What network ports CAVL uses for updating (engine and database) and cloud scan?

I’ve got my ubuntu desktop and set in UFW (Uncomplicated FireWall) to block every outgoing and incoming traffic, but not few ports (like 53, 80 .etc). And now I can’t do the update of CAVL - I can change rules to be less strict but I don’t want to, or turn off firewall during update (which is stupid) or permit this certain port to connect to Internet and make the update - the last solution is what I really want.

So, what ports Comodo Anti-Virus for Linux (and generally every Comodo AV for other operating systems) uses to do the updates (virus database and engine) and perform cloud scan?

Thanks.

I only have 53, 80, 443, 465 and 993 open outbound, and it works OK.

It won’t be using 53 (DNS) or 465 or 993 (gmail) I shouldn’t think

Despite the virus db update date presented on GUI is actual (few minutes ago allegedly the update took place), also while trying to update the engine, it looks like app connects with network. But when I’ve tried to upload directory named maldetect-1.4.2 (1.2 MB weight), it’s being uploaded very slow.

My rules:


user@user:~$ sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 80                         ALLOW IN    Anywhere
[ 2] 123                        ALLOW IN    Anywhere
[ 3] 443                        ALLOW IN    Anywhere
[ 4] 443                        ALLOW OUT   Anywhere (out)
[ 5] 123                        ALLOW OUT   Anywhere (out)
[ 6] 80                         ALLOW OUT   Anywhere (out)
[ 7] 53                         ALLOW IN    Anywhere
[ 8] 53                         ALLOW OUT   Anywhere (out)
[ 9] 51415/tcp                  ALLOW OUT   Anywhere (out)
[10] 51415/tcp                  ALLOW IN    Anywhere
[11] 51415/udp                  ALLOW IN    Anywhere
[12] 51415/udp                  ALLOW OUT   Anywhere (out)
[13] 80                         ALLOW IN    Anywhere (v6)
[14] 123                        ALLOW IN    Anywhere (v6)
[15] 443                        ALLOW IN    Anywhere (v6)
[16] 443                        ALLOW OUT   Anywhere (v6) (out)
[17] 123                        ALLOW OUT   Anywhere (v6) (out)
[18] 80                         ALLOW OUT   Anywhere (v6) (out)
[19] 53                         ALLOW IN    Anywhere (v6)
[20] 53                         ALLOW OUT   Anywhere (v6) (out)
[21] 51415/tcp                  ALLOW OUT   Anywhere (v6) (out)
[22] 51415/tcp                  ALLOW IN    Anywhere (v6)
[23] 51415/udp                  ALLOW IN    Anywhere (v6)
[24] 51415/udp                  ALLOW OUT   Anywhere (v6) (out)

user@user:~$ 

51415 (both TCP and UDP) is opened for Transmission torrent client.

AFAIK, most AV software connects to port 80 and 443 to download updates or submit samples. These two I’ve got opened. Before I’ve turned Uncomplicated FireWall on (earlier I was using default built-in rules for Ubuntu), Comodo could connect and upload samples without a hassle - worth mentioning, that when I turn UFW off, Comodo connects without any problem. So the firewall doing good, what it must - blocks connections or limits them very much (like it’s in Comodo example).