Closed subhashvz closed 4 years ago
michaelwittig
commented
4 years ago You are right about yum, clam AV OS and clam av db update.
Additionally, the AWS API for the following services are used by the solution: s3, cloudformation, sqs, sns, cloudwatch logs, iam (if you use iam ssh access)
Besides that, the default processes for Amazon Linux 2 run (this includes things like the ssm agent).
Can you share the IPs that are contacted according to your recordings?
subhashvz
commented
4 years ago Thanks for your quick response...Here are few Ips which ec2 ig to connect:
222.186.30.12 222.186.301.166 209.51.161.238 222.186.30.248 192.111.144.114 185.153.198.218
michaelwittig
commented
4 years ago just one quick follow up question: are you sure that the instance connects to those ips? or are those ips trying to connect to your instances?
michaelwittig
commented
4 years ago any updates on this?
subhashvz
commented
4 years ago Hi Michael.
Yes, it is outward traffic. instance is trying to connect to those Ip's..
michaelwittig
commented
4 years ago Can you terminate all S3 VirusScan EC2 instances. The Auto Scaling Group will replace them within minutes and provide us a fresh installation.
subhashvz
commented
4 years ago We did terminate the instance and again with the fresh install we see the same issue.. EC2 has been trying to connect to the different IPs...
michaelwittig
commented
4 years ago Is it possible that we schedule a screensharing session for further debugging? If so, feel free to send me an email michael@widdix.de
Hi, We have recently enabled the FW and routed the ClamAV linux EC2 traffic through it. It needs outside connectivity to update the yum, clam AV OS and clam av db update. However we also noticed some ips that are related to china, etc in FW log. I couldn't find which process on the CLAM AV ec2 is trying to connect to those IPs. Can you please provide any info if any other process needs outside connectivity from the server?