[Avcheck] Fwd: Re: AV Server
Michael Tokarev
mjt@tls.msk.ru
Sun, 18 Nov 2001 23:56:28 +0300
Len Conrad wrote:
>
> >This is NOT virus/antivirus related problem. It may be your filesystem that
> >has some errors
>
> from the the FreeBSD-SCSI about this "da" device error:
>
> "Something is attempting to do I/O to da0c that isn't a sector multiple in
> size.
>
> In general, this probably means that something is accessing the raw device,
> since the filesystem code shouldn't be doing I/O that isn't a sector
> multiple."
But avcheck, kavdaemon, `infected' script and postfix NOT uses raw devices!..
I still suspect some issue with a filesystem -- note "..filesystem code
SHOULDn't be doing..." -- it should not do something strange in a normal
situation, but who knows what it will do when it fells strange ?
Hmm... Hmmm... Aha!.. And anover probability -- how your
/var/spool/avp/dev/{console,null,...} looks like? Maybe them
was created incorrectly? Please remove those device files and
create them as plain files with appropriate permissions, and
try a message with a virus. It may be due to null device (e.g.
you swapped major and minor when created it, and the null becomes
your disk (!!) for example) -- kavdaemon will write a line into
/dev/null when it finds a virus, and it will NOT use sector-aligned
write, obviously... Are you got this? If this is the case,
then your system may become totally screwed up and even removed
by writing to world-writable /var/spool/avp/dev/null!
Regards,
Michael.