[Avcheck] Re: Cant detect eicar.msg
George Chelidze
wrath@geo.net.ge
Fri, 28 Dec 2001 14:25:31 +0400
This is a multi-part message in MIME format.
--------------020809040505070609070003
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
I start my avpdaemon with run script attached.
>What the avcheck says here? Does it complains? I suspect it does,
>and you not tell me about this.
no it doesn't complains at all.
>What is your InfectedAction setting in defUnix.prf? It should be 0. I
>highly
>suspect that your settings uses different value. Daemon will try to
>ask if it
>should desinfect a file with the default setting (it can't desinfect
>mail messages
InfectedAction is 0. please look at attached files.
>anyway). And -- Have your daemon loaded it's bases?
Yes it loads bases and doesn't output any error. how else can I check
whether it loads them?
--
George Chelidze
--------------020809040505070609070003
Content-Type: text/plain;
name="AvpUnix.ini"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="AvpUnix.ini"
[AVP32]
DefaultProfile=my.prf
[Configuration]
KeyFile=avp.key
KeysPath=/
SetFile=avp.set
BasePath=/bases
--------------020809040505070609070003
Content-Type: text/plain;
name="my.prf"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="my.prf"
[Location]
List=/tst
[Objects]
MailBases=No
Warnings=No
[Actions]
InfectedAction=0
[Options]
ShowOk=No
ShowPack=No
Report=No
UseSysLog=No
--------------020809040505070609070003
Content-Type: text/plain;
name="run"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="run"
#!/bin/sh
/usr/bin/env - HOME=/ /bin/nice /var/spool/avp/uchroot -u avdaemon /var/spool/avp /AvpDaemon -dl -f=/ctl /tst
sleep 3
/var/spool/avp/uchroot -u avclient / /var/spool/avp/avcheck -n -f root -d /var/spool/avp/./tst -s avp:/var/spool/avp/ctl/AvpCtl avclient < eicar.msg
--------------020809040505070609070003--