: 0.100.3 Recommended
version: 0.101.4
Wed Sep 11 11:11:35 2019 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav
Wed Sep 11 11:11:35 2019 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Sep 11 11:11:36 2019 -> Trying host database.clamav.net
(104.16.218.84)...
Wed Sep 11 11:12:06 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:12:06 2019 -> WARNING: getfile: Download interrupted:
Operation now in progress (IP: 104.16.218.84)
Wed Sep 11 11:12:06 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from database.clamav.net
Can't query daily.25569.93.0.0.6810DA54.ping.clamav.net
Wed Sep 11 11:12:06 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from database.clamav.net
Wed Sep 11 11:12:06 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from database.clamav.net
Wed Sep 11 11:12:06 2019 -> WARNING: getpatch: Can't download
daily-25569.cdiff from database.clamav.net
Wed Sep 11 11:12:06 2019 -> ERROR: getpatch: Can't download
daily-25569.cdiff from database.clamav.net
Wed Sep 11 11:12:06 2019 -> WARNING: Incremental update failed, trying to
download daily.cvd
Wed Sep 11 11:12:51 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 11 11:12:51 2019 -> ERROR: getfile: Download interrupted: Operation
now in progress (IP: 104.16.219.84)
Wed Sep 11 11:12:51 2019 -> ERROR: Can't download daily.cvd from
database.clamav.net
Can't query daily.0.93.0.0.6810DB54.ping.clamav.net
Wed Sep 11 11:12:52 2019 -> Giving up on database.clamav.net...
Wed Sep 11 11:12:52 2019 -> Update failed. Your network may be down or none
of the mirrors listed in /etc/clamav/freshclam.conf is working. Check
https://www.clamav.net/documents/official-mirror-faq for possible reasons.



syslog
Sep 11 11:00:16 zentyal kernel: [73529.621326] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=192.168.1.200 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=42938 DF PROTO=TCP SPT=139 DPT=61923 WINDOW=237 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:03:00 zentyal kernel: [73693.715692] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00
TTL=64 ID=29745 DF PROTO=TCP SPT=443 DPT=57505 WINDOW=249 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:19 zentyal kernel: [73712.692731] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31106 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:19 zentyal kernel: [73712.911476] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31107 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:20 zentyal kernel: [73713.363442] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31108 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:21 zentyal kernel: [73714.259487] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31109 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:23 zentyal kernel: [73716.019537] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31110 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:26 zentyal kernel: [73719.571417] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31111 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:29 zentyal kernel: [73722.131420] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00
TTL=64 ID=29746 DF PROTO=TCP SPT=443 DPT=57505 WINDOW=249 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:33 zentyal kernel: [73726.739373] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31112 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:47 zentyal kernel: [73740.819168] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31113 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:03:49 zentyal kernel: [73742.611226] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=37.2.232.59 LEN=148 TOS=0x00 PREC=0x00 TTL=64
ID=58086 DF PROTO=TCP SPT=993 DPT=42342 WINDOW=284 RES=0x00 ACK PSH FIN
URGP=0 MARK=0x1
Sep 11 11:03:49 zentyal kernel: [73742.611294] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=37.2.232.59 LEN=148 TOS=0x00 PREC=0x00 TTL=64
ID=47645 DF PROTO=TCP SPT=993 DPT=42344 WINDOW=252 RES=0x00 ACK PSH FIN
URGP=0 MARK=0x1
Sep 11 11:04:16 zentyal kernel: [73769.234948] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31114 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:04:30 zentyal kernel: [73783.504367] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0
PROTO=TCP SPT=60464 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Sep 11 11:04:34 zentyal kernel: [73787.503920] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0
PROTO=TCP SPT=60470 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Sep 11 11:04:38 zentyal kernel: [73791.504188] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0
PROTO=TCP SPT=60456 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Sep 11 11:04:38 zentyal kernel: [73791.504235] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0
PROTO=TCP SPT=60472 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Sep 11 11:04:54 zentyal kernel: [73807.504397] zentyal-firewall drop
IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
SRC=82.214.44.215 DST=192.168.1.NN LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=0
PROTO=TCP SPT=60466 DPT=993 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
Sep 11 11:05:13 zentyal kernel: [73826.578340] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=82.214.44.215 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=31115 DF PROTO=TCP SPT=993 DPT=33824 WINDOW=243 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:05:51 zentyal kernel: [73863.958073] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=57985 DF PROTO=TCP SPT=60672 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:06:19 zentyal kernel: [73892.113836] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=57986 DF PROTO=TCP SPT=60672 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:06:36 zentyal kernel: [73909.009614] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=37248 DF PROTO=TCP SPT=56872 DPT=80 WINDOW=6589 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:07:04 zentyal kernel: [73937.169358] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=37249 DF PROTO=TCP SPT=56872 DPT=80 WINDOW=6589 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:07:12 zentyal kernel: [73945.617287] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=60892 DF PROTO=TCP SPT=60748 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:07:39 zentyal kernel: [73971.985071] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=60893 DF PROTO=TCP SPT=60748 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:07:57 zentyal kernel: [73990.416899] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=1377 DF PROTO=TCP SPT=56950 DPT=80 WINDOW=4346 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:08:24 zentyal kernel: [74017.040697] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=1378 DF PROTO=TCP SPT=56950 DPT=80 WINDOW=4346 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:08:33 zentyal kernel: [74026.768528] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=44360 DF PROTO=TCP SPT=60828 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:09:00 zentyal kernel: [74053.904258] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=44361 DF PROTO=TCP SPT=60828 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:09:18 zentyal kernel: [74071.568090] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=63089 DF PROTO=TCP SPT=60856 DPT=80 WINDOW=3749 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:09:46 zentyal kernel: [74098.959822] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=63090 DF PROTO=TCP SPT=60856 DPT=80 WINDOW=3749 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:09:54 zentyal kernel: [74107.919806] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=2416 DF PROTO=TCP SPT=57076 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:10:22 zentyal kernel: [74135.827476] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=2417 DF PROTO=TCP SPT=57076 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:10:39 zentyal kernel: [74152.719302] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=11269 DF PROTO=TCP SPT=57106 DPT=80 WINDOW=7963 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:11:01 zentyal kernel: [74173.967086] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00
TTL=64 ID=38108 DF PROTO=TCP SPT=443 DPT=62800 WINDOW=249 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:11:07 zentyal kernel: [74180.879125] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=11270 DF PROTO=TCP SPT=57106 DPT=80 WINDOW=7963 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:11:16 zentyal kernel: [74189.327110] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=23818 DF PROTO=TCP SPT=60982 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:11:28 zentyal kernel: [74201.358824] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00
TTL=64 ID=38109 DF PROTO=TCP SPT=443 DPT=62800 WINDOW=249 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:11:42 zentyal kernel: [74215.694709] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=23819 DF PROTO=TCP SPT=60982 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:11:49 zentyal kernel: [74222.862652] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=192.168.1.200 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=53892 DF PROTO=TCP SPT=139 DPT=53802 WINDOW=237 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:12:00 zentyal kernel: [74233.870560] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00
TTL=64 ID=8868 DF PROTO=TCP SPT=443 DPT=62808 WINDOW=249 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:12:01 zentyal kernel: [74234.638531] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=10349 DF PROTO=TCP SPT=32794 DPT=80 WINDOW=3458 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:12:17 zentyal kernel: [74250.518383] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=192.168.1.200 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=53893 DF PROTO=TCP SPT=139 DPT=53802 WINDOW=237 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:12:29 zentyal kernel: [74262.798275] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=192.168.1.201 LEN=71 TOS=0x00 PREC=0x00
TTL=64 ID=8869 DF PROTO=TCP SPT=443 DPT=62808 WINDOW=249 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:12:29 zentyal kernel: [74262.798399] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=10350 DF PROTO=TCP SPT=32794 DPT=80 WINDOW=3458 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:12:32 zentyal kernel: [74265.870253] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=13344 DF PROTO=TCP SPT=57242 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:13:00 zentyal kernel: [74293.518049] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=13345 DF PROTO=TCP SPT=57242 DPT=80 WINDOW=662 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:13:18 zentyal kernel: [74311.437869] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=61385 DF PROTO=TCP SPT=32868 DPT=80 WINDOW=3729 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:13:45 zentyal kernel: [74338.573560] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=104.16.219.84 LEN=40 TOS=0x00 PREC=0x00
TTL=64 ID=61386 DF PROTO=TCP SPT=32868 DPT=80 WINDOW=3729 RES=0x00 ACK FIN
URGP=0 MARK=0x1
Sep 11 11:15:23 zentyal kernel: [74436.876612] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=94.242.250.62 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=60853 DF PROTO=TCP SPT=993 DPT=40606 WINDOW=375 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1
Sep 11 11:15:23 zentyal kernel: [74436.876615] zentyal-firewall drop IN=
OUT=eth0 SRC=192.168.1.NN DST=94.242.250.62 LEN=148 TOS=0x00 PREC=0x00
TTL=64 ID=39582 DF PROTO=TCP SPT=993 DPT=40608 WINDOW=269 RES=0x00 ACK PSH
FIN URGP=0 MARK=0x1

---------- Forwarded message ---------
Från: Birger Birger <birger.solna@gmail.com>
Date: tis 10 sep. 2019 kl 16:25
Subject: Fwd: [clamav-users] Fwd: Fwd: Fwd: freshclam incremental update
To: ClamAV users ML <clamav-users@lists.clamav.net>


Have added the following lines to /etc/apparmor.d/ usr.bin.freshclam and
usr.sbin.clamd:
1. /etc/ssl/openssl.cnf r,
2. /{,var/}run/samba/winbindd/pipe rw,

This made the apparmor DENIED lines in syslog and kernel.log disappear.

Still no completed downoads with freshclam of daily and incremental
updates.

---------- Forwarded message ---------
Från: Birger Birger <birger.solna@gmail.com>
Date: sön 8 sep. 2019 kl 12:35
Subject: Re: [clamav-users] Fwd: Fwd: Fwd: freshclam incremental update
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: ClamAV users ML <clamav-users@lists.clamav.net>


Tried to delete and install ClamAV again. No difference in behaviour from
what I can see. Downloads with freshclam still halts, appearantly because
of apparmor.

Den tors 5 sep. 2019 21:54Joel Esler (jesler) <jesler@cisco.com> skrev:

> How did you get this?
>
> Sent from my ? iPad
>
> On Sep 5, 2019, at 05:06, Birger Birger via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> ?
> This might provide additional information.
>
> /usr/bin/freshclam
> *Trying to retrieve CVD header of http://%s/%s
> %cremote_cvdhead: write failed
> %cremote_cvdhead: Error while reading CVD header from %s
> %c%s not found on remote server
> %cremote_cvdhead: Unknown response from %s (IP: %s): %s
> %cremote_cvdhead: Unknown response from %s (IP: %s)
> %cremote_cvdhead: Malformed CVD header (too short)
> %cremote_cvdhead: Malformed CVD header (bad chars)
> %cremote_cvdhead: Malformed CVD header (can't parse)
> !getfile: Can't allocate memory for 'remotename'
> *Trying to download http://%s/%s
> *Trying to download http://%s/%s (IP: %s)
> %cgetfile: Can't write to socket
> %cgetfile: Error while reading database from %s: %s
> %cgetfile: Error while reading database from %s (IP: %s): %s
> ^getfile: %s not found on %s (IP: %s)
> %cgetfile: Unknown response from %s: %s
> %cgetfile: Unknown response from %s (IP: %s): %s
> %cgetfile: Unknown response from %s
> %cgetfile: Unknown response from %s (IP: %s)
> !getfile: Can't create new file %s in %s
> !getfile: Can't create new file %s in the current directory
> Hint: The database directory must be writable for UID %d or GID %d
> getfile: Can't write %d bytes to %s
> %cgetfile: Download interrupted: %s (Host: %s)
> %cgetfile: Download interrupted: %s (IP: %s)
> GET %s/%s HTTP/1.0
> Host: %s
> %sUser-Agent: %s
> Connection: close
> %s%s%s
> !Can't allocate memory for filename!
> !Can't read CVD header of new %s database.
> ^Mirror %s is not synchronized.
> ^Mirror is more than 1 version out of date. Recording mirror
> failure.
> !updatedb: Unknown database name (%s) passed.
> ^Broken database version in TXT record.
> ^Invalid DNS reply. Falling back to HTTP mode.
> ^DNS record is older than 3 hours.
> ^No timestamp in TXT record for %s
> ^Broken database version in TXT record for %s
> HTTPProxyUsername requires HTTPProxyPassword
> %s is up to date (version: %d, sigs: %d, f-level: %d, builder: %s)
> %s.%u.%u.%u.%u.%s.ping.clamav.net ^Can't read %s header from %s
> ^Can't read %s header from %s (IP: %s)
> ^Current functionality level = %d, recommended = %d
> Please check if ClamAV tools are linked against the proper version of
> libclamav
> DON'T PANIC! Read
> https://www.clamav.net/documents/installing-clamav
> !getpatch: Can't get path of current working directory
> !chdir_tmp: dbname parameter value too long to create cvd file name: %s
> !chdir_tmp: dbname parameter value too long to create cld file
> name: %s
> !chdir_tmp: Can't access local %s database
> !chdir_tmp: Can't create directory %s
> !chdir_tmp: Can't unpack %s into %s
> !chdir_tmp: Can't change directory to %s
> Empty script %s, need to download entire database
> %cgetpatch: Can't download %s from %s
> !getpatch: Can't open %s for reading
> ^Incremental update failed, trying to download %s
> !buildcld: Can't get path of current working directory
> !buildcld: Can't access directory %s
> !buildcld: Can't open %s for writing
> !buildcld: Can't open directory %s
> !buildcld: gzopen() failed for %s
> !buildcld: COPYING file not found
> !buildcld: Can't add COPYING to new %s.cld - please check if there
> is enough disk space available
> Updates to main.cvd or safebrowsing.cvd may require 200MB of disk
> space or more
> !buildcld: Can't add %s to new %s.cld - please check if there is
> enough disk space available
> !buildcld: Can't add daily.cfg to new %s.cld - please check if there is
> enough disk space available
> !buildcld: gzclose() failed for %s
> !buildcld: close() failed for %s
> !buildcld: Can't return to previous directory %s
> ^Can't unlink the old database file %s. Please remove it manually.
> %s updated (version: %d, sigs: %d, f-level: %d, builder: %s)
> ^Your ClamAV installation is OUTDATED!
> !Can't create temporary directory %s
> ClamAV update process started at %s *Software version from DNS: %s
> ^Local version: %s Recommended version: %s
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
> !DatabaseCustomURL: URL must be shorter than %llu
> !DatabaseCustomURL: Incorrect URL
> DatabaseCustomURL: Incorrect URL
> %s is up to date (version: custom database)
> DatabaseCustomURL: file %s missing
> DatabaseCustomURL: Can't copy file %s into database directory
> !DatabaseCustomURL: Not supported protocol
> %s updated (version: custom database, sigs: %u)
> !--update-db=custom requires DatabaseCustomURL
> ^SafeBrowsing is disabled but can't remove old %s
> ^Bytecode is disabled but can't remove old %s
> !checkdbdir: Can't open directory %s
> !Corrupted database file %s: %s
> !Can't remove broken database file %s, please delete it manually
> and restart freshclam
> Corrupted database file renamed to %s
> Database updated (%d signatures) from %s
> Database updated (%d signatures) from %s (IP: %s)
> !downloadmanager: OnOutdatedExecute: Incorrect version number string
> !downloadmanager: Can't allocate memory for buffer
> %s:%s *Loading signatures from %s
> [...] ^pipe() failed: %s
> ^dup2() failed: %s
> ^fork() failed: %s
> LibClamAV Warning: *%s ^waitpid() failed: %s
> gmtime: %s
> %a, %d %b %Y %X GMT TCP webcache %cinet_ntop() failed
> Trying host %s (%s)...
> !Can't create new socket: %s
> ^Using default client ip.
> *Using ip '%s' for fetching.
> http://%s *If-Modified-Since: %s
> Reading CVD header (%s): *Connected to %s.
> *Connected to %s (IP: %s).
> HTTP/1.1 404 HTTP/1.0 404 HTTP/1.1 304 HTTP/1.0 304 OK (IMS)
> HTTP/1.1 200 HTTP/1.0 200 HTTP/1.1 206 HTTP/1.0 206 HTTP/1.0 HTTP/1.1 OK
>
> ---------- Forwarded message ---------
> Från: Joel Esler (jesler) <jesler@cisco.com>
> Date: ons 4 sep. 2019 kl 12:20
> Subject: Re: [clamav-users] Fwd: Fwd: freshclam incremental update
> To: Birger Birger via clamav-users <clamav-users@lists.clamav.net>
> Cc: Birger Birger <birger.solna@gmail.com>
>
>
> This looks promising to troubleshoot.
>
> Sent from my ? iPhone
>
> > On Sep 4, 2019, at 03:01, Birger Birger via clamav-users <
> clamav-users@lists.clamav.net> wrote:
> >
> > Sep 4 08:40:01 zentyal kernel: [345190.998397] audit: type=1400
> audit(1567579201.044:83): apparmor="DENIED" operation="connect"
> profile="/usr/bin/freshclam" name="/run/samba/winbindd/pipe" pid=1269
> comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
Re: [clamav-users] Fwd: Fwd: Fwd: Fwd: freshclam incremental update [ In reply to ]
clamav-users at lists
Sep 11, 2019, 2:35 AM
Post #3 of 7 (301 views)
Permalink
Hi there,

On Wed, 11 Sep 2019, Birger Birger via clamav-users wrote:

> Now it seems the firewall is stopping freshclam to download updates.

That's what I told you in my Sept 3rd reply to you.

> Any ideas?

Stop the firewall from dropping the packets?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Fwd: Fwd: Fwd: Fwd: freshclam incremental update [ In reply to ]
clamav-users at lists
Sep 11, 2019, 7:31 AM
Post #4 of 7 (299 views)
Permalink
Turned firewall off with "sudo zs firewall stop" and run the command
"freshclam".

Now all the files "main.cvd", "daily.cvd", "bytecode.cvd" and "mirrors" was
rapidly and successfully updated.

After I turned the firewall on again.

Changes are obviously needed in iptables and/or firewall but don't know
what.

Den ons 11 sep. 2019 11:35G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> skrev:

> Hi there,
>
> On Wed, 11 Sep 2019, Birger Birger via clamav-users wrote:
>
> > Now it seems the firewall is stopping freshclam to download updates.
>
> That's what I told you in my Sept 3rd reply to you.
>
> > Any ideas?
>
> Stop the firewall from dropping the packets?
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] Fwd: Fwd: Fwd: Fwd: freshclam incremental update [ In reply to ]
clamav-users at lists
Sep 11, 2019, 8:18 AM
Post #5 of 7 (299 views)
Permalink
Hi there,

On Wed, 11 Sep 2019, Birger Birger via clamav-users wrote:
> Den ons 11 sep. 2019 11:35G.W. Haywood via clamav-users skrev:
>> On Wed, 11 Sep 2019, Birger Birger via clamav-users wrote:
>>
>>> Now it seems the firewall is stopping freshclam to download updates.
>> Stop the firewall from dropping the packets?
> Turned firewall off with "sudo zs firewall stop" and run the command
> "freshclam".
>
> Now all the files "main.cvd", "daily.cvd", "bytecode.cvd" and "mirrors" was
> rapidly and successfully updated.
>
> After I turned the firewall on again.
>
> Changes are obviously needed in iptables and/or firewall but don't know
> what.

First you need to learn about TCP/IP. This list is not the right place.

I suggest you start with something like the 'Networking concepts HOWTO'
and the 'Packet Filtering HOWTO', which are very old but which contain
much which is still relevant. You can find them, and some other useful
documents about networking, in several languages, here:

https://www.netfilter.org/documentation/

There are many other sources of useful information about networking,
but please try to stay away from 'quick fixes'. You need to build
your understanding of what you are doing; if you simply follow a few
instructions you will not learn very much, and you risk both leaving
your systems vulnerable to attack and giving the gift of a free tool
to criminals who will abuse your systems. In other words you will
become part of the problem.

Please do not underestimate the task ahead of you. You will need to
do at least many weeks of study before you can attain any proficiency
in firewall management.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Fwd: Fwd: Fwd: Fwd: freshclam incremental update [ In reply to ]
clamav-users at lists
Sep 11, 2019, 10:14 AM
Post #6 of 7 (299 views)
Permalink
Perhaps looking at your firewall's log file would show exactly what's
going on. Ours is in "/var/log/firewall", but your system might keep it
in a different place. I think the (Cloudflare) IP addresses used for
download are "104.16.218.84" and "104.16.219.84" (and maybe others?).


On Wed, 11 Sep 2019 16:31:31 +0200
Birger Birger via clamav-users <clamav-users@lists.clamav.net> wrote:

> Turned firewall off with "sudo zs firewall stop" and run the command
> "freshclam".
>
> Now all the files "main.cvd", "daily.cvd", "bytecode.cvd" and
> "mirrors" was rapidly and successfully updated.
>
> After I turned the firewall on again.
>
> Changes are obviously needed in iptables and/or firewall but don't
> know what.
>
> Den ons 11 sep. 2019 11:35G.W. Haywood via clamav-users <
> clamav-users@lists.clamav.net> skrev:
>
> > Hi there,
> >
> > On Wed, 11 Sep 2019, Birger Birger via clamav-users wrote:
> >
> > > Now it seems the firewall is stopping freshclam to download
> > > updates.
> >
> > That's what I told you in my Sept 3rd reply to you.
> >
> > > Any ideas?
> >
> > Stop the firewall from dropping the packets?
> >
> > --
> >
> > 73,
> > Ged.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Fwd: Fwd: Fwd: Fwd: freshclam incremental update [ In reply to ]
clamav-users at lists
Sep 12, 2019, 4:14 AM
Post #7 of 7 (299 views)
Permalink
I think I will let the support technicians help me with this. Can't make it
work with the GUI.

Den ons 11 sep. 2019 19:15Paul Kosinski via clamav-users <
clamav-users@lists.clamav.net> skrev:

> Perhaps looking at your firewall's log file would show exactly what's
> going on. Ours is in "/var/log/firewall", but your system might keep it
> in a different place. I think the (Cloudflare) IP addresses used for
> download are "104.16.218.84" and "104.16.219.84" (and maybe others?).
>
>
> On Wed, 11 Sep 2019 16:31:31 +0200
> Birger Birger via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> > Turned firewall off with "sudo zs firewall stop" and run the command
> > "freshclam".
> >
> > Now all the files "main.cvd", "daily.cvd", "bytecode.cvd" and
> > "mirrors" was rapidly and successfully updated.
> >
> > After I turned the firewall on again.
> >
> > Changes are obviously needed in iptables and/or firewall but don't
> > know what.
> >
> > Den ons 11 sep. 2019 11:35G.W. Haywood via clamav-users <
> > clamav-users@lists.clamav.net> skrev:
> >
> > > Hi there,
> > >
> > > On Wed, 11 Sep 2019, Birger Birger via clamav-users wrote:
> > >
> > > > Now it seems the firewall is stopping freshclam to download
> > > > updates.
> > >
> > > That's what I told you in my Sept 3rd reply to you.
> > >
> > > > Any ideas?
> > >
> > > Stop the firewall from dropping the packets?
> > >
> > > --
> > >
> > > 73,
> > > Ged.
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal