Re: [vserver] Virus scanning on a guest

From: Herbert Poetzl <herbert_at_13thfloor.at>
Date: Sat 04 Oct 2014 - 16:51:01 BST
Message-ID: <20141004155101.GW25180@MAIL.13thfloor.at>

On Sat, Oct 04, 2014 at 03:46:10PM +0100, Phil Daws wrote:
> Yeah, lol ... but that is the only error I could see and
> what is odd is that both Kaspersky and ESET show similar
> symptoms.

Maybe those are basically the same software, who knows
who stole from whom there :)

> And indeed ClamAV and AVG both are absolutely fine.

Why not ask the Kaspersky/ESET support what this error
actually means?

Best,
Herbert

> Very weird.

> ----- Original Message -----
> From: "Herbert Poetzl" <herbert@13thfloor.at>
> To: "Phil Daws" <uxbod@splatnix.net>
> Cc: vserver@list.linux-vserver.org
> Sent: Saturday, 4 October, 2014 2:40:59 PM
> Subject: Re: [vserver] Virus scanning on a guest

> On Sat, Oct 04, 2014 at 08:50:41AM +0100, Phil Daws wrote:
>> Have straced the eset daemon on start and it appears to be failing here:

>> munmap(0xf750f000, 4096) = 0
>> open("/var/opt/eset/esets/lib/em001_32.dat", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
>> munmap(0xf74f6000, 102400) = 0
>> write(2, "error[38440000]: Cannot initiali"..., 69error[38440000]: Cannot initialize scanner: No such file or directory) = 69
>> write(2, "\n", 1
>> )

>> and the file does exist:

>> ls -l /var/opt/eset/esets/lib/em000_32.dat
>> -rw-r--r-- 1 root root 55888 Oct 2 15:52 /var/opt/eset/esets/lib/em000_32.dat

> This is a different file (em000 vs em001)

>> Any ideas please ?

> Best,
> Herbert

>> ----- Original Message -----
>> From: "Herbert Poetzl" <herbert@13thfloor.at>
>> To: "Phil Daws" <uxbod@splatnix.net>
>> Cc: vserver@list.linux-vserver.org
>> Sent: Friday, 3 October, 2014 6:38:00 PM
>> Subject: Re: [vserver] Virus scanning on a guest

>> On Fri, Oct 03, 2014 at 05:37:11PM +0100, Phil Daws wrote:
>>> Hello:

>>> has anybody been able to get virus scanning running under
>>> a vserver guest ? Yesterday I tried ESET and Kaspersky
>>> with the following errors:

>>> service esets start
>>> Starting ESET Securityerror[25340000]: Cannot initialize
>>> scanner: No such file or directory [FAILED]

>>> /opt/kaspersky/kav4fs/bin/kav4fs-control --scan-file /tmp
>>> Couldn't scan file /tmp
>>> Description: Operation isn't allowed

>> First /tmp is not a file, it is a mount point (at least
>> on typical Unix/Linux distributions), and the question
>> here is how your /tmp is mounted (which might be too
>> restrictive, for security reasons, on this guest)

>>> I even gave my guest :

>>> cat bcapabilities
>>> NET_RAW
>>> SYS_ADMIN

>> Those are definitely not required for a simple task like
>> virus scanning and I would strongly suggest not to give
>> that to a guest with a focus on security ...

>>> any ideas please ? Thanks, P.

>> First, check the mount options, then check with e.g.
>> strace -fF what the kaspersky tool is trying to do and
>> what actually fails.

>> HTH,
>> Herbert
Received on Sat Oct 4 16:51:09 2014

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sat 04 Oct 2014 - 16:51:09 BST by hypermail 2.1.8