[Avcheck] Starting problems
Michael Tokarev
mjt@tls.msk.ru
Sat, 11 Aug 2001 15:35:57 +0400
Fridtjof Busse wrote:
>
[]
> Hi Michael
> Found the error, one little damn permission (avpd:avp instead of
> avpd:root).
> Thank you very much for your help!
> strace is really a great tool!
> But now I got another problem:
> If I send the EICAR-testfile, I get (/var/log/maillog):
> to=fridtjof.busse@gmx.de, relay=avcheck, delay=0, status=deferred
> (temporary failure. Command output: avcheck: uexpected avp return code
> 70 (0x6946) )
>
> Looks like KAV finds the "virus" and returns a message, that avcheck
> can't understand. This also happens with real viruses.
> Any idea (bug?)?
Yes, this is a known problem. This was discussed with Ralf and
others in private -- it is a bug in kavdaemon (note: older AvpDaemon
doesn't have that bug). You should create at least two entries
in /var/spool/avp/dev/:
null and console
Just issue the following commands:
mkdir /var/spool/avp/dev
cp -a /dev/{null,console} /var/spool/avp/dev/
BTW, here at my system I created .../avp/dev/console to
be the same as /dev/null -- kavdaemon writes useless
information to console (no, error messages does not
go there...).
You may also want to create /var/spool/avp/proc directory,
to eliminate one of kavdaemon's error message.
It's in my todo list to show all the funny details of
how to setup a chroot jail for kavdaemon "properly"... ;)
> Fridtjof
Regards,
Michael.