Kaspersky not detected

Julian Field MailScanner at ecs.soton.ac.uk
Sun Jan 6 17:07:11 GMT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So without the changes you have suggested, what works and what doesn't? 
Can we make a MailScanner --lint highlight the changes if they haven't 
been done? Or can we make the -wrapper script log if it finds things not 
set up the way it needs?

UxBoD wrote:
> Hi Jules,
>
> Okay :-
>
> 1) Yes running Postfix so in my MailScanner.conf am using Run/Group As Postfix
> 2) IChecker is basically a cache http://www.kaspersky.co.uk/faq?qid=156636746
> 3) The license is not actually in there, but a file called appinfo.dat.  This gets updated each time a user run kav4fs-kavscanner.  I don't think a DDoS would get at that file to be honest.
>
> I have posted on the Kasersky forums (http://forum.kaspersky.com/index.php?showtopic=57167&st=0&gopid=518553&#entry518553) so will see if they actually reply.
>
> Regards,
>
> --[ UxBoD ]--
> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
> // Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
> // Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
>
> ----- Original Message -----
> step 3.: "Julian Field" <jkf at ecs.soton.ac.uk>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: 06 January 2008 16:35:25 o'clock (GMT) Europe/London
> Subject: Re: Kaspersky not detected
>
>
> * PGP Signed by an unmatched address: 01/06/08 at 16:35:27
>
>
>
> UxBoD wrote:
>   
>> Right finally got it working :) Here is the lint :-
>>
>> [root at mailhub tmp]# MailScanner --lint
>> Trying to setlogsock(unix)
>> Checking version numbers...
>> Version number in MailScanner.conf (4.67.1) is correct.
>>
>> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>>
>> Checking for SpamAssassin errors (if you use it)...
>> SpamAssassin temp dir = /var/spool/MailScanner/spamassassin
>> SpamAssassin reported no errors.
>> MailScanner.conf says "Virus Scanners = auto"
>> Found these virus scanners installed: clamd, kaspersky-4.5, esets
>> ===========================================================================
>> ===========================================================================
>> Virus Scanner test reports:
>> Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND"
>> Kaspersky said "/var/spool/MailScanner/incoming/28442/1/eicar.com       INFECTED        EICAR-Test-File"
>> esets said "Found virus Eicar test file in eicar.com"
>>
>> If any of your virus scanners (clamd,kaspersky-4.5,esets)
>> are not listed there, you should check that they are installed correctly
>> and that MailScanner is finding them correctly via its virus.scanners.conf.
>>
>> To get it to work I changed the following :-
>>
>> 1) chmod 644 /etc/opt/kaspersky/kav4fs.conf
>>   
>>     
> I assume you are using Exim or Postfix (i.e. you aren't running 
> MailScanner as root).
>   
>> 2) Modified the above file and changed Ichecker=no under the section [scanner.options]
>>   
>>     
> What is the Ichecker? What does this setting control, and what is the 
> effect of the change?
>
>   
>> 3) chmod -R 777 /var/opt/kaspersky/kav4fs/licenses
>>   
>>     
> Eek, don't like that. Someone could nullify your licences which is a 
> simple DoS attack on your scanner. Wouldn't a chmod a+rX 
> /var/opt/kaspersky/kav4fs/licenses do the job instead?
>
>   
>> Hope this helps.
>>
>> Regards,
>>
>> --[ UxBoD ]--
>> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
>> // Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
>> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
>> // Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
>>
>> ----- Original Message -----
>> step 3.: "UxBoD" <uxbod at splatnix.net>
>> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
>> Sent: 06 January 2008 14:02:06 o'clock (GMT) Europe/London
>> Subject: Re: Kaspersky not detected
>>
>> Hmmm, okay got past the first hurdle but now it just falls in a big heap.  I see from the release notes that the on demand scanner will only run as root.  How stupid!  Will keep ya posted as seeing what the Kaspersky forums say.
>>
>> Regards,
>>
>> --[ UxBoD ]--
>> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
>> // Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
>> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
>> // Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
>>
>> ----- Original Message -----
>> step 3.: "UxBoD" <uxbod at splatnix.net>
>> To: mailscanner at lists.mailscanner.info
>> Sent: 06 January 2008 11:56:30 o'clock (GMT) Europe/London
>> Subject: Kaspersky not detected
>>
>> Hi,
>>
>> Just trying out Kaspersky File Server and MS is not detecting it installed :(  I have set virus scanners to auto in MailScanner.conf, and have updated virus.scanners.conf to the following :-
>>
>> # Kaspersky 5.5: your kaspersky-4.5 path should be /opt/kav/5.5
>> # Kaspersky 4.5 and newer
>> kaspersky-4.5   /usr/lib/MailScanner/kaspersky-wrapper  /opt/kaspersky
>>
>> and in kaspersky-wrapper it looks for :-
>>
>> Scanner=kav4fs/bin/kav4fs-kavscanner
>>
>> so on checking that :-
>>
>> [root at mailhub ~]# ls -l /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner 
>> -rwxr-xr-x 1 root root 3991208 Apr 28  2007 /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner
>>
>> Any ideas ?
>>
>> Regards,
>>
>> --[ UxBoD ]--
>> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
>> // Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
>> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
>> // Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
>>
>>   
>>     
>
> Jules
>
>   

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.7.0 (Build 1012)
Comment: Use Thunderbird's Enigmail add-on to verify this message
Charset: UTF-8

wj8DBQFHgQrXEfZZRxQVtlQRApBFAJ0V+OqyJsUTG8vuyM9f8caEUj9bPQCdE1y1
VBywjUMxQcJuVxJ6tiUlGoI=
=dfGn
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list