Clamav Update and iptable rules
Anton Hofmann
doomrunner.lists at gmail.com
Wed Nov 14 08:39:31 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
i have a Webserver with an ubuntu 6.06 install on it.
For security-reasons i have blocked all inbound- and outbond traffic
with ipTables.
########My IP Tables Conf:#########
Chain INPUT (policy ACCEPT)
target prot opt source destination
ip-62.75.187.54 all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain ip-62.75.187.54 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere weltfremd.at tcp dpts:ftp-data:ftp
ACCEPT tcp -- anywhere weltfremd.at tcp dpt:22022
ACCEPT tcp -- anywhere weltfremd.at tcp dpt:smtp
ACCEPT tcp -- anywhere weltfremd.at tcp dpt:www
ACCEPT tcp -- anywhere weltfremd.at tcp dpt:pop3
ACCEPT tcp -- anywhere weltfremd.at tcp dpt:https
ACCEPT tcp -- anywhere weltfremd.at tcp dpt:ssmtp
ACCEPT tcp -- anywhere weltfremd.at tcp dpt:pop3s
ACCEPT tcp -- anywhere weltfremd.at tcp dpt:8443
ACCEPT udp -- anywhere weltfremd.at udp spt:domain
ACCEPT udp -- anywhere weltfremd.at udp spt:ntp
ACCEPT icmp -- anywhere weltfremd.at
ACCEPT tcp -- anywhere weltfremd.at tcp spt:smtp
flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- ka.swsoft.com weltfremd.at tcp spt:5224
ACCEPT udp -- anywhere weltfremd.at udp dpt:8767
ACCEPT tcp -- mail.dynadata.at weltfremd.at tcp dpt:8987
ACCEPT tcp -- ftp.de.debian.org weltfremd.at tcp
flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- archive.ubuntu.com weltfremd.at tcp
flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere weltfremd.at tcp dpt:51234
ACCEPT tcp -- anywhere weltfremd.at tcp dpt:14534
ACCEPT tcp -- clamav.mcs.de weltfremd.at
DROP all -- anywhere weltfremd.at
#############################
Now its not possible to update clamav with freshclam
i get the following error when i type freshclam in the console
weltfremd.at:/# freshclam
ClamAV update process started at Wed Nov 14 09:05:32 2007
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.88.7 Recommended version: 0.91.2
DON'T PANIC! Read http://www.clamav.net/faq.html
main.cvd is up to date (version: 44, sigs: 133163, f-level: 20, builder:
sven)
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 10, recommended = 20
DON'T PANIC! Read http://www.clamav.net/faq.html
Can't connect to port 80 of host db.local.clamav.net (IP: 89.149.194.18)
Trying host db.local.clamav.net (89.238.65.14)...
Can't connect to port 80 of host db.local.clamav.net (IP: 89.238.65.14)
Trying host db.local.clamav.net (195.246.234.199)...
Can't connect to port 80 of host db.local.clamav.net (IP: 195.246.234.199)
Trying host db.local.clamav.net (212.1.60.18)...
Can't connect to port 80 of host db.local.clamav.net (IP: 212.1.60.18)
Trying host db.local.clamav.net (213.174.32.130)...
In the freshclam.log i geht the following:
ClamAV update process started at Wed Nov 14 09:05:32 2007
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.88.7 Recommended version: 0.91.2
DON'T PANIC! Read http://www.clamav.net/faq.html
main.cvd is up to date (version: 44, sigs: 133163, f-level: 20, builder:
sven)
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 10, recommended = 20
DON'T PANIC! Read http://www.clamav.net/faq.html
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
connect_error: getsockopt(SO_ERROR): fd=4 error=110: Connection timed out
nonblock_connect: connect(): fd=4 errno=103: Software caused connection
abort
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
It looks like my iptables configuration blocks the communication with
the update servers, any idea how to set the correct iptables chain?
So Long...
Anton
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFHOrRDUhOOK1n0VVkRAko8AJ449nCmb+kRDeoRmqXXzVAP6TK/jwCff2U+
xJCgSDpoEViL+Q82vuxX6/M=
=eH28
-----END PGP SIGNATURE-----
More information about the ubuntu-users
mailing list