I have some suggested changes to AV scanners. I've been playing with the latest versions of Kaspersky AV. The new aveclient path should be added to the list of places to look for the binary:
'/opt/kav/5.5/kav4mailservers/bin/aveclient', ### http://www.kaspersky.com/ (in the 'file server version') ['KasperskyLab AVP - aveclient', ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient', '/opt/kav/bin/aveclient','/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'], '-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/\b(INFECTED|SUSPICION)\b/, qr/(?:INFECTED|SUSPICION) (.+)/, ], BTW, the 'file server version' no longer uses aveserver/aveclient. http://marc.theaimsgroup.com/?l=amavis-user&m=111927111632475&w=2 The 'mail server version' now uses it. The 'file server' or 'workstation' versions come with kavscanner, the command line scanner, and kavmonitor which needs to be compiled into the kernel. I was unable to get kavmonitor to work (and my be better off with it not working on a machine that uses amavisd-new). I suggest skipping kavmonitor compilation. The whole server package may not be appropriate from a licensing standpoint at any rate. It appears kavmonitor is designed as a real-time monitor: "1. When a program attempts to access an object within the protected file system (requesting to open, launch or close a file) the call is intercepted by the kernel module of the kavmonitor component, and the file is checked for the presence of a virus." ############# Configuring kavscanner to allow the amavisd-new user write access to a few needed files is not difficult, but I think once it is configured to be used by amavisd-new, it should not be used by any other user because they may change file ownerships, making the program unusable by the amavisd-new user. It may also simply fail to run for other normal users anyway because they may not (and should not) be able to write to some files if they are owned by the amavisd-new user. Running kavscanner only as the amavisd-new user limits it to scanning files the amavisd-new user has access to, but this may simply be because I've not discovered a better way to set this up. kavscanner needs to be able to read/write to its licenses directory, so I copied the licenses directory to the amavisd-new home directory, and then gave ownership to the amavisd-new user. It also needs to be able to write to at least two files, ichecker.db and kavscanner.log. To configure this, I changed the paths to these files in the .conf file: /etc/kav/5.5/kav4unix/kav4unix.conf On my system I set (among other personal choices): In the [path] section: IcheckerDbFile=/var/lib/amavis/ichecker.db LicensePath=/var/lib/amavis/licenses In the [scanner.report] section: ReportFileName=/var/lib/amavis/kavscanner.log and in amavisd.conf: ['KasperskyLab kavscanner', ['/opt/kav/5.5/kav4unix/bin/kavscanner','kavscanner'], '-i1 -xp {}', [0,10,15], [5,20,21,25], qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ , ], For reference here is the older version that changes directories to work around some problem, I experimented with various ways to gain permissions the the files the amavisd-new user needs, but I believe the above solution is possibly the best solution. ['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'], '-i1 -xp {}', [0,10,15], [5,20,21,25], qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ , sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"}, sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, ], I think logs grow forever, so I personally set: Append=no to most of them. So, I don't know if it's worth putting in the new kavscanner entry without also explaining how to get the new kavscanner working, and I'm not sure what the best wording would be. Can anyone else confirm my findings or see a better way to do this? If anyone would like to experiment, you can request evaluation programs. http://usa.kaspersky.com/downloads/trial-versions.php You want the: "Kaspersky Anti-Virus for Linux File Server (1) and Linux Mail Servers (25)" Gary V ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
