Port 53 denying Clamav update
I run SuSE 9.1 on a standalone workstation with Clamav as a virus checker. Clamav worked well until recently when for no apparent reason I was unable to obtain daily updates with "freshclam". There has been considerable correspondence about this on the clamav users forum without a positive result but experts there think that either my SuSE firewall or my ISP is preventing both UDP and TCP packets through my port 53. I am no expert but I am inclined to agree with the former. "nmap" only shows ports 22, 25, 111 and 631 open to TCP and I am unable to telnet to loclhost via port 53. If this is the case, can anyone tell me (in simple terms for a newbie) how I can open up port 53? Thanks, Gervase
Quoting Gervase
I run SuSE 9.1 on a standalone workstation with Clamav as a virus checker. Clamav worked well until recently when for no apparent reason I was unable to obtain daily updates with "freshclam". There has been considerable correspondence about this on the clamav users forum without a positive result but experts there think that either my SuSE firewall or my ISP is preventing both UDP and TCP packets through my port 53. I am no expert but I am inclined to agree with the former. "nmap" only shows ports 22, 25, 111 and 631 open to TCP and I am unable to telnet to loclhost via port 53. If this is the case, can anyone tell me (in simple terms for a newbie) how I can open up port 53?
From what I understand, freshclam is not normally a daemon. At least on my server, it's just a cron process that checks for new updates. Assuming you haven't done something funky to your SuSEfirewall config, freshclam is creating an outgoing connection, so it shouldn't have any problems.
You mentioned that port 53 isn't open from nmap, you might also want to check lsof to see what's listening. If nothing is listening, then nothing can connect to that port, of course, irrespective of SuSEfirewall. However, the easiest way to check is just to "rcSuSEfirewall stop" and find out. :-) Port 53 is a DNS port, if I recall correctly, so there shouldn't be any reason for your ISP to block it...
am no expert but I am inclined to agree with the former. "nmap" only shows ports 22, 25, 111 and 631 open to TCP and I am unable to telnet to loclhost via port 53. If this is the case, can anyone tell me (in simple terms for a newbie) how I can open up port 53?
Dear Gervase (or whatever your realname my be), if this is serious question, try to post in a newbie-list, not in suse-security! Your box does not offer any services on port 53 udp or tcp, so you can´t connect/open them! You won´t be able to post this question if someone blocks your DNS-ports, so your Firewall-setup is o.k. Bye Thorsten Hahn ------ dbtec networks gmbh http://www.dbtec-networks.de
On Wed, 9 Jun 2004, Thorsten Hahn wrote:
Dear Gervase (or whatever your realname my be),
if this is serious question, try to post in a newbie-list, not in suse-security! Your box does not offer any services on port 53 udp or tcp, so you can´t connect/open them! You won´t be able to post this question if someone blocks your DNS-ports, so your Firewall-setup is o.k.
Dear Thorsten, I think you are being rather harsh. Where is it written that newbies are not allowed to post to the security list? As long as the question is security-related he has just as much right as anyone else. He is trying to get a security program to work, and he has asked for help on a different list. There he was advised (or misadvised) that his firewall setup was at fault so naturally he tried a security list. In my opinion we should value messages from end-users about security problems. There is a fantastic amount of technical expertise on this list but security is much more than just solving technical problems. Our systems will never be secure if we cannot empathise with the people who actually use them. Bob ============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691
participants (4)
-
Bob Vickers -
Gervase -
suse@rio.vg -
Thorsten Hahn