[Avcheck] Problem (what else?)

Milan P. Stanic mps@rns-nis.co.yu
Sun, 26 Aug 2001 22:08:46 +0200 (CEST) 

Hi!

I tried to set next programs:
avcheck-0.3.tar.gz
AvpDaemon Version 3.0 build 135.2 (trial version without key)
Postfix release-20010228

I set it according to README.AVP and it works as Michael described, an
until that it works.

But when I tried it with postfix (strictly following instructions from
README.Postfix) I see in log that postfix relays mail to avcheck (like to a
blackhole). It does not detects EICAR.TXT virus.

master.cf file
-------------------
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (50)
# ==========================================================================
smtp     inet  n       -       n       -       -       smtpd
    -o content_filter=avcheck
pickup    fifo  n       n       -       60      1       pickup
cleanup   unix  -       -       -       -       0       cleanup
qmgr      fifo  n       -       -       300     1       qmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
smtp      unix  -       -       -       -       -       smtp
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
local     unix  -       n       n       -       -       local
localhost:1025 inet n   -       n       -       -       smtpd
    -o content_filter=
avcheck   unix  -       n       n       -       -       pipe
     user=avpc argv=/var/spool/avp/avcheck
     -d /var/spool/avp/./tst -s AVP:/var/spool/avp/ctl/AvpCtl
     -f ${sender} -S 127.0.0.1:1025 -- ${recipient}
flush     unix  -       -       n       1000?   0       flush
--------------------

ps au | grep Avp  gives:
avpd 2013  0.0  0.1 4504   56 ?  S  21:04 0:00 /AvpDaemon -dl -f=/ctl /tst


and excerpt from mail.log 
----------------------------
Aug 26 21:19:04 dl postfix/qmgr[2310]: 607E617BFD:
from=<mps@rns-nis.co.yu>, size=597, nrcpt=1 (queue active)
Aug 26 21:19:04 dl postfix/smtpd[2319]: disconnect from localhost[127.0.0.1]
Aug 26 21:19:04 dl postfix/pipe[2315]: 641C217B3B: to=<mps@rns-nis.co.yu>,
relay=avcheck, delay=38, status=sent (dl.rns-nis.co.yu)
Aug 26 21:19:04 dl postfix/local[2321]: 607E617BFD: to=<mps@rns-nis.co.yu>,
relay=local, delay=0, status=sent (mailbox)
----------------------------------------

I don't understand why postfix sends it to the "local" relay?

I hacked avcheck to add syslog support and then I saw that AvpDaemon always
answers with "uexpected" return code.

Should I say that I read mailing list archive for July and August and
didn't found solution :(

Can anybody tell me what is wrong?

Milan
----------------------------------
OSS, IT Security
Consulting and Management
----------------------------------