Results 1 to 10 of 10
  1. #1
    Untanglit
    Join Date
    Oct 2019
    Posts
    20

    Default Untangle is downloading...something?

    So little back story, I have my untangle setup for my home network primarily as bandwidth control. I prioritize traffic to so that what I do with the internet never impacts my spouse's video streaming. I was checking my Bandwidth reports today and I see a big spike of traffic that isn't being created by me downloading something. I dig further and rather than something from my private network, the host is listed as the internet public IP, so the untangle box is what's doing the downloading. More digging, it seems to have started at 2am on 2020-08-29, the traffic comes in 60-90MB chunks about every hour. Since it started it's downloaded over 60GB of stuff. The primary IPs are 104.16.219.84 and 104.16.218.84, which are registered to db.ms.clamav.net. I don't have the anti-virus app installed, any thoughts on what's going on?

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,172

    Default

    What version of Untangle? Because if this is an ancient version, this is a known issue due to the old engine being discontinued. The fix is to disable the module, but also to upgrade.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untanglit
    Join Date
    Oct 2019
    Posts
    20

    Default

    I'm on the most recent, 15.1.0

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,172

    Default

    Interesting... well then I suggest removing and reinstalling Virus Blocker Lite, and / or opening a ticket with support.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untanglit
    Join Date
    Oct 2019
    Posts
    20

    Default

    Don't have virus-blocker-lite installed. I'll open a support ticket so that they can have a chance to capture this if it is a bug.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,172

    Default

    Something has certainly gone haywire, because from your investigation it really appears Untangle is downloading Clam definitions endlessly, which well... that's the engine in Virus Blocker Lite! If you aren't using the module I have no clue why Untangle would be mucking about with it.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Untanglit
    Join Date
    Oct 2019
    Posts
    20

    Default

    Yeah and they're not small either. I was just looking at the individual sessions last by size last night, but today I re-ordered the report by time and it's downloading like 700MB every hour. My internet pipe is only 25 Mbit, these are disruptive. Looks like there was an appliance build update around 8/29, so we'll see what support says.

  8. #8
    Master Untangler
    Join Date
    Oct 2017
    Posts
    162

    Default

    Quote Originally Posted by gedavids View Post
    Yeah and they're not small either. I was just looking at the individual sessions last by size last night, but today I re-ordered the report by time and it's downloading like 700MB every hour. My internet pipe is only 25 Mbit, these are disruptive. Looks like there was an appliance build update around 8/29, so we'll see what support says.
    The fix for the IPS was in that update I believe.

  9. #9
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,867

    Default

    You should still try adding/removing the module. Even if you're not using it now, if you ever even tried it out at any point in the past it's possible (however unlikely) some extra piece was left behind. Adding and then removing it again might just clean that up.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.2 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  10. #10
    Untanglit
    Join Date
    Oct 2019
    Posts
    20

    Default

    Quote Originally Posted by jcoehoorn View Post
    You should still try adding/removing the module. Even if you're not using it now, if you ever even tried it out at any point in the past it's possible (however unlikely) some extra piece was left behind. Adding and then removing it again might just clean that up.
    I was thinking the same thing. I'm going to give support a chance to take a look first. I don't want to muck around with it and change the situation. Thankfully my bandwidth controls seem to be doing a good job of keeping this from being a problem.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2