'Re: [AMaViS-user] which kaspersky products suported?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       amavis-user
Subject:    Re: [AMaViS-user] which kaspersky products suported?
From:       Mark Martinec <Mark.Martinec () ijs ! si>
Date:       2002-11-28 18:10:11
[Download RAW message or body]

Kenneth,

(sorry for a late reply)

| :-) Right, thats precisely the config for kavscanner. The log that Ive posted 
| which the virus was not detected was for the kavdaemon (avpdc). It exits with 
| status=0 and did not detect the viruses.
| The configuration i did for kavdaemon is:
|   ['KasperskyLab AVPDaemonClient',
|   ['/opt/AVP/kavdaemon','kavdaemon','kavdaemon'],
|   '{}', [0], [3,4,5,6], qr/(?m)infected: (.+)/ ]

| however, this is the log from kavdaemon:
|   ov 22 13:22:27 pkme amavis[32109]: (32109-01) Using KasperskyLab 
|   AVPDaemonClient: /opt/AVP/avpdc 
|   "/var/amavis/amavis-20021122T132227-32109/parts" </dev/null 2>&1
|   Nov 22 13:22:27 pkme amavis[32109]: (32109-01) run_av: /opt/AVP/avpdc 
|   status=0,
| and it cant detect any viruses.

I don't know. Try to run it manually, e.g. create some subdirectory,
place a file with a virus there, and run:

$ /opt/AVP/avpdc "/some/full/path/subdir" </dev/null 2>&1

Does it find a virus? Does it help if you remove double quotes,
or append a slash after the directory name, or remove '</dev/null 2>&1'?
Could it be that the shell specified for vscan (or amavis) user
is not Bourne shell-compatible (e.g. csh or tcsh)?

| And also, i want to mention that the problem with f-prot not rejecting unknown 
| viruses is back again (or is it just on my config?). This was fixed with a 
| patch from the previous version but I cant seem to find where to apply the 
| fix again.

Hm, what was that about? Which previous version? Check the status codes
listed in the file ./amavis/av/fprot from the version that worked for you,
and compare them to the codes listed in the f-prot entry
in amavisd.conf, e.g.:

if ($fprot) {
    do_log(2,"Using $fprot");
    chop($output = `$fprot -DUMB -ARCHIVE $TEMPDIR/parts`);
    $errval = retcode($?);
    do_log(2,$output);
==> if ($errval == 0 || $errval == 8) {         # no errors, no viruses found
        $scanner_errors = 0;
==> } elsif ($errval == 3 || $errval == 6) {    # no errors, viruses discovered
        $scanner_errors = 0;
==>     @virusname = ($output =~ /Infection: (.+)/g);
        @virusname = (undef)  if !@virusname;  # just in case: make list nonnil
        do_virus();
    } else {
        do_log(0,"Virus scanner failure: $fprot (error code: $errval)");
    }
}


against:

  ['FRISK F-Prot Antivirus/Linux', ['f-prot','f-prot.sh'],
    '-DUMB -ARCHIVE {}', [0,8], [3,6],
                         ^^^^^  ^^^^^
    qr/(?m)Infection: (.+)/ ],
           ^^^^^^^^^^^^^^^

Mark


-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic