[Avcheck] Fwd: Re: AV Server

[Michael Tokarev]

Len Conrad wrote:
> 
> >This is NOT virus/antivirus related problem.  It may be your filesystem that
> >has some errors
> 
> from the the FreeBSD-SCSI about this "da" device error:
> 
> "Something is attempting to do I/O to da0c that isn't a sector multiple in
> size.
> 
> In general, this probably means that something is accessing the raw device,
> since the filesystem code shouldn't be doing I/O that isn't a sector
> multiple."

But avcheck, kavdaemon, `infected' script and postfix NOT uses raw devices!..

I still suspect some issue with a filesystem -- note "..filesystem code
SHOULDn't be doing..." -- it should not do something strange in a normal
situation, but who knows what it will do when it fells strange ?

Hmm...  Hmmm...  Aha!..  And anover probability -- how your
/var/spool/avp/dev/{console,null,...} looks like?  Maybe them
was created incorrectly?  Please remove those device files and
create them as plain files with appropriate permissions, and
try a message with a virus.  It may be due to null device (e.g.
you swapped major and minor when created it, and the null becomes
your disk (!!) for example) -- kavdaemon will write a line into
/dev/null when it finds a virus, and it will NOT use sector-aligned
write, obviously...  Are you got this?  If this is the case,
then your system may become totally screwed up and even removed
by writing to world-writable /var/spool/avp/dev/null!

Regards,
 Michael.