Clamav Update and iptable rules

Anton Hofmann doomrunner.lists at gmail.com
Wed Nov 14 08:39:31 UTC 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

i have a Webserver with an ubuntu 6.06 install on it.
For security-reasons i have blocked all inbound- and outbond traffic
with ipTables.

########My IP Tables Conf:#########

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ip-62.75.187.54  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain ip-62.75.187.54 (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             weltfremd.at tcp dpts:ftp-data:ftp
ACCEPT     tcp  --  anywhere             weltfremd.at tcp dpt:22022
ACCEPT     tcp  --  anywhere             weltfremd.at tcp dpt:smtp
ACCEPT     tcp  --  anywhere             weltfremd.at tcp dpt:www
ACCEPT     tcp  --  anywhere             weltfremd.at tcp dpt:pop3
ACCEPT     tcp  --  anywhere             weltfremd.at tcp dpt:https
ACCEPT     tcp  --  anywhere             weltfremd.at tcp dpt:ssmtp
ACCEPT     tcp  --  anywhere             weltfremd.at tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             weltfremd.at tcp dpt:8443
ACCEPT     udp  --  anywhere             weltfremd.at udp spt:domain
ACCEPT     udp  --  anywhere             weltfremd.at udp spt:ntp
ACCEPT     icmp --  anywhere             weltfremd.at
ACCEPT     tcp  --  anywhere             weltfremd.at tcp spt:smtp
flags:!SYN,RST,ACK/SYN
ACCEPT     tcp  --  ka.swsoft.com        weltfremd.at tcp spt:5224
ACCEPT     udp  --  anywhere             weltfremd.at udp dpt:8767
ACCEPT     tcp  --  mail.dynadata.at     weltfremd.at tcp dpt:8987
ACCEPT     tcp  --  ftp.de.debian.org    weltfremd.at tcp
flags:!SYN,RST,ACK/SYN
ACCEPT     tcp  --  archive.ubuntu.com   weltfremd.at tcp
flags:!SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             weltfremd.at tcp dpt:51234
ACCEPT     tcp  --  anywhere             weltfremd.at tcp dpt:14534
ACCEPT     tcp  --  clamav.mcs.de        weltfremd.at
DROP       all  --  anywhere             weltfremd.at

#############################

Now its not possible to update clamav with freshclam

i get the following error when i type freshclam in the console


weltfremd.at:/# freshclam
ClamAV update process started at Wed Nov 14 09:05:32 2007
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.88.7 Recommended version: 0.91.2
DON'T PANIC! Read http://www.clamav.net/faq.html
main.cvd is up to date (version: 44, sigs: 133163, f-level: 20, builder:
sven)
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 10, recommended = 20
DON'T PANIC! Read http://www.clamav.net/faq.html
Can't connect to port 80 of host db.local.clamav.net (IP: 89.149.194.18)
Trying host db.local.clamav.net (89.238.65.14)...
Can't connect to port 80 of host db.local.clamav.net (IP: 89.238.65.14)
Trying host db.local.clamav.net (195.246.234.199)...
Can't connect to port 80 of host db.local.clamav.net (IP: 195.246.234.199)
Trying host db.local.clamav.net (212.1.60.18)...
Can't connect to port 80 of host db.local.clamav.net (IP: 212.1.60.18)
Trying host db.local.clamav.net (213.174.32.130)...

In the freshclam.log i geht the following:


ClamAV update process started at Wed Nov 14 09:05:32 2007
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.88.7 Recommended version: 0.91.2
DON'T PANIC! Read http://www.clamav.net/faq.html
main.cvd is up to date (version: 44, sigs: 133163, f-level: 20, builder:
sven)
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 10, recommended = 20
DON'T PANIC! Read http://www.clamav.net/faq.html
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
connect_error: getsockopt(SO_ERROR): fd=4 error=110: Connection timed out
nonblock_connect: connect(): fd=4 errno=103: Software caused connection
abort
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)


It looks like my iptables configuration blocks the communication with
the update servers, any idea how to set the correct iptables chain?


So Long...


Anton


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFHOrRDUhOOK1n0VVkRAko8AJ449nCmb+kRDeoRmqXXzVAP6TK/jwCff2U+
xJCgSDpoEViL+Q82vuxX6/M=
=eH28
-----END PGP SIGNATURE-----

More information about the ubuntu-users mailing list