[Avcheck] README.AVP

Len Conrad LConrad@Go2France.com
Sun, 11 Nov 2001 14:00:58 -0600


>It shouldn't be difficult either - you need only the executable,
>the virus/pattern bases, and two ini files from kav.

well, it's not obvious from the fog of files from kasp server + kasp 
workstation + avcheck that it distills to really very few files.


>I assumed you're subscribed to avcheck mailinglist.  Look into
>archives at www.corpit.ru/pipermail/avcheck/, and for october's
>threads in particular.  Well, not that *great* information, but
>the setup procedure isn't very difficult either.

ok

> > [Actions]
> > InfectedAction=0
> > # This one is important.
> > .... but it doesn't exist.
>
>Again, search for InfectedAction.

found in, but NOT in the [ActionXxxx] stanzas

>As you can guess, them are examples.  And in reality them are screwed
>up -- due to failure to make.  Please do

done,works

>   BTW, may be you can provide
>French translation too? ;)

when my English one works.  We did our amavis into French, and will for 
avcheck.



>I suggest you to place all libs into /lib -- without /usr,
>/usr/local and the like.  Look into ldd output and then
>copy all listed libs into
>  /var/spool/avp/lib/
>directory -- just like README.AVP says.  About libintl -- it is
>in /usr/local/lib, I guess it is not a standard lib in FreeBSD
>and it is not searched by default.

all the lib sh!t is ok now.

here´s maillog showing a failure with virus attachement:

Nov 11 10:52:14 mgw2 postfix/smtpd[9852]: connect from unknown[66.64.14.18]
Nov 11 10:52:15 mgw2 postfix/smtpd[9852]: 3416955406: 
client=unknown[66.64.14.18]
Nov 11 10:52:15 mgw2 postfix/cleanup[9853]: 3416955406: 
message-id=<5.1.0.14.0.20011111124908.0203ac10@wheresmymailserver.com>
Nov 11 10:52:16 mgw2 postfix/nqmgr[9850]: 3416955406: 
from=<lconrad@go2france.com>, size=23995, nrcpt=1 (queue active)
Nov 11 10:52:17 mgw2 postfix/smtpd[9852]: disconnect from unknown[66.64.14.18]
Nov 11 10:52:17 mgw2 postfix/pipe[9855]: 3416955406: to=<ryan@72mm.com>, 
relay=avcheck, delay=1, status=deferred (temporary failure.
  Command output: avcheck: uexpected AVP return code 70 (0x6946) )
Nov 11 11:25:19 mgw2 postfix/nqmgr[9850]: 3416955406: 
from=<lconrad@go2france.com>, size=23995, nrcpt=1 (queue active)
Nov 11 11:25:19 mgw2 postfix/pipe[9887]: 3416955406: to=<ryan@72mm.com>, 
relay=avcheck, delay=1984, status=deferred (temporary failure. Command 
output: avcheck: uexpected AVP return code 70 (0x6946) )

and a msg without atachment thta goes ok:

Nov 11 11:33:30 mgw2 postfix/smtpd[9897]: connect from unknown[66.64.14.18]
Nov 11 11:33:30 mgw2 postfix/smtpd[9897]: 9A0B855407: 
client=unknown[66.64.14.18]
Nov 11 11:33:34 mgw2 postfix/cleanup[9898]: 9A0B855407: 
message-id=<5.1.0.14.0.20011111133234.02046c08@wheresmymailserver.com>
Nov 11 11:33:34 mgw2 postfix/nqmgr[9850]: 9A0B855407: 
from=<lconrad@go2france.com>, size=523, nrcpt=1 (queue active)
Nov 11 11:33:34 mgw2 postfix/smtpd[9904]: connect from 
localhost.72mm.com[127.0.0.1]
Nov 11 11:33:34 mgw2 postfix/smtpd[9904]: A5A3555408: 
client=localhost.72mm.com[127.0.0.1]
Nov 11 11:33:34 mgw2 postfix/cleanup[9898]: A5A3555408: 
message-id=<5.1.0.14.0.20011111133234.02046c08@wheresmymailserver.com>
Nov 11 11:33:34 mgw2 postfix/smtpd[9897]: disconnect from unknown[66.64.14.18]
Nov 11 11:33:34 mgw2 postfix/smtpd[9904]: disconnect from 
localhost.72mm.com[127.0.0.1]
Nov 11 11:33:34 mgw2 postfix/pipe[9900]: 9A0B855407: to=<ryan@72mm.com>, 
relay=avcheck, delay=4, status=sent (mgw2.72mm.com)
Nov 11 11:33:34 mgw2 postfix/nqmgr[9850]: A5A3555408: 
from=<lconrad@go2france.com>, size=696, nrcpt=1 (queue active)
Nov 11 11:33:34 mgw2 postfix/smtp[9905]: A5A3555408: to=<ryan@72mm.com>, 
relay=199.108.225.104[199.108.225.104], delay=0, status=sent (250 Message 
queued)

I guess it's in .prf some param.

Len