Kaspersky not detected

UxBoD uxbod at splatnix.net
Sun Jan 6 16:51:35 GMT 2008


Hi Jules,

Okay :-

1) Yes running Postfix so in my MailScanner.conf am using Run/Group As Postfix
2) IChecker is basically a cache http://www.kaspersky.co.uk/faq?qid=156636746
3) The license is not actually in there, but a file called appinfo.dat.  This gets updated each time a user run kav4fs-kavscanner.  I don't think a DDoS would get at that file to be honest.

I have posted on the Kasersky forums (http://forum.kaspersky.com/index.php?showtopic=57167&st=0&gopid=518553&#entry518553) so will see if they actually reply.

Regards,

--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net

----- Original Message -----
step 3.: "Julian Field" <jkf at ecs.soton.ac.uk>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: 06 January 2008 16:35:25 o'clock (GMT) Europe/London
Subject: Re: Kaspersky not detected

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



UxBoD wrote:
> Right finally got it working :) Here is the lint :-
>
> [root at mailhub tmp]# MailScanner --lint
> Trying to setlogsock(unix)
> Checking version numbers...
> Version number in MailScanner.conf (4.67.1) is correct.
>
> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>
> Checking for SpamAssassin errors (if you use it)...
> SpamAssassin temp dir = /var/spool/MailScanner/spamassassin
> SpamAssassin reported no errors.
> MailScanner.conf says "Virus Scanners = auto"
> Found these virus scanners installed: clamd, kaspersky-4.5, esets
> ===========================================================================
> ===========================================================================
> Virus Scanner test reports:
> Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND"
> Kaspersky said "/var/spool/MailScanner/incoming/28442/1/eicar.com       INFECTED        EICAR-Test-File"
> esets said "Found virus Eicar test file in eicar.com"
>
> If any of your virus scanners (clamd,kaspersky-4.5,esets)
> are not listed there, you should check that they are installed correctly
> and that MailScanner is finding them correctly via its virus.scanners.conf.
>
> To get it to work I changed the following :-
>
> 1) chmod 644 /etc/opt/kaspersky/kav4fs.conf
>   
I assume you are using Exim or Postfix (i.e. you aren't running 
MailScanner as root).
> 2) Modified the above file and changed Ichecker=no under the section [scanner.options]
>   
What is the Ichecker? What does this setting control, and what is the 
effect of the change?

> 3) chmod -R 777 /var/opt/kaspersky/kav4fs/licenses
>   
Eek, don't like that. Someone could nullify your licences which is a 
simple DoS attack on your scanner. Wouldn't a chmod a+rX 
/var/opt/kaspersky/kav4fs/licenses do the job instead?

> Hope this helps.
>
> Regards,
>
> --[ UxBoD ]--
> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
> // Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
> // Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
>
> ----- Original Message -----
> step 3.: "UxBoD" <uxbod at splatnix.net>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: 06 January 2008 14:02:06 o'clock (GMT) Europe/London
> Subject: Re: Kaspersky not detected
>
> Hmmm, okay got past the first hurdle but now it just falls in a big heap.  I see from the release notes that the on demand scanner will only run as root.  How stupid!  Will keep ya posted as seeing what the Kaspersky forums say.
>
> Regards,
>
> --[ UxBoD ]--
> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
> // Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
> // Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
>
> ----- Original Message -----
> step 3.: "UxBoD" <uxbod at splatnix.net>
> To: mailscanner at lists.mailscanner.info
> Sent: 06 January 2008 11:56:30 o'clock (GMT) Europe/London
> Subject: Kaspersky not detected
>
> Hi,
>
> Just trying out Kaspersky File Server and MS is not detecting it installed :(  I have set virus scanners to auto in MailScanner.conf, and have updated virus.scanners.conf to the following :-
>
> # Kaspersky 5.5: your kaspersky-4.5 path should be /opt/kav/5.5
> # Kaspersky 4.5 and newer
> kaspersky-4.5   /usr/lib/MailScanner/kaspersky-wrapper  /opt/kaspersky
>
> and in kaspersky-wrapper it looks for :-
>
> Scanner=kav4fs/bin/kav4fs-kavscanner
>
> so on checking that :-
>
> [root at mailhub ~]# ls -l /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner 
> -rwxr-xr-x 1 root root 3991208 Apr 28  2007 /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner
>
> Any ideas ?
>
> Regards,
>
> --[ UxBoD ]--
> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
> // Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
> // Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
>
>   

Jules

- -- 
Julian Field MEng MBCS CITP CEng
jkf at ecs.soton.ac.uk
Teaching Systems Manager
Electronics & Computer Science
University of Southampton
SO17 1BJ, UK


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.7.0 (Build 1012)
Comment: Use Thunderbird's Enigmail add-on to verify this message
Charset: UTF-8

wj8DBQFHgQNPEfZZRxQVtlQRAmI/AKDPkmV5Rt86c+Fgj57k1ugkTvykewCgk+qh
syt+hXFZt1GG3l1ll96D9iY=
=bicz
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list