[Avcheck] avcheck problem
Michael Tokarev
mjt@tls.msk.ru
Thu, 23 Jan 2003 14:20:01 +0300
Marek Bialoglowy wrote:
> Hello
>
> My Avcheck doesn't work and I don't really know what is the cause of the
> problem. It could be actually related to expiration of the key, but actually
> everything should still work in DEMO mode.
With expired key, KAV will NOT function in daemon mode, as long as I remember.
This is why there is no way to test KAV before purchasing a key. But you
may have another problem too.
> root@mail:~/install/avcheck-0.92pre# /var/spool/avp/uchroot -u avclient / \
>> /var/spool/avp/avcheck -n -f root -d /var/spool/avp/./tst \
>> -s avp:/var/spool/avp/ctl/AvpCtl root < eicar.msg
>
> avcheck: unexpected AVP return code 64 (0x0140) (kavdaemon av bases not
> found)
For this, please post your KAV's config from /var/spool/avp.
> root@mail:/var/spool/avp# /var/spool/avp/avcheck -f root -d
> /var/spool/avp/tst -s avp:/var/spool/avp/ctl/AvpCtl root < eicar.msg
> avcheck: unexpected AVP return code 65 (0x0141) (kavdaemon av bases not
> found)
Hmm. Why avcheck does not complain about being run as root? ;)
But anyway, this variant of it's execution will not work due to
permission problem: KAV will not be able to read temp files
avcheck will write - wrong gid.
> Well seams that bases have not been found, but well ... i still can run
> kavscanner:
>
> root@mail:/var/spool/avp# ./kavscanner /tmp -Y
[snip good results]
Hmm. Did it work before? Too bad I don't remember how KAV
daemon reacts to absence of a valid key...
> Would it be related to expiration of my key ?
Well, may be as one possibility. Or something is wrong with
the config, so chrooted kavdaemon is really unable to find
it's bases.
/mjt