[Avcheck] Antivirus with Postfix and DrWeb

Nicolai Strom Gylling nsg@webpartner.dk
Tue, 22 Jan 2002 12:53:18 +0100


>Reading all this thread, I see no reason for avcheck+drweb to show this =
bad behaviour.  All looks good.  And this all works with great success =
at several servers.

>First of all, did you tried instructions outlined in README.DrWeb, part =
about manually running avcheck before plugging it into mail subsystem?  =
Running it manually eliminates one software level. This way, it is far =
easier to debug things.  Well, there is no debugging options in avcheck =
(I never considered this is a requiriment). But if you'll run it =
manually, you will be able to strace it too, and see avcheck <=3D> =
drwebd dialog.

>Please, post your complete drweb.ini file here, and a message you used =
for testing.  Note that our server (powered by drweb!) may reject eicar =
(even if sent inside plaintext body), so you may want to either change =
it *in a known way* or post an url instead, or post in within =
password-protected .zip file (with password in the message!).  Also, it =
will be interesting to see avcheck<=3D>drweb dialog in strace.  For =
this, add `strace -o trace' before a command described in README.DrWeb =
file (that uchroot .. avcheck ... thingie).

>I'm very interested to know what's the problem.  Setup you described =
should work, or some error condition should be logged.  And I don't want =
you made some obvious mistake... ;)

Thanks for the insight in DrWeb and AVCheck.

I found the first problem. DrWeb didn't log into syslog, and it didn't =
have write-permission to the other directory i tried to log into. That =
explains quite a bit, so an indication from DrWeb during startup, would =
be helpful in this case :)

Now at least i get some logging, and can see why nothing happened, =
DrWeb.log:

Tue Jan 22 11:23:09 2002 /var/spool/drwebtest/18908.tmp - read error!

I will return if i need further assistance(unless one of you, know the =
common mistake for the above error, and just have to help me now :) )

Thanks for the help.