Hi, Please see this output. It seems to work.
[root@mailgw ~]# /opt/kaspersky/klms/bin/kavscanner /tmp/eicar_com.zip Kaspersky Anti-Virus On-Demand Scanner. Copyright (C) Kaspersky Lab, 1997-2012. There are 21371737 records loaded, the latest update 23-05-2023 Config file: /etc/opt/kaspersky/klms/kavscanner_defaults.conf /tmp/eicar_com.zip Archive ZIP /tmp/eicar_com.zip//eicar.com INFECTED EICAR-Test-File in /etc/amavisd/amavisd.conf, I now only enabled Kaspersky and disabled clamav. please see below. @av_scanners = ( ['Kaspersky Security 8.0 for Linux Mail Server', \&ask_daemon, ["nCONTSCAN {}\n", "/var/run/klms/rds_av"], qr/\bOK$/m, qr/\bFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], ### http://www.clamav.net/ ## ['ClamAV-clamd', ## \&ask_daemon, ["CONTSCAN {}\n", "/run/clamd.amavisd/clamd.sock"], ## qr/\bOK$/m, qr/\bFOUND$/m, ## qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], and @av_scanners_backup = ( ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV ## ['ClamAV-clamscan', 'clamscan', ## "--stdout --no-summary -r --tempdir=$TEMPBASE {}", ## [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], Now Kaspersky Security is only running as primary. please see below amavis[15811]:Using primary internal av scanner code for Kaspersky Security 8.0 for Linux Mail Server Here I send a mail [root@mailgw ~]# mail -a /tmp/eicar_com.zip root Subject: test . EOT Null message body; hope that's ok and see the output of tail -f /var/log/mail.log amavis[15814]:(15814-01) Blocked INFECTED (EICAR-Test-File) {DiscardedInbound,Quarantined}, Kaspersky seems to work. Your ideas are welcome. On Tue, Jun 6, 2023 at 11:44 AM Olivier <olivier.nic...@cs.ait.ac.th> wrote: > Hi Indunil, > > > I attached a test EICAR file. ClamAV detected. But Kaspersky did NOT. > > > > See the log of how clamd detected. > > > > clamd > > > [1300]:/var/spool/amavisd/tmp/amavis-20230604T171813-16458-RYQrx2PC/parts/p003: > > Win.Test.EICAR_HDB-1 FOUND > > > > Primary AV is Kaspersky Security. Please see below. > > > > amavis[16978]:Using primary internal av scanner code for Kaspersky > Security > > 8.0 for Linux Mail Server > > amavis[16978]:Using primary internal av scanner code for ClamAV-clamd > > amavis[16978]:Found secondary av scanner ClamAV-clamscan at > > /usr/bin/clamscan > > Can you confirm that Kaspersy is working: save the message with EICAR in > a file and submit that file to Kaspersky manually. > > Amavis may need some tweaking to be able to recognise the error message > returned by Kaspersky. > > Best regards, > > Olivier > > > > > Hope to hear from you. > > > > On Tue, May 23, 2023 at 12:58 PM Matus UHLAR - fantomas > > <uh...@fantomas.sk> wrote: > > > > On 22.05.23 08:33, Indunil Jayasooriya wrote: > > >Has anyone integrated Kaspersky Security with amavis? > > > > > >This is the url I followed. > > > > > >https://support.kaspersky.com/KLMS/8.2/en-US/62460.htm > > > > > >I did it. But I get below erros. > > > > > >2023 May 22 08:04:56 server amavis[1769]:(01769-04) (!)connect to > > >/var/run/klms/rds_av failed, attempt #1: Can't connect to a UNIX socket > > >/var/run/klms/rds_av: Permission denied > > >2023 May 22 08:04:57 server amavis[1769]:(01769-04) (!)Kaspersky > > Security > > >8.0 for Linux Mail Server: All attempts (1) failed connecting to > > >/var/run/klms/rds_av, retrying (2) > > > > > >2023 May 22 08:11:57 server amavis[1768]:(01768-05) (!)Kaspersky > > Security > > >8.0 for Linux Mail Server av-scanner FAILED: run_av error: Too many > > retries > > >to talk to /var/run/klms/rds_av (All attempts (1) failed connecting to > > >/var/run/klms/rds_av) at (eval 132) line 659.\n > > > > > >Here is the permission. > > > > > >ls -al /var/run/klms/rds_av > > >srw-rw---- 1 kluser klusers 0 May 17 01:35 /var/run/klms/rds_av > > > > you must have read/execure permissions for /var/run/klms/ directory too. > > Run: > > > > ls -la /var/run/klms/ > > > > >some additional info. > > > > > ># id amavis > > >uid=996(amavis) gid=993(amavis) groups=993(amavis),991(klusers) > > > > this should help if the /var/run/klms/ has 'rx' permissions for group > > klusers. > > > > -- > > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > > Warning: I wish NOT to receive e-mail advertising to this address. > > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu > > postu. > > "The box said 'Requires Windows 95 or better', so I bought a Macintosh". > > -- > -- cat /etc/motd Thank you Indunil Jayasooriya http://www.theravadanet.net/