[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Port 53 denying Clamav update



Quoting Gervase <g_chavasse@xxxxxxxxxxxxx>:

> I run SuSE 9.1 on a standalone workstation with Clamav as a virus
> checker.  Clamav worked well until recently when for no apparent reason
> I was unable to obtain daily updates with "freshclam".  There has been
> considerable correspondence about this on the clamav users forum without
> a positive result but experts there think that either my SuSE firewall
> or my ISP is preventing both UDP and TCP packets through my port 53. I
> am no expert but I am inclined to agree with the former.  "nmap" only
> shows ports 22, 25, 111 and 631 open to TCP and I am unable to telnet to
> loclhost via port 53.  If this is the case, can anyone tell me (in
> simple terms for a newbie) how I can open up  port 53?
>

>From what I understand, freshclam is not normally a daemon.  At least on my
server, it's just a cron process that checks for new updates.  Assuming you
haven't done something funky to your SuSEfirewall config, freshclam is creating
an outgoing connection, so it shouldn't have any problems.

You mentioned that port 53 isn't open from nmap, you might also want to check
lsof to see what's listening.  If nothing is listening, then nothing can
connect to that port, of course, irrespective of SuSEfirewall.

However, the easiest way to check is just to "rcSuSEfirewall stop" and find out.
:-)  Port 53 is a DNS port, if I recall correctly, so there shouldn't be any
reason for your ISP to block it...

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here