Kaspersky not detected
UxBoD
uxbod at splatnix.net
Sun Jan 6 20:31:21 GMT 2008
[root at mailhub MailScanner]# /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner -v
Kaspersky Anti-Virus On-Demand Scanner Linux. Version 5.7.13/RELEASE build #36, compiled Apr 19 2007, 15:47:58
Copyright (C) Kaspersky Lab, 1997-2007.
# kaspersky-4.5 from www.kaspersky.com (Version 4.5 and newer) is the virus string I am using
Regards,
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
----- Original Message -----
step 3.: "Julian Field" <MailScanner at ecs.soton.ac.uk>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: 06 January 2008 17:56:19 o'clock (GMT) Europe/London
Subject: Re: Kaspersky not detected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
UxBoD wrote:
> Jules,
>
> if you run MS as root then no problems at all, otherwise due to the permissions on /etc/opt/kaspersky/kav4fs.conf then it will fail straight away!
>
> The definitions upgrade script works fine as that is run via the root cron.
>
> Hmmm, the lint could check the conf file, but would also need to check the MS Run As parameter as you might aswell run the cache if you are just using root.
>
So if not running as root and kaspersky (which versions?) is installed,
then we mustn't use the cache, so "Ichecker=no" must appear in the conf
file, after a "[scanner,options]" line but before any other /^\[/ line.
Also, if not running as root, then kav4fs.conf must be readable and
/var/opt/kaspersky/kav4fs/licenses must be writable and readable.
Let me know exactly what versions of kaspersky we are talking about
(i.e. what "Virus Scanners =" strings), and I should be able to write
all this for you.
Jules.
> What I have done may not be the correct or elegant way but it got it to work. Will see what comes back on the forum post, as they say the default is only run by root, so there must be a workaround.
>
> Regards,
>
> --[ UxBoD ]--
> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
> // Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
>
> ----- Original Message -----
> step 3.: "Julian Field" <MailScanner at ecs.soton.ac.uk>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: 06 January 2008 17:07:11 o'clock (GMT) Europe/London
> Subject: Re: Kaspersky not detected
>
>
> * PGP Signed by an unmatched address: 01/06/08 at 17:07:35
>
> So without the changes you have suggested, what works and what doesn't?
> Can we make a MailScanner --lint highlight the changes if they haven't
> been done? Or can we make the -wrapper script log if it finds things not
> set up the way it needs?
>
> UxBoD wrote:
>
>> Hi Jules,
>>
>> Okay :-
>>
>> 1) Yes running Postfix so in my MailScanner.conf am using Run/Group As Postfix
>> 2) IChecker is basically a cache http://www.kaspersky.co.uk/faq?qid=156636746
>> 3) The license is not actually in there, but a file called appinfo.dat. This gets updated each time a user run kav4fs-kavscanner. I don't think a DDoS would get at that file to be honest.
>>
>> I have posted on the Kasersky forums (http://forum.kaspersky.com/index.php?showtopic=57167&st=0&gopid=518553&#entry518553) so will see if they actually reply.
>>
>> Regards,
>>
>> --[ UxBoD ]--
>> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
>> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
>> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
>> // Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
>>
>> ----- Original Message -----
>> step 3.: "Julian Field" <jkf at ecs.soton.ac.uk>
>> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
>> Sent: 06 January 2008 16:35:25 o'clock (GMT) Europe/London
>> Subject: Re: Kaspersky not detected
>>
>>
>>
>>> Old Signed by an unmatched address: 01/06/08 at 16:35:27
>>>
>>
>> UxBoD wrote:
>>
>>
>>> Right finally got it working :) Here is the lint :-
>>>
>>> [root at mailhub tmp]# MailScanner --lint
>>> Trying to setlogsock(unix)
>>> Checking version numbers...
>>> Version number in MailScanner.conf (4.67.1) is correct.
>>>
>>> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>>>
>>> Checking for SpamAssassin errors (if you use it)...
>>> SpamAssassin temp dir = /var/spool/MailScanner/spamassassin
>>> SpamAssassin reported no errors.
>>> MailScanner.conf says "Virus Scanners = auto"
>>> Found these virus scanners installed: clamd, kaspersky-4.5, esets
>>> ===========================================================================
>>> ===========================================================================
>>> Virus Scanner test reports:
>>> Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND"
>>> Kaspersky said "/var/spool/MailScanner/incoming/28442/1/eicar.com INFECTED EICAR-Test-File"
>>> esets said "Found virus Eicar test file in eicar.com"
>>>
>>> If any of your virus scanners (clamd,kaspersky-4.5,esets)
>>> are not listed there, you should check that they are installed correctly
>>> and that MailScanner is finding them correctly via its virus.scanners.conf.
>>>
>>> To get it to work I changed the following :-
>>>
>>> 1) chmod 644 /etc/opt/kaspersky/kav4fs.conf
>>>
>>>
>>>
>> I assume you are using Exim or Postfix (i.e. you aren't running
>> MailScanner as root).
>>
>>
>>> 2) Modified the above file and changed Ichecker=no under the section [scanner.options]
>>>
>>>
>>>
>> What is the Ichecker? What does this setting control, and what is the
>> effect of the change?
>>
>>
>>
>>> 3) chmod -R 777 /var/opt/kaspersky/kav4fs/licenses
>>>
>>>
>>>
>> Eek, don't like that. Someone could nullify your licences which is a
>> simple DoS attack on your scanner. Wouldn't a chmod a+rX
>> /var/opt/kaspersky/kav4fs/licenses do the job instead?
>>
>>
>>
>>> Hope this helps.
>>>
>>> Regards,
>>>
>>> --[ UxBoD ]--
>>> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
>>> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
>>> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
>>> // Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
>>>
>>> ----- Original Message -----
>>> step 3.: "UxBoD" <uxbod at splatnix.net>
>>> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
>>> Sent: 06 January 2008 14:02:06 o'clock (GMT) Europe/London
>>> Subject: Re: Kaspersky not detected
>>>
>>> Hmmm, okay got past the first hurdle but now it just falls in a big heap. I see from the release notes that the on demand scanner will only run as root. How stupid! Will keep ya posted as seeing what the Kaspersky forums say.
>>>
>>> Regards,
>>>
>>> --[ UxBoD ]--
>>> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
>>> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
>>> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
>>> // Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
>>>
>>> ----- Original Message -----
>>> step 3.: "UxBoD" <uxbod at splatnix.net>
>>> To: mailscanner at lists.mailscanner.info
>>> Sent: 06 January 2008 11:56:30 o'clock (GMT) Europe/London
>>> Subject: Kaspersky not detected
>>>
>>> Hi,
>>>
>>> Just trying out Kaspersky File Server and MS is not detecting it installed :( I have set virus scanners to auto in MailScanner.conf, and have updated virus.scanners.conf to the following :-
>>>
>>> # Kaspersky 5.5: your kaspersky-4.5 path should be /opt/kav/5.5
>>> # Kaspersky 4.5 and newer
>>> kaspersky-4.5 /usr/lib/MailScanner/kaspersky-wrapper /opt/kaspersky
>>>
>>> and in kaspersky-wrapper it looks for :-
>>>
>>> Scanner=kav4fs/bin/kav4fs-kavscanner
>>>
>>> so on checking that :-
>>>
>>> [root at mailhub ~]# ls -l /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner
>>> -rwxr-xr-x 1 root root 3991208 Apr 28 2007 /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner
>>>
>>> Any ideas ?
>>>
>>> Regards,
>>>
>>> --[ UxBoD ]--
>>> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
>>> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
>>> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
>>> // Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
>>>
>>>
>>>
>>>
>> Jules
>>
>>
>>
>
> Jules
>
>
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.7.0 (Build 1012)
Comment: Use Thunderbird's Enigmail add-on to verify this message
Charset: UTF-8
wj8DBQFHgRZZEfZZRxQVtlQRAgLeAJsH2fwf71brwp5e5vw84qLpNvJZ0wCgyIvq
h6MMli3jnYxbfC9n7zEGV+c=
=0P6/
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list