[Avcheck] Работало и перестало....

Alexandr M. Gordivsky Alexandr.Gordivsky@kvazar-micro.kharkov.ua
Wed, 23 Jan 2002 17:02:28 +0200 

This is a multi-part message in MIME format.
--------------4C350426E9A2C2CDADD6D628
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit

Добрый день!
Установил, я kavdaemon and avpcheck, все заработало....
Вот буквально с месяц назад перестал видеть вирусы, при этом почта
ходит...
Призапуске тестового файла все проходит нормально, но вируса не видит.
Ключ expired, но все равно должно рабоать
не могу понять в чем дело, помогите please
Файлы конфигурации и strace приатачены.
В файле defUnix.prf опция InfectedAction = 2 ставлю 0 все равно
непомагает, собирал этот файл как написано в README.AVp все равно
неа=помагает....
ОС Linux Slackware 8.0
KAV Ver 3.0 Build 136 (переустанавливал)
avcheck 0.4 (ставил 0.7 не помагает)
Please Help me!!

--
С уважением Александр Гордивский
Системный администратор
Харьковский офис "Квазар-Микро"
e-mail: Alexandr.Gordivsky@kvazar-micro.kharkov.ua
tel/fax: (0572) 142-922, 142-923
ICQ # 20998419
Registered Linux user #182284

--
With best regards Alexandr Gordivsky
System administrator
Kharkov office "Kvazar-Micro"
e-mail: Alexandr.Gordivsky@kvazar-micro.kharkov.ua
tel/fax: (0572) 142-922, 142-923
ICQ # 20998419
Registered Linux user #182284


--------------4C350426E9A2C2CDADD6D628
Content-Type: application/pics-rules;
 name="defUnix.prf"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="defUnix.prf"

IyBzYW1lIHNlY3Rpb24gd2l0aCBwYXJhbWV0ZXJzIGZvciBvYmplY3RzCltMb2NhdGlvbl0K
TGlzdD0vdHN0CgpbT2JqZWN0XQpOYW1lcz0qL2hvbWU7Ki90bXA7Ki9zYW1iYTsvdmFyL3Rt
cDsvdXNyL3NyYzsvbW50L2Nkcm9tCk1lbW9yeT1ObwpTZWN0b3JzPU5vClNjYW5BbGxTZWN0
b3JzPU5vCkZpbGVzPVllcwpGaWxlTWFzaz0yClVzZXJNYXNrPSoudGFyLmd6CkV4Y2x1ZGVG
aWxlcz0wCkV4Y2x1ZGVNYXNrPSoudHh0ICouY21kIApFeGNsdWRlRGlyPQpQYWNrZWQ9WWVz
CkFyY2hpdmVzPVllcwpTZWxmRXh0QXJjaGl2ZXM9WWVzCk1haWxCYXNlcz1ObwpNYWlsUGxh
aW49WWVzCkVtYmVkZGVkPVllcwpJbmZlY3RlZEFjdGlvbj0yCkJhY2t1cEluZmVjdGVkPU5v
CklmRGlzaW5mSW1wb3NzaWJsZT0wCldhcm5pbmdzPVllcwpDb2RlQW5hbHlzZXI9WWVzClJl
ZHVuZGFudFNjYW49Tm8KU3ViRGlyZWN0b3JpZXM9WWVzCkNyb3NzRnM9WWVzCgojIGdsb2Jh
bChjb21tb24pIG9wdGlvbnMgc2VjdGlvbnMKW09wdGlvbnNdClNjYW5SZW1vdmFibGU9WWVz
ClNjYW5TdWJEaXJBdEVuZD1ObwpQYXJhbGxlbFNjYW49Tm8KTGltaXRGb3JQcm9jZXNzPTE2
CkVuZGxlc3NseVNjYW49Tm8KU2NhbkRlbGF5PS0xClN5bWxpbmtzPTEKCltSZXBvcnRdClJl
cG9ydD1ObwpVc2VTeXNMb2c9Tm8KUmVwb3J0RmlsZU5hbWU9cmVwb3J0LWF2cC1zY2FubmVy
LnJwdApBcHBlbmQ9WWVzClJlcG9ydEZpbGVMaW1pdD1ZZXMKUmVwb3J0RmlsZVNpemU9NTAw
CkV4dFJlcG9ydD1ZZXMKUmVwQ3JlYXRlRmxhZz02MDAKVXNlQ1I9WWVzClJlcEZvckVhY2hE
aXNrPVllcwpMb25nU3RyaW5ncz1ZZXMKVXNlclJlcG9ydD1ObwpVc2VyUmVwb3J0TmFtZT1+
dXNlcnJlcG9ydC5sb2cKIyBTaG93aW5nIG9iamVjdHMKU2hvd09LPU5vClNob3dQYWNrPU5v
ClNob3dQYXNzd29yZGVkPU5vClNob3dTdXNwaXNpb249WWVzClNob3dXYXJuaW5nPVllcwpT
aG93Q29ycnVwdGVkPU5vClNob3dVbmtub3duPU5vCgojIEFjdGlvbiB3aXRoIGluZmVjdGVk
IGZpbGVzCltBY3Rpb25XaXRoSW5mZWN0ZWRdCkluZmVjdGVkQ29weT1ObwpJbmZlY3RlZEZv
bGRlcj1pbmZlY3RlZApDb3B5V2l0aFBhdGg9WWVzCiMgQWN0aW9uIHdpdGggc2FtZSBpbmZl
Y3Rpb24gZmlsZQpDaGFuZ2VFeHQ9Tm9uZQ0KTmV3RXh0ZW5zaW9uPVZpcnMKQ2hvd25Ubz1O
b25lCkNoTW9kVG89Tm8KCiMgQWN0aW9uIHdpdGggc3VzcGljaW9uIGZpbGVzCltBY3Rpb25X
aXRoU3VzcGljaW9uXQpTdXNwaWNpb3VzQ29weT1ObwpTdXNwaWNpb3VzRm9sZGVyPXN1c3Bp
Y2lvdXMKQ29weVdpdGhQYXRoPVllcwojIEFjdGlvbiB3aXRoIHNhbWUgc3VzcGljaW91cyBm
aWxlCkNoYW5nZUV4dD1Ob25lDQpOZXdFeHRlbnNpb249U3VzcApDaG93blRvPU5vbmUKQ2hN
b2RUbz1ObwoKIyBBY3Rpb24gd2l0aCBjb3JydXB0ZWQgZmlsZXMKW0FjdGlvbldpdGhDb3Jy
dXB0ZWRdCkNvcnJ1cHRlZENvcHk9Tm8KQ29ycnVwdGVkRm9sZGVyPWNvcnJ1cHRlZApDb3B5
V2l0aFBhdGg9WWVzCiMgQWN0aW9uIHdpdGggc2FtZSBjb3JydXB0ZWQgZmlsZQpDaGFuZ2VF
eHQ9Tm9uZQ0KTmV3RXh0ZW5zaW9uPUNvcnIKQ2hvd25Ubz1Ob25lCkNoTW9kVG89Tm8KCltU
ZW1wRmlsZXNdClVzZU1lbW9yeUZpbGVzPVllcwpMaW1pdEZvck1lbUZpbGVzPTYwMDAKTWVt
RmlsZXNNYXhTaXplPTIwMDAwClRlbXBQYXRoPS90bXAKCltQcmlvcml0eV0KRmF0aGVyPTAK
Q2hpbGQ9MAoKW01haWxdClNlbmRNYWlsPVllcwpTZW5kT25FYWNoPU5vClNlbmRBdEVuZD1Z
ZXMKU2VuZFRvPXJvb3QKQ0M9CgpbQ3VzdG9taXplXQpTb3VuZD1ObwpVcGRhdGVDaGVjaz1Z
ZXMKVXBkYXRlSW50ZXJ2YWw9OTAKT3RoZXJNZXNzYWdlcz1ZZXMKUmVkdW5kYW50TWVzc2Fn
ZT1ZZXMKRGVsZXRlQWxsTWVzc2FnZT1ZZXMKRXhpdE9uQmFkQmFzZXM9WWVzClVzZUV4dGVu
ZGVkRXhpdENvZGU9WWVzCg==
--------------4C350426E9A2C2CDADD6D628
Content-Type: application/x-unknown-content-type-inifile;
 name="AvpUnix.ini"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="AvpUnix.ini"

W0FWUDMyXQpEZWZhdWx0UHJvZmlsZT1kZWZVbml4LnByZgpMb2NGaWxlPU5vbmUKCltDb25m
aWd1cmF0aW9uXQpLZXlGaWxlPTAwMDA2N2ZlLmtleQpLZXlzUGF0aD0vClNldEZpbGU9YXZw
LnNldApCYXNlUGF0aD0vYmFzZXMKU2VhcmNoSW5TdWJEaXI9Tm8KVXBkYXRlUGF0aD1mdHA6
Ly9mdHAua2FzcGVyc2t5bGFiLnJ1L3VwZGF0ZXMK
--------------4C350426E9A2C2CDADD6D628
Content-Type: text/plain; charset=koi8-r;
 name="t"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="t"

26523 select(1024, [1], NULL, NULL, NULL) = 1 (in [1])
26523 accept(1, {sin_family=AF_UNIX, path=@                                                                                                                     00004bdc}, [11]) = 2
26523 select(1024, [1 2], NULL, NULL, NULL) = 1 (in [2])
26523 read(2, "<0>Jan 23 16:06:42:/tst/26639.tm"..., 2048) = 33
26523 fork()                            = 26640
26523 wait4(26640,  <unfinished ...>
26640 fork()                            = 26641
26640 munmap(0x400fb000, 4096)          = 0
26640 munmap(0x40000000, 4096)          = 0
26640 _exit(0)                          = ?
26523 <... wait4 resumed> [WIFEXITED(s) && WEXITSTATUS(s) == 0], 0, NULL) = 26640
26523 --- SIGCHLD (Child exited) ---
26523 select(1024, [1 2], NULL, NULL, NULL <unfinished ...>
26641 rt_sigaction(SIGINT, {0x804a46c, [], SA_RESTART|0x4000000}, {0x804a48c, [], SA_RESTART|0x4000000}, 8) = 0
26641 rt_sigaction(SIGQUIT, {0x804a46c, [], SA_RESTART|0x4000000}, {0x804a48c, [], SA_RESTART|0x4000000}, 8) = 0
26641 rt_sigaction(SIGTERM, {0x804a46c, [], SA_RESTART|0x4000000}, {0x804a48c, [], SA_RESTART|0x4000000}, 8) = 0
26641 rt_sigaction(SIGHUP, {SIG_IGN}, {0x805b78c, [], SA_RESTART|0x4000000}, 8) = 0
26641 rt_sigaction(SIGPIPE, {0x804a46c, [], SA_RESTART|0x4000000}, {SIG_IGN}, 8) = 0
26641 getuid()                          = 1015
26641 time(NULL)                        = 1011794802
26641 lstat("/tst/26639.tmp", {st_mode=S_IFREG|0640, st_size=1118, ...}) = 0
26641 access("/tmp", F_OK)              = 0
26641 lstat("/tst/26639.tmp", {st_mode=S_IFREG|0640, st_size=1118, ...}) = 0
26641 getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
26641 open("/tst/26639.tmp", O_RDONLY|0x40000000) = 3
26641 fstat(3, {st_mode=S_IFREG|0640, st_size=1118, ...}) = 0
26641 fstat(3, {st_mode=S_IFREG|0640, st_size=1118, ...}) = 0
26641 lseek(3, 0, SEEK_SET)             = 0
26641 read(3, "From: Michael Tokarev <mjt@corpi"..., 4096) = 1118
26641 close(3)                          = 0
26641 time(NULL)                        = 1011794802
26641 write(2, "0\1", 2)                = 2
26523 <... select resumed> )            = 1 (in [2])
26523 read(2, "", 2048)                 = 0
26523 close(2)                          = 0
26523 select(1024, [1], NULL, NULL, NULL <unfinished ...>
26641 write(2, "\0\0\0\0", 4)           = -1 EPIPE (Broken pipe)
26641 --- SIGPIPE (Broken pipe) ---
26641 sigreturn()                       = ? (mask now [])
26641 rt_sigaction(SIGPIPE, {SIG_DFL}, {0x804a46c, [], SA_RESTART|0x4000000}, 8) = 0
26641 munmap(0x400fb000, 4096)          = 0
26641 munmap(0x40000000, 4096)          = 0
26641 _exit(0)                          = ?

--------------4C350426E9A2C2CDADD6D628--