amavis-user April 2014 archive
Main Archive Page > Month Archives  > amavis-user archives
amavis-user: Re: amavisd-new-2.7+ and KLMS 8

Re: amavisd-new-2.7+ and KLMS 8

From: Alexander Dalloz via amavis-users <amavis-users_at_nospam>
Date: Thu Apr 17 2014 - 08:22:10 GMT
To: amavis-users@amavis.org

Am 16.04.2014 21:53, schrieb Andreas Schulze:
> Am 15.04.2014 14:39 schrieb Alexander Dalloz via amavis-users:
>> I have some questions about the interoperability between amavisd-new and
>> helper tools like the Kaspersky anti-virus solution. I am facing problems
>> which I have already summarized in a post on the Kaspersky forum:
>>
>> http://forum.kaspersky.com/index.php?showtopic=293506
>> http://lists.amavis.org/pipermail/amavis-users/2014-January/002737.html
>>
>> Unfortunately it hadn't much response and in fact no solution.
> but now:
>
> accessing KLMS from Amavis is very easy if you know where to change uids

That sounds as if your are using that combination in your own
infrastructure. Sounds promising.

> 1. stop any kaspersy process
> 2. there is a file /var/opt/kaspersky/apps/1463
> change the Group to the same as amavis run:
> # [credentials]
> # user=whatever_kasperky_setup_selected
> # group= amavis

There is no hint in the Kaspersky documentation about such a file and
that setup step. I'll look at it.

> 3. in /etc/group
> gid_kasperky_setup_selected:x:2222:UID_OF_AMAVIS,uid_kasperky_setup_selected
> amavis:x:1111:UID_OF_AMAVIS,uid_kasperky_setup_selected

That has been of course done. The amavis User is part of the klusers
group and kluser is member of the amavis group.

> 4. chgrp amavis /var/run/klms

That will definitely break at least with the next system reboot. Those
kind of modifications aren't future safe.

> 5. don't forget a license file for klms

Sure :)

> in amavis.conf
> push (@av_scanners,
> ['Kaspersky-klms',
> \&ask_daemon, ["nCONTSCAN {}\n", "/var/run/klms/rds_av"],
> qr/\bOK$/m, qr/\bFOUND$/m,
> qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ]
> );

That's added. As a secondary scanner the kavscanner has been configured
which fails as well, either because the logfile can't be written or
(when permissions to the log dir been changed) because the permissions
to the facade socket are not ok.

> Andreas

I am grateful for your reply. I'll again check things, especially the
/var/opt/kaspersky/apps/1463 file.

Kind regards

Alexander