Re: [vserver] Virus scanning on a guest

From: Phil Daws <uxbod_at_splatnix.net>
Date: Sat 04 Oct 2014 - 15:46:10 BST
Message-ID: <255089669.28670.1412433970811.JavaMail.zimbra@innovot.com>

Yeah, lol ... but that is the only error I could see and what is odd is that both Kaspersky and ESET show similar symptoms. And indeed ClamAV and AVG both are absolutely fine. Very weird.

----- Original Message -----
From: "Herbert Poetzl" <herbert@13thfloor.at>
To: "Phil Daws" <uxbod@splatnix.net>
Cc: vserver@list.linux-vserver.org
Sent: Saturday, 4 October, 2014 2:40:59 PM
Subject: Re: [vserver] Virus scanning on a guest

On Sat, Oct 04, 2014 at 08:50:41AM +0100, Phil Daws wrote:
> Have straced the eset daemon on start and it appears to be failing here:

> munmap(0xf750f000, 4096) = 0
> open("/var/opt/eset/esets/lib/em001_32.dat", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
> munmap(0xf74f6000, 102400) = 0
> write(2, "error[38440000]: Cannot initiali"..., 69error[38440000]: Cannot initialize scanner: No such file or directory) = 69
> write(2, "\n", 1
> )

> and the file does exist:

> ls -l /var/opt/eset/esets/lib/em000_32.dat
> -rw-r--r-- 1 root root 55888 Oct 2 15:52 /var/opt/eset/esets/lib/em000_32.dat

This is a different file (em000 vs em001)

> Any ideas please ?

Best,
Herbert

> ----- Original Message -----
> From: "Herbert Poetzl" <herbert@13thfloor.at>
> To: "Phil Daws" <uxbod@splatnix.net>
> Cc: vserver@list.linux-vserver.org
> Sent: Friday, 3 October, 2014 6:38:00 PM
> Subject: Re: [vserver] Virus scanning on a guest

> On Fri, Oct 03, 2014 at 05:37:11PM +0100, Phil Daws wrote:
>> Hello:

>> has anybody been able to get virus scanning running under
>> a vserver guest ? Yesterday I tried ESET and Kaspersky
>> with the following errors:

>> service esets start
>> Starting ESET Securityerror[25340000]: Cannot initialize
>> scanner: No such file or directory [FAILED]

>> /opt/kaspersky/kav4fs/bin/kav4fs-control --scan-file /tmp
>> Couldn't scan file /tmp
>> Description: Operation isn't allowed

> First /tmp is not a file, it is a mount point (at least
> on typical Unix/Linux distributions), and the question
> here is how your /tmp is mounted (which might be too
> restrictive, for security reasons, on this guest)

>> I even gave my guest :

>> cat bcapabilities
>> NET_RAW
>> SYS_ADMIN

> Those are definitely not required for a simple task like
> virus scanning and I would strongly suggest not to give
> that to a guest with a focus on security ...

>> any ideas please ? Thanks, P.

> First, check the mount options, then check with e.g.
> strace -fF what the kaspersky tool is trying to do and
> what actually fails.

> HTH,
> Herbert
Received on Sat Oct 4 15:46:20 2014

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sat 04 Oct 2014 - 15:46:20 BST by hypermail 2.1.8