Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
F-Secure and failure to start
134 views
Skip to first unread message
Alex
Jun 23, 2016, 12:21:39 AM6/23/16
to
Hi,
I've installed the downloadable trial version of F-Secure for Linux
(installed on fedora) and it appears to be running properly. However,
amavis doesn't seem to be able to control it.
Jun 22 22:17:56 mail01 amavis[4471]: (04471-01) (!)run_av (F-Secure
Linux Security) FAILED - unexpected exit 1, output="Something wrong in
initializing backend. Code:256\nFATAL: Failed to get configuration"
Jun 22 22:17:56 mail01 amavis[4471]: (04471-01) (!)F-Secure Linux
Security av-scanner FAILED: /usr/bin/fsav unexpected exit 1,
output="Something wrong in initializing backend. Code:256\nFATAL:
Failed to get configuration" at (eval 87) line 905.
Where is the configuration file it is referencing?
This doesn't appear to be using a socket like clamav or sophos use. Is
there a more optimized configuration available that uses the f-secure
socket?
I have the following configuration in my amavisd.conf:
### http://www.f-secure.com/ version 9.14
['F-Secure Linux Security',
['/usr/bin/fsav', 'fsav'],
'--virus-action1=report --archive=yes --auto=yes '.
'--list=no --nomimeerr {}', [0], [3,4,6,8],
qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
# NOTE: internal archive handling may be switched off by '--archive=no'
# to prevent fsav from exiting with status 9 on broken archives
Can someone confirm for me that the above is the proper method of
invocation for the current version (11.0 build 79) of f-secure?
I've installed the downloadable trial version of F-Secure for Linux
(installed on fedora) and it appears to be running properly. However,
amavis doesn't seem to be able to control it.
Jun 22 22:17:56 mail01 amavis[4471]: (04471-01) (!)run_av (F-Secure
Linux Security) FAILED - unexpected exit 1, output="Something wrong in
initializing backend. Code:256\nFATAL: Failed to get configuration"
Jun 22 22:17:56 mail01 amavis[4471]: (04471-01) (!)F-Secure Linux
Security av-scanner FAILED: /usr/bin/fsav unexpected exit 1,
output="Something wrong in initializing backend. Code:256\nFATAL:
Failed to get configuration" at (eval 87) line 905.
Where is the configuration file it is referencing?
This doesn't appear to be using a socket like clamav or sophos use. Is
there a more optimized configuration available that uses the f-secure
socket?
I have the following configuration in my amavisd.conf:
### http://www.f-secure.com/ version 9.14
['F-Secure Linux Security',
['/usr/bin/fsav', 'fsav'],
'--virus-action1=report --archive=yes --auto=yes '.
'--list=no --nomimeerr {}', [0], [3,4,6,8],
qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
# NOTE: internal archive handling may be switched off by '--archive=no'
# to prevent fsav from exiting with status 9 on broken archives
Can someone confirm for me that the above is the proper method of
invocation for the current version (11.0 build 79) of f-secure?
Alex
Jun 26, 2016, 7:54:26 PM6/26/16
to
Hi all, I was really hoping someone had some experience with the
F-Secure antivirus scanner and Linux. Is there no one out there using
it any longer?
Can you make a recommendation for another virus scanner besides Sophos
(sucks) and clamav+sane?
F-Secure antivirus scanner and Linux. Is there no one out there using
it any longer?
Can you make a recommendation for another virus scanner besides Sophos
(sucks) and clamav+sane?
Thomas Jarosch
Jun 27, 2016, 3:42:30 AM6/27/16
to
Hi Alex,
On Sunday, 26. June 2016 19:48:24 Alex wrote:
> > I have the following configuration in my amavisd.conf:
> > ### http://www.f-secure.com/ version 9.14
> >
> > ['F-Secure Linux Security',
> >
> > ['/usr/bin/fsav', 'fsav'],
> > '--virus-action1=report --archive=yes --auto=yes '.
> > '--list=no --nomimeerr {}', [0], [3,4,6,8],
> > qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
> > # NOTE: internal archive handling may be switched off by
> > '--archive=no'
> > # to prevent fsav from exiting with status 9 on broken archives
> >
> > Can someone confirm for me that the above is the proper method of
> > invocation for the current version (11.0 build 79) of f-secure?
your invocation line looks ok to me, but the devil might be in the details.
Here's my invocation line:
--------------------------
@av_scanners = (
['F-Secure Antivirus', '/opt/f-secure/fssp/bin/fsav',
'--allfiles --mime --archive --usedaemon --nopass --nomimeerr --nomimepart --noinvalidmime --maxnested=20 {}',
[0,4,8],
[3,6],
--------------------------
You can try the following:
Invoke fsav from the cmdline as root user. If you can scan an eicar test file with it,
try again after changing to the amavisd user. May be it's a permission problem
that when the fsav binary is invoked as the amavisd user,
it does not have access to the F-secure daemon socket.
Besides that I can't offer much help :)
Cheers,
Thomas
On Sunday, 26. June 2016 19:48:24 Alex wrote:
> > I have the following configuration in my amavisd.conf:
> > ### http://www.f-secure.com/ version 9.14
> >
> > ['F-Secure Linux Security',
> >
> > ['/usr/bin/fsav', 'fsav'],
> > '--virus-action1=report --archive=yes --auto=yes '.
> > '--list=no --nomimeerr {}', [0], [3,4,6,8],
> > qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
> > # NOTE: internal archive handling may be switched off by
> > '--archive=no'
> > # to prevent fsav from exiting with status 9 on broken archives
> >
> > Can someone confirm for me that the above is the proper method of
> > invocation for the current version (11.0 build 79) of f-secure?
Here's my invocation line:
--------------------------
@av_scanners = (
['F-Secure Antivirus', '/opt/f-secure/fssp/bin/fsav',
'--allfiles --mime --archive --usedaemon --nopass --nomimeerr --nomimepart --noinvalidmime --maxnested=20 {}',
[0,4,8],
[3,6],
qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
);
--------------------------
You can try the following:
Invoke fsav from the cmdline as root user. If you can scan an eicar test file with it,
try again after changing to the amavisd user. May be it's a permission problem
that when the fsav binary is invoked as the amavisd user,
it does not have access to the F-secure daemon socket.
Besides that I can't offer much help :)
Cheers,
Thomas
Dino Edwards
Jun 27, 2016, 9:17:23 AM6/27/16
to
I can't offer any help with F-Secure, the only thing I know is Sophos, I've actually written a guide on how to integrate with amavis which I can share if you care. I know you said it sucks, just curious why do you believe it does.
Jyrki Tuohela
Jun 28, 2016, 3:41:58 AM6/28/16
to
Hello,
In my experience F-secure works well in Debian based distros. You run the F-secure installation package, I prefer command line version in servers.
Then it installs everything under /opt (don't have right now server to check, but it is maybe /opt/f-secure/ ) Logs go under /var/opt/f-secure if i remember right.
F-secure configuration files are under /opt/f-secure/fssp (or fsav or ...)
F-secure works as daemon, too. If you define in amavis-configuration file F-secure work as daemon it just works. You should check user and group settings so, that F-secure can write to amavis-owned folders. Maybe adding F-secure to amavis group and giving write-rights to that group helps.
This should be the method to start with. In Fedora also might be some differences in configuring F-secure, but most likely it is possible to get it work with some work.
Kind regards
Jyrki
________________________________________
From: amavis-users [amavis-users-bounces+jyrki.tuohela=cim...@amavis.org] On Behalf Of Alex [mysqls...@gmail.com]
Sent: Thursday, June 23, 2016 5:21
To: amavis...@amavis.org
Subject: F-Secure and failure to start
In my experience F-secure works well in Debian based distros. You run the F-secure installation package, I prefer command line version in servers.
Then it installs everything under /opt (don't have right now server to check, but it is maybe /opt/f-secure/ ) Logs go under /var/opt/f-secure if i remember right.
F-secure configuration files are under /opt/f-secure/fssp (or fsav or ...)
F-secure works as daemon, too. If you define in amavis-configuration file F-secure work as daemon it just works. You should check user and group settings so, that F-secure can write to amavis-owned folders. Maybe adding F-secure to amavis group and giving write-rights to that group helps.
This should be the method to start with. In Fedora also might be some differences in configuring F-secure, but most likely it is possible to get it work with some work.
Kind regards
Jyrki
________________________________________
From: amavis-users [amavis-users-bounces+jyrki.tuohela=cim...@amavis.org] On Behalf Of Alex [mysqls...@gmail.com]
Sent: Thursday, June 23, 2016 5:21
To: amavis...@amavis.org
Subject: F-Secure and failure to start
0 new messages