Quantcast
Channel: Sophos User Bulletin Board
Viewing all 14361 articles
Browse latest View live

RED Netze verbinden

$
0
0
Hallo,

ich betreibe zwei REDs und eine UTM220

UTM 172.30.0.0/16
RED1 192.168.0.0/24
RED2 192.168.10.0/24

Ping von RED1 <-> UTM geht in beide Richtungen
Ping von RED2 <-> UTM geht in beide Richtungen
Ping von RED1 <-> RED2 geht nicht

Beide REDs Standard/Getrennt Netz der UTM und der jeweiligen anderen RED angegeben.
Firewall Any Any Any

Was habe ich vergessen? Warum verbinden sich die Netze der REDs nicht?

Vielen Dank für Eure Hilfe

Can't access any external FTP server

$
0
0
I host an internal FTP server and I can access it just fine from internal and external hosts.

However, I cannot access any external/public FTP servers from any internal hosts.

I have the following rule for external FTP access:

It does not matter if I make it the first rule or any other position.


For testing, I have turned off all DNAT and Full NAT rules for my internal FTP server but I still cannot access any external FTP servers.

I'm not using the FTP proxy under Web Protection.

Below are the DNAT and Full NAT rules for my internal FTP Server:


Below is the Full NAT rule that allows internal hosts to access the internal FTP server:


What am I doing wrong? I see nothing related in the Firewall or IPS logs.

Problem mit mehreren IPsec Fernzugriffsregeln

$
0
0
Hallo zusammen,

wir nehmen gerade unsere erste Sophos UTM (9.006) in Betrieb, bisher läuft auch alles nach Plan. Einziges Problem, dass sich momentan abzeichnet ist die Einrichtung von mehreren IPsec-Fernzugriffsregeln. Derzeit sind 5 Fernzugriffsregeln definiert für den Zugang per NCP-Client, die Authentifizierung erfolgt dabei über Preshared Key, sowie für die einzelnen User nochmal per XAUTH.

Das Problem ist, das der Zugang nur funktioniert, wenn eine der 5 Regeln aktiv ist. Sobald man eine zweite Regel aktiviert, wird im NCP-Client ein "PAP/CHAP-Fehler" angezeigt. Deaktiviert man die zweite Regel wieder, wird die VPN-Verbindung ganz normal aufgebaut.

Derzeit haben alle 5 Zugänge den gleichen PSK, aber auch eine Änderung auf 5 verschiedene PSKs ändert nichts an dem Problem.

Ist das ein bekanntes Problem oder habe ich einfach nur etwas übersehen?

Kann mir hier jemand weiterhelfen?

-pro_mrjetter-

JW Video Player (Flash) doesn't work when Web Filtering is enabled

$
0
0
Hi there,

Got an odd one per title. Other Flash based video streaming works just not this one:

Learn About JW Player for HTML5 & Flash | Download | LongTail Video

When I try and play this video (eg. Daily Drop - Web Development - The LESS CSS Preprocessor - 3DBuzz) it just times out. Same with all other JW Player videos.

I've tried a few exceptions but no luck.

Here's the request via the Web Filtering log file:

2013:08:20-17:17:43 fw0-1 httpproxy[31227]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.0.104" dstip="54.225.120.106" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="43" request="0xe2ee248" url="http://i.n.jwpltx.com/v1/jwplayer6/ping.gif?tv=3867&ph=0&n=9231912022024806&aid=_&e=e &i=0&pv=6.0.2813&pu=http%3A%2F%2Fwww.3dbuzz.com%2F training%2Fview%2Fdaily-drop%2Fweb-development%2Fthe-less-css-preprocessor&m=0&a=1&v=1&w=1024&h=600&ed=0&pn=&pt= Daily%20Drop%20-%20Web%20Development%20-%20The%20LESS%20CSS%20Preprocessor%20-%203DBuzz" exceptions="av,auth,content,url,ssl,certcheck,cert date,mime,cache,fileextension,size" error="" application="http"

Thanks!

j.:confused:

[9.104] Teamviewer over HTTP-Proxy sometimes not working

$
0
0
Hello,

the teamviewer host software is installed on all machines in my network. I configured the firewall's IP as proxy server and entered the credentials of a user with no web surfing restrictions. Since UTM 9.1 Teamviewer is only working randomly. Sometimes it asks for a proxy user and password and refuses them, sometimes it says "Check your internet connection" and sometimes Teamviewer is working.

The following steps didn't improve the situation:
  • Open 5938/tcp to the internet
  • Creating a webfilter exception with the following content:

    Authentifizierung / Zwischenspeichern / Antivirus / Dateierweiterungen / MIME-Typ / URL-Filter / Inhaltsentfernung / SSL-Scan / Zertifikat-Vertrauensprüfung / Zertifikatsdatumsprüfung
    for URLs
    dyngate .com
    92.51.171.70
    ^http://.*/din.aspx.*DynGate.*
    ^http://.*/dout.aspx.*DynGate.*
    ^http.?://.*teamviewer.com.*
    ^http.?://.*teamviewer.de.*
  • Adding and removing a valid proxy user from Teamviewer's configuration.

It seems that the requests are covered by the exception (see below) but the connection doesn't work.

2013:08:20-11:37:06 ASG-1 httpproxy[5792]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.1.18" dstip="178.77.120.6" user="" statuscode="200" cached="0" profile="REF_LFxaKhArSL (LDAP)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="631" request="0x14778968" url="https://master1.teamviewer.com/" exceptions="av,auth,content,url,ssl,certcheck,cert date,mime,cache,fileextension" error=""


If I create an exception with the PC's IP it works without any problems.

Can anyone help me?

Cheers,
Marc

[9.104-17]IPS doesn't use exceptions

$
0
0
Hi All

I have an exception to bypass IPS on my ipad but it seems not to work even though it looks ok to me. Could you please have a look?

Thanks

Code:

2013:08:20-10:39:45 ****** snort[2788]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="FILE-MULTIMEDIA Apple iTunes PLS file parsing buffer overflow attempt" group="340" srcip="212.58.246.94" dstip="192.168.2.10" proto="6" srcport="80" dstport="54239" sid="19560" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
2013:08:20-10:39:45 ****** snort[2788]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="FILE-MULTIMEDIA Apple iTunes PLS file parsing buffer overflow attempt" group="340" srcip="212.58.246.95" dstip="192.168.2.10" proto="6" srcport="80" dstport="54242" sid="19560" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
2013:08:20-10:39:46 ****** snort[2788]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="FILE-MULTIMEDIA Apple iTunes PLS file parsing buffer overflow attempt" group="340" srcip="212.58.246.95" dstip="192.168.2.10" proto="6" srcport="80" dstport="54246" sid="19560" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"


Attached Images
File Type: png Capture.PNG (35.8 KB)

Zweites internes Netzwerk einrichten

$
0
0
Hallo,

zusätzlich zu unserem produktiven internen Fimennetzwerk soll ein weiteres abgeschottetes Schulungsnetzwerk mit Internetzugriff eingerichtet werden.
Das bestehende interne Netz ist 192.168.2.0/24
Das neu einzurichtende Schulungsnetz soll dieses Subnet haben: 10.10.10.0/24
Unsere Sophos UTM 9.1 läuft virtuell auf einem Host mit 2 Netzwerkkarten, davor ist eine FritzBox 7270, welche als reines Modem fungiert. Hinter der Firewall befinden sich mehrere Switche.
Ist es möglich, in der Sophos ein neues Netzwerk anzulegen, dieses über einen anderen Netzwerkport an einen separaten Switch anzuschließen, sodass das produktive interne Netzwerk nicht angesteuert werden kann?
So ist es bisher eingerichtet, allerdings hat das neue Netzwerk ("Testumgebung") Zugriff auf das produktive Netz. Wie kann man das unterbinden?



Um diese Zugriffe auf das interne Netz zu unterbinden, wurden bereits Firewallregeln erstellt:



Ich bin dankbar für jede Hilfe, die ich bekommen kann.

Block and Allow Application

$
0
0
Is it possible to allow an app such as Facebook for one group of users and block it for the rest? So far I am only able to block it for everyone. I'd like to have a block rule and an allow rule and assign them to different users or groups if that is possible.

Notice: MyAstaro is now MyUTM

$
0
0
Greetings,

A small note for your continued reference - The MyAstaro licensing portal is now MyUTM. You should continue to use this portal to manage your UTM licenses. Non-UTM products are managed through the MySophos portal.

Seen over the past few days, large downloads

$
0
0
Version 9104-17
We have two internet lines and from time to time over past few days we have seen each line at different times maxed out and network traffic pauses for firm. in flow monitor and the report from yesterday we see 8.5 from one akamaitechnologies.com address and 7.4GB of traffic from another . We only use single scan with the avira engine and today I have turned off both firmware and patter updates to manual to try to stop this(normally set 2 days and 2 hours respectively.

Any ideas or any more info you need, thank you.

Notice: MyAstaro is now Myutm

$
0
0
forum web page needs updating, still shows myastaro login.

Ian

Internal Application issues

$
0
0
I am running a ventrilo server behind my Sophos box (UTM 9.104-17) and running into a strange issue. If I have the Sophos turned on and running, I can not connect to my ventrilo server. If I turn the sophos box off, I can access the vent server without issue.

My current setup:

Sophos - Inside: 192.168.50.1
External: Static IP from my provider
Public: 192.168.60.1

Vent Server #1 - 192.168.50.21
Vent Server #2 - 192.168.50.33

Vent Client - 192.168.50.75

I thought there might be an issue with the server at first, so I created a second vent server and was able to replicate the issue. That was when I turned off the Sophos as it has been the only addition to my network since this all worked previously. Again, I can re-create the issue and if I take the Sophos out, it works fine.

Any thoughts?

where to find specific IDS rule to disallow

$
0
0
My daughter is trying to run a Steam game, I need to turn off the IDS so she can play. Where do I find this IDS rule to disallow it.

"APP-DETECT Steam game URI handler"

.

UTM 9.105-9 pushed

$
0
0
9.105-9 pushed to UTMs with fix for DyDNS.

Hasn't arrived on the one I need it on. Just be patient and magic will happen.

Ian

3G/UTMS failover in the US

$
0
0
Has anyone in the US gotten 3G/UTMS failover working? If so, which usb stick(s) and carrier(s) did you use.

Thanks,

DHCP Bug

$
0
0
Wenn ich ind den Options einen TFTP Eintrag mache

erhalte ich im DHCP Log folgendes:
2013:08:21-11:14:05 globi-1 dhcpd: Internet Systems Consortium DHCP Server 4.1-ESV-R8
2013:08:21-11:14:05 globi-1 dhcpd: Copyright 2004-2013 Internet Systems Consortium.
2013:08:21-11:14:05 globi-1 dhcpd: All rights reserved.
2013:08:21-11:14:05 globi-1 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
2013:08:21-11:14:05 globi-1 dhcpd: /etc/dhcpd.conf line 49: semicolon expected.
2013:08:21-11:14:05 globi-1 dhcpd: next-server http:
2013:08:21-11:14:05 globi-1 dhcpd: ^
2013:08:21-11:14:05 globi-1 dhcpd: /etc/dhcpd.conf line 49: expecting a parameter or declaration
2013:08:21-11:14:05 globi-1 dhcpd: next-server http://192.168.104.100:5000/provisioning;
2013:08:21-11:14:05 globi-1 dhcpd: ^
2013:08:21-11:14:05 globi-1 dhcpd: /etc/dhcpd.conf line 52: group declarations not allowed here.
2013:08:21-11:14:05 globi-1 dhcpd: group
2013:08:21-11:14:05 globi-1 dhcpd: ^
2013:08:21-11:14:05 globi-1 dhcpd: /etc/dhcpd.conf line 217: unexpected end of file
2013:08:21-11:14:05 globi-1 dhcpd:
2013:08:21-11:14:05 globi-1 dhcpd: ^
2013:08:21-11:14:05 globi-1 dhcpd: Configuration file errors encountered -- exiting
2013:08:21-11:14:05 globi-1 dhcpd:
2013:08:21-11:14:05 globi-1 dhcpd: If you did not get this software from ftp.isc.org, please
2013:08:21-11:14:05 globi-1 dhcpd: get the latest from ftp.isc.org and install that before
2013:08:21-11:14:05 globi-1 dhcpd: requesting help.
2013:08:21-11:14:05 globi-1 dhcpd:
2013:08:21-11:14:05 globi-1 dhcpd: If you did get this software from ftp.isc.org and have not
2013:08:21-11:14:05 globi-1 dhcpd: yet read the README, please read it before requesting help.
2013:08:21-11:14:05 globi-1 dhcpd: If you intend to request help from the dhcp-server@isc.org
2013:08:21-11:14:05 globi-1 dhcpd: mailing list, please read the section on the README about
2013:08:21-11:14:05 globi-1 dhcpd: submitting bug reports and requests for help.
2013:08:21-11:14:05 globi-1 dhcpd:
2013:08:21-11:14:05 globi-1 dhcpd: Please do not under any circumstances send requests for
2013:08:21-11:14:05 globi-1 dhcpd: help directly to the authors of this software - please
2013:08:21-11:14:05 globi-1 dhcpd: send them to the appropriate mailing list as described in
2013:08:21-11:14:05 globi-1 dhcpd: the README file.
2013:08:21-11:14:05 globi-1 dhcpd:
2013:08:21-11:14:05 globi-1 dhcpd: exiting.
2013:08:21-11:14:17 globi-1 dhcpd: Internet Systems Consortium DHCP Server 4.1-ESV-R8
2013:08:21-11:14:17 globi-1 dhcpd: Copyright 2004-2013 Internet Systems Consortium.
2013:08:21-11:14:17 globi-1 dhcpd: All rights reserved.
2013:08:21-11:14:17 globi-1 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
2013:08:21-11:14:17 globi-1 dhcpd: /etc/dhcpd.conf line 49: semicolon expected.
2013:08:21-11:14:17 globi-1 dhcpd: next-server http:
2013:08:21-11:14:17 globi-1 dhcpd: ^
2013:08:21-11:14:17 globi-1 dhcpd: /etc/dhcpd.conf line 49: expecting a parameter or declaration
2013:08:21-11:14:17 globi-1 dhcpd: next-server http://192.168.104.100:5000/provisioning;
2013:08:21-11:14:17 globi-1 dhcpd: ^
2013:08:21-11:14:17 globi-1 dhcpd: /etc/dhcpd.conf line 52: group declarations not allowed here.
2013:08:21-11:14:17 globi-1 dhcpd: group
2013:08:21-11:14:17 globi-1 dhcpd: ^
2013:08:21-11:14:17 globi-1 dhcpd: /etc/dhcpd.conf line 217: unexpected end of file
2013:08:21-11:14:17 globi-1 dhcpd:
2013:08:21-11:14:17 globi-1 dhcpd: ^
2013:08:21-11:14:17 globi-1 dhcpd: Configuration file errors encountered -- exiting
2013:08:21-11:14:17 globi-1 dhcpd:
2013:08:21-11:14:17 globi-1 dhcpd: If you did not get this software from ftp.isc.org, please
2013:08:21-11:14:17 globi-1 dhcpd: get the latest from ftp.isc.org and install that before
2013:08:21-11:14:17 globi-1 dhcpd: requesting help.
2013:08:21-11:14:17 globi-1 dhcpd:
2013:08:21-11:14:17 globi-1 dhcpd: If you did get this software from ftp.isc.org and have not
2013:08:21-11:14:17 globi-1 dhcpd: yet read the README, please read it before requesting help.
2013:08:21-11:14:17 globi-1 dhcpd: If you intend to request help from the dhcp-server@isc.org
2013:08:21-11:14:17 globi-1 dhcpd: mailing list, please read the section on the README about
2013:08:21-11:14:17 globi-1 dhcpd: submitting bug reports and requests for help.
2013:08:21-11:14:17 globi-1 dhcpd:
2013:08:21-11:14:17 globi-1 dhcpd: Please do not under any circumstances send requests for
2013:08:21-11:14:17 globi-1 dhcpd: help directly to the authors of this software - please
2013:08:21-11:14:17 globi-1 dhcpd: send them to the appropriate mailing list as described in
2013:08:21-11:14:17 globi-1 dhcpd: the README file.
2013:08:21-11:14:17 globi-1 dhcpd:
2013:08:21-11:14:17 globi-1 dhcpd: exiting.

Red 10 Device in remote office not seperating traffic

$
0
0
version 9.104-17 in main office, Red 10 in remote office and has a fast cable modem.
They don't receive radio stations well there so we thought we would be nice and let them listen to Pandora or siriusxm(we block this in main office) . The red is setup Standard/Split tunnel We send network and voice traffic over the line. I have the profiles setup so it is working and they can listen, but the traffic is pulling from my internet lines, I want it to go though there cable modem direct and not though the tunnel. I have tried to put in the wpad to say go direct for these sites. Let me know if possible and if so how to accomplish , thanks.

New install - cannot get access to internet

$
0
0
Hello,

I've read a couple of posts like this, but none of them solves my issue.

I have installed UTM9.1 on a barebones miniITX pc, with four NICS. Eth0 is plugged into my WAN port on my modem, and ETH1 is plugged into my main PC. (eventually it will go to a switch).

The "interfaces" has Internal and External. I can correctly set up the EXTERNAL interface so that it picks up an external WAN Ip address from my ISP.

However, i CANNOT get my network pcs to access the internet at all.

Things i have verified:

1. DHCP is up and running
2. DNS is set to "my ISP dns"
3. i disabled the default firewall rules and added a new one that opens everything up at the top. 'Any' to 'Any' on 'Any' service, at ALL TIMES. Action to ACCEPT.
4. All network services like IPS etc have been turned OFF.

There is the default NAT rule in the NAT area... INTERNAL --> EXTERNAL.

Things I haven't done:

1.I Haven;t done anything with MAQUERADING though... not sure what that is, or whether it is necessary here.
2. I haven't set up a bridge of any kind (in the interfaces page). I don;t think i need a bridge though... as i have plenty of EthX sockets?

If i open the firewall LIVE LOG, all the entries in there are RED --> default DROP ... but i can't find anywhere in the UTM9 settings where i can change the default action to ACCEPT.

Please can anyone fathom a guess as to what i am missing and why my PCs can't access the net.

It can;t be the IPS / AV as these are all turned off. It could be the interfaces setup... maybe this "bridging" thing. But i thought i didn't need to worry about bridges.

Any advice gratefully received.

Cheers all.

Post 9.104-17, web proxy hangs randomly, error in log "tunnel_handler_recv_data"

$
0
0
Hello,

Since our UTM625 was upgraded to 9.104-17, we've seen periods of ...hanging...while using the web proxy. It's completely random but as the load increases it occurs more often.

We're seeing the following errors in our http.log:

2013:08:21-00:04:21 xo-mn-dc-1 httpproxy[6528]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xdf273e60" function="tunnel_handler_recv_data" file="tunnel.c" line="45" message="epoll_fill_buffer: Connection reset by peer"
2013:08:21-00:04:38 xo-mn-dc-1 httpproxy[6528]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xda39fdc0" function="tunnel_handler_recv_data" file="tunnel.c" line="45" message="epoll_fill_buffer: Connection refused"
2013:08:21-00:07:14 xo-mn-dc-1 httpproxy[6528]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xdc956378" function="tunnel_handler_recv_data" file="tunnel.c" line="45" message="epoll_fill_buffer: No route to host"


Now, I don't know if these errors are related but I'm at a loss at where else to look. Since midnight, there are 9500 entries in the http log containing those errors.

What else should I be looking at to help source the ... hangs .... ? It is very noticeable when it occurs.

Any suggestions on other log files to examine / processes to maybe turn off (AV? Caching?). This started with the upgrade as I mentioned. Prior to, this did not occur. CPU/Mem usage is 3% / 20% respectively.

Thank you
David

[9.105-9] Ctasd: Internal Server Error

$
0
0
Hi All

I have experienced the following issue on my pop3s configuration:

Code:

2013:08:21-16:18:53 ****** pop3proxy[22978]: Accepted client connection from 10.242.5.1 for 212.227.17.171 (GMX Servers server_id 6)
2013:08:21-16:18:53 ****** pop3proxy[22978]: ****@****.us logged in (account 6)
2013:08:21-16:18:54 ****** pop3proxy[22976]: ****@*****.gr logged in (account 7)
2013:08:21-16:18:54 ****** pop3proxy[22976]: Client 10.242.5.1 logged out (account=7, deleted=0)
2013:08:21-16:19:01 ****** pop3proxy[16262]: ctasd response: HTTP/1.0 500 Internal Server Error
2013:08:21-16:19:01 ****** pop3proxy[16262]: ctasd response: Cache-Control: private
2013:08:21-16:19:01 ****** pop3proxy[16262]: ctasd response: Server: CTCFC/1.0

2013:08:21-16:19:01 ****** pop3proxy[16262]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="****@****.com" to="Undisclosed recipients: ;" subject="FW: How's your vision?" size="2826128" srcip="16.234.97.231" dstip="157.55.1.215" uid="CDF9940B-8471-11DF-A5FE-00215AD965B8" ident="0/16262-692-1377098332"
2013:08:21-16:19:05 ****** pop3proxy[16262]: ctasd response: HTTP/1.0 500 Internal Server Error
2013:08:21-16:19:05 ****** pop3proxy[16262]: ctasd response: Cache-Control: private
2013:08:21-16:19:05 ****** pop3proxy[16262]: ctasd response: Server: CTCFC/1.0

2013:08:21-16:19:05 ****** pop3proxy[16262]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="****@****.com" to="Undisclosed recipients: ;" subject="FW: 8A FERW TO SPYRO!!!" size="1105247" srcip="16.234.97.230" dstip="157.55.1.215" uid="ABDDF0E8-84E1-11DF-8EDE-00215AD6A710" ident="0/16262-693-1377098342"
2013:08:21-16:19:06 ****** pop3proxy[16262]: ctasd response: HTTP/1.0 500 Internal Server Error
2013:08:21-16:19:06 ****** pop3proxy[16262]: ctasd response: Cache-Control: private
2013:08:21-16:19:06 ****** pop3proxy[16262]: ctasd response: Server: CTCFC/1.0

I believe ctasd connects to commtouch - maybe it couldn't cope with the amount of emails-I've just enabled prefetch for pop3s for on our my hotmail accounts
1 028 emails processed, 7 emails blocked

faillback log

The issue seems to have started here

Code:

2013:08:21-14:44:19 ******** [local0:info]  [5356]: CIpRepCache::Save() - Saved to file /tmp/ctipd.cache_v6
2013:08:21-14:44:23 ******** [local0:info]  [5356]: CEnginesContainer::UpdateSettings() - Updating
2013:08:21-14:44:23 ******** [local0:info]  [5356]: CEnginesContainer::UpdateSettings() - Updating
2013:08:21-14:48:13 ******** [user:notice] shutdown[30462]:  shutting down for system reboot
2013:08:21-14:48:22 ******** [daemon:notice] acpid:  exiting
2013:08:21-14:48:37 smtpd [daemon:err]  [4922]: Cannot connect: Connection refused
2013:08:21-14:48:42 ******** [daemon:notice] haveged:  haveged stopping due to signal 15
2013:08:21-14:48:42 ******** [daemon:info] irqd[3053]:  received SIGTERM
2013:08:21-14:51:23 ******** [local0:info] ctasd[5318]:  Loading configuration file /etc/ctasd/ctasd.conf
2013:08:21-14:51:23 ******** [local0:info] ctasd[5354]:  Update pid file /var/run/ctasd.pid [pis 5354]
2013:08:21-14:51:23 ******** [daemon:info] cssd[5353]:  [    (nil)] main (cssd.c:318) starting up...
2013:08:21-14:51:23 ******** [daemon:info] cssd[5353]:  [    (nil)] read_config (cssd.c:115) reading config
2013:08:21-14:51:23 ******** [daemon:info] cssd[5353]:  [    (nil)] main (cssd.c:328) initializing Avira virus scanner engine
2013:08:21-14:51:23 ******** [local0:debug] ctasd:  ctasd started
2013:08:21-14:51:24 ******** [local0:err]  [5338]: Unable to connect to Data Center [SingleLicense] - Can't resolve host iprep1.t.ctmail.com
2013:08:21-14:51:24 ******** [local0:info]  [5338]: CEnginesContainer::UpdateSettings() - Updating
2013:08:21-14:51:25 ******** [local0:err] ctasd[5356]:  Comm error [SingleEngine] - Can't resolve host resolver1.ast.ctmail.com, daemon will retry in background
2013:08:21-14:51:25 ******** [local0:info] ctasd[5356]:  Synchronize proactive patterns...
2013:08:21-14:51:25 ******** [local0:info] ctasd[5356]:  Synchronize patterns finished
2013:08:21-14:51:25 ******** [local0:info] ctasd[5356]:  Load cache...
2013:08:21-14:51:25 ******** [local0:info] ctasd[5356]:  Http server listening on port 783
2013:08:21-14:51:25 ******** [local0:err] ctasd[5356]:  CEnginesContainer::LoadCache() - [00001000Q0066K138E1S] Can't access file /tmp/ctasd.cache - fopen failed (2)

2013:08:21-14:51:25 ******** [local0:info] ctasd[5356]:  Load cache finished
2013:08:21-14:51:25 ******** [local0:err]  [5338]: CEnginesContainer::UpdateSettings() - Still unable to connect to Datacenter
2013:08:21-14:51:25 ******** [local0:info]  [5338]: CEnginesContainer::UpdateSettings() - Updating
2013:08:21-14:51:25 ******** [local0:err] ctasd[5356]:  GetServices error - Still unable to connect to Datacenter
2013:08:21-14:51:25 ******** [local0:info] ctasd[5356]:  Stat server listening on port /var/run/ctasd.stats
2013:08:21-14:51:25 ******** [local0:info] ctasd[5356]:  Ready
2013:08:21-15:06:26 ******** [local0:err]  [5338]: CEnginesContainer::GetCacheDelta - HttpError: 400
2013:08:21-15:11:26 ******** [local0:err]  [5338]: CEnginesContainer::GetCacheDelta - HttpError: 400
2013:08:21-15:16:26 ******** [local0:err]  [5338]: CEnginesContainer::GetCacheDelta - HttpError: 400
2013:08:21-15:21:27 ******** [local0:err]  [5338]: CEnginesContainer::GetCacheDelta - HttpError: 400
2013:08:21-15:26:27 ******** [local0:err]  [5338]: CEnginesContainer::GetCacheDelta - HttpError: 400
2013:08:21-15:31:27 ******** [local0:err]  [5338]: CEnginesContainer::GetCacheDelta - HttpError: 400
2013:08:21-15:36:28 ******** [local0:err]  [5338]: CEnginesContainer::GetCacheDelta - HttpError: 400
2013:08:21-15:41:28 ******** [local0:err]  [5338]: CEnginesContainer::GetCacheDelta - HttpError: 400
2013:08:21-15:46:28 ******** [local0:err]  [5338]: CEnginesContainer::GetCacheDelta - HttpError: 400
2013:08:21-15:49:50 ******** [daemon:debug] rrdcached[3472]:  flushing old values
2013:08:21-15:49:50 ******** [daemon:debug] rrdcached[3472]:  rotating journals
2013:08:21-15:49:50 ******** [daemon:debug] rrdcached[3472]:  started new journal /var/log/reporting/rrd/rrd.journal.1377096590.945551
2013:08:21-15:51:25 ******** [local0:info]  [5338]: CIpRepCache::Save() - Saved to file /tmp/ctipd.cache_v6
2013:08:21-15:51:25 ******** [local0:info]  [5338]: CIpRepCache::Save() - Saved to file /tmp/ctipd.cache
2013:08:21-15:51:29 ******** [local0:err]  [5338]: CEnginesContainer::GetCacheDelta - HttpError: 400
2013:08:21-15:51:29 ******** [local0:info]  [5338]: CEnginesContainer::UpdateSettings() - Updating
2013:08:21-15:51:29 ******** [local0:info]  [5338]: CEnginesContainer::UpdateSettings() - Updating
2013:08:21-15:51:30 ******** [local0:err]  [5338]: Counters - can't open cache file /tmp/ctipd.DM_counters
2013:08:21-15:51:30 ******** [local0:err]  [5338]: Counters - can't open cache file /tmp/ctipd.DM_counters_v6
2013:08:21-15:53:45 ******** [local0:err] ctasd[5356]:  CMsg::ScanMessage() - Request timeout
2013:08:21-15:53:45 ******** [local0:err] ctasd[5356]:  CMsg::ScanMessage() - still unable to connect
2013:08:21-15:53:45 ******** [local0:err] ctasd[5356]:  CMsg::ScanMessage() - still unable to connect
2013:08:21-16:03:55 ******** [local0:err] ctasd[5356]:  CMsg::ScanMessage() - Request timeout
2013:08:21-16:03:55 ******** [local0:err] ctasd[5356]:  CMsg::ScanMessage() - still unable to connect
2013:08:21-16:03:55 ******** [local0:err] ctasd[5356]:  CMsg::ScanMessage() - still unable to connect
2013:08:21-16:19:01 ******** [local0:err] ctasd[5356]:  CMsg::ScanMessage() - still unable to connect
2013:08:21-16:19:01 ******** [local0:err] ctasd[5356]:  CMsg::ScanMessage() - still unable to connect
2013:08:21-16:19:01 ******** [local0:err] ctasd[5356]:  CMsg::ScanMessage() - still unable to connect
2013:08:21-16:19:05 ******** [local0:err] ctasd[5356]:  CMsg::ScanMessage() - still unable to connect
2013:08:21-16:19:05 ******** [local0:err] ctasd[5356]:  CMsg::ScanMessage() - still unable to connect
2013:08:21-16:19:05 ******** [local0:err] ctasd[5356]:  CMsg::ScanMessage() - still unable to connect
2013:08:21-16:19:06 ******** [local0:err] ctasd[5356]:  CMsg::ScanMessage() - still unable to connect
2013:08:21-16:19:06 ******** [local0:err] ctasd[5356]:  CMsg::ScanMessage() - still unable to connect
2013:08:21-16:19:06 ******** [local0:err] ctasd[5356]:  CMsg::ScanMessage() - still unable to connect
2013:08:21-16:22:11 ******** [local0:err] ctasd[5356]:  CMsg::ScanMessage() - Request timeout

Code:

2013:08:21-16:52:09 ******** pop3proxy[29780]: Server doesn't support UIDL: -ERR Exceeded the login limit for a 15 minute period. Reduce the frequency of requests to the POP3 server.
2013:08:21-16:52:09 ******** pop3proxy[29780]: Prefetch: UIDL isn't working properly, prefetching doesn't work without it. Exiting prefetch run.
2013:08:21-16:52:09 ******** pop3proxy[29780]: Failed to shutdown SSL connection
2013:08:21-16:56:14 ******* pop3proxy[30252]: Fatal: Failed to accept SSL client

Viewing all 14361 articles
Browse latest View live