[Avcheck] Stcking with Kaspersky for now.

Piotr Klaban makler+avcheck at man.torun.pl
Fri Jan 16 11:22:45 MSK 2004


On Thu, Jan 15, 2004 at 05:44:14PM -0600, jim at comm-ents.com wrote:
> I decided while I was redoing things to check if there was a better 
> way to updates the bases for Kaspersky but decided that the 
> kavupdate(.sh) thing wasn't going to work.

I'm using avcheck+Sophie+Sophos right now [1] on my Solaris box,
but I'd used Kaspersky for a few years. I used kavupdater.sh
to update AVP bases. WARNING: I do not not if it would work properly
with newest AVP program.

# crontab entry - update bases each half hour
5,35 * * * * cd /opt/AVP-UPDATE; /opt/AVP-UPDATE/kavupdater.sh

I changed kavupdater.sh a bit because former update methods failed
several times. First Kaspersky changed FTP access to its FTP servers.
That is why you use '--passive-ftp' argument to wget. Then a few times
there was a corrupted *.avc file in update database on Kaspersky's
FTP server. Maybe that is why you download *.zip files. On one of my
servers (linux box) is updated in a similar way from *.zip files.
But one or two times there was a problem with corrupted avc file
extracted from zip file.
That is why I used kavupdater.sh (slightly modified) - it checks against
avp.klb if the avc files have proper MD5 sum, and reload avp only if
there is any change to the (properly) downloaded bases.

I enclose the /opt/AVP-UPDATE directory compressed to tar.gz file.
The AVP-UPDATE/AvpUnix.ini file need to have UpdatePath URL address.
The AVP-UPDATE/url* files are not needed, because I've disabled
execution of urlcheck file, but I provide them if anyone is interested in it.

To run the kavupdater.sh file, you need to change some paths:
- KAV_PATH=/usr/local/sbin (kavupdater location)
  KAV_UPDATE_PATH=/opt/AVP-UPDATE (just for "chdir" to find AvpUnix.ini)
  KAV_BASES=/var/spool/avp/bases - it is defined in AvpUnix.ini
  and in kavupdater.sh
- I use /etc/init.d/avpd script to stop and start kavdaemon
  (simple reloading bases sometimes did not work)

Best regards,

Piotr Klaban

[1] The problems with AVP:
    - too restrictive license (e.g. DrWeb has license for 1 server,
      while Kaspersky's program can filter n-number of mailbox addresses);
    - problems (CPU, timeout) with UPX compression on sparc (it was a problem
      because many viruses use this kind of compression);
    I do not like Sophos (it has ugly MIME support - AVP and DrWeb have rarely
    problems with MIME) but it has no problems with UPX.

-- 
Piotr Klaban
-------------- next part --------------
A non-text attachment was scrubbed...
Name: AVP-UPDATE.tgz
Type: application/x-tar-gz
Size: 1421 bytes
Desc: not available
Url : http://www.corpit.ru/pipermail/avcheck/attachments/20040116/05fcd480/AVP-UPDATE.bin


More information about the Avcheck mailing list