Re: [Exim] exiscan + kaspersky

Top Page
Delete this message
Reply to this message
Author: Dirk Koopman
Date:  
To: Tom Kistner
CC: exim-users
Subject: Re: [Exim] exiscan + kaspersky
Done all of that, now I am experimenting with logging and what I get
is:-

Query for the tests: <0>04 Apr
05:00:00:/var/spool/exim/scan/17zMwO-0000c1-00

Directory /var/spool/exim/scan/17zMwO-0000c1-00 wasn't included in
enabled paths.

Looking at the instructions I have in my /opt/AVP/etc/defUnix.prf file:-

[Object]
Names=*/var;*/usr;*/home;*/mnt;*/tmp
Memory=No
Sectors=No
ScanAllSectors=No
Files=Yes
FileMask=2
UserMask=*.tar.gz
ExcludeFiles=0
ExcludeMask=*.txt *.cmd
ExcludeDir=
Packed=Yes
Archives=Yes
SelfExtArchives=Yes
MailBases=Yes
MailPlain=Yes
Embedded=Yes
InfectedAction=1
BackupInfected=No
IfDisinfImpossible=0
Warnings=Yes
CodeAnalyser=Yes
RedundantScan=No
SubDirectories=Yes
CrossFs=Yes

# global(common) options sections
[Options]
ScanRemovable=Yes
ScanSubDirAtEnd=No
ParallelScan=No
LimitForProcess=16
EndlesslyScan=No
ScanDelay=-1
Symlinks=1

...
...

Doing it manually gets a result.

BTW according to my man page:-

       -I0    reports infected and suspicious objects.


       -I1    prompts for disinfecting infected objects.


       -- or -I2
              disinfects infected objects automatically if possible.
When running in this mode the program checks for viruses and tries to
recover infected files and boot sectors to exactly (if
possible) or mostly match the originals.


       -I2S   disinfects infected objects automatically and skips
objects that cannot be disinfected.


       -I2D   disinfects infected objects automatically and deletes
objects that cannot be disinfected.


       -I3 or -E
              deletes infected objects automatically.


Which means that -E does the exact opposite to what you have suggested.

Regards

Dirk

On Wed, 09 Oct 2002 20:37:27 +0200
Tom Kistner <tom@???> wrote:

> Dirk Koopman wrote:
>
> > Data file written for message 17zKGZ-0000C8-00
> > calling exiscan(); timeout=60
> > exiscan: starting
> > exiscan_cleanup(): unlinking
> > /var/spool/exim/scan/17zKGZ-0000C8-00/17zKGZ-0000C8-00-complete
> > exiscan_cleanup(): unlinking
> > /var/spool/exim/scan/17zKGZ-0000C8-00/textfile0 exiscan_cleanup():
> > unlinking /var/spool/exim/scan/17zKGZ-0000C8-00/textfile1
> > exiscan_cleanup(): unlinking
> > /var/spool/exim/scan/17zKGZ-0000C8-00/New_Microsoft_Works_4.0_Sheet
> > _or_ Chart.wks.exe exiscan_cleanup(): unlinking
> > /var/spool/exim/scan/17zKGZ-0000C8-00/textfile2 exiscan() returned 0
> > [message processed ok] calling local_scan(); timeout=300
> > local_scan() returned 0 NULL
>
> That looks OK. No error message, so it connect and gets an answer. The
>
> question is why kavdaemon does not find anything ? :)
>
> How do you run kavdaemon ? From the exiscan manual:
>
> ----------------------------------------------------
> Attention: you need to run kavdaemon with the disinfection option
> disabled, and with proper path settings, like this:
>
>        ./kavdaemon -E -f=/opt/AVP /

>
> Note the slash at the end, it is important. /opt/AVP is the
> default AVP base directory.
> ------------------------------------------------------
>
> > exiscan_condition = 1
> > exiscan_crypt_salt = kb
> > exiscan_timeout = 60s
> > exiscan_unpack_mime = true
> > exiscan_av_condition = 1
> > exiscan_av_action = reject
> > exiscan_av_scanner = kavdaemon
> > exiscan_av_kavdaemon_socket = /opt/AVP/AvpCtl
>
> That is ok, too, so I guess kavdaemon has a configuration problem.
>
> regards,
>
>
> /tom
>
>