Author Topic: Recommended way to start avast  (Read 1520 times)

0 Members and 1 Guest are viewing this topic.

Offline cg

  • Newbie
  • *
  • Posts: 9
Recommended way to start avast
« on: April 05, 2022, 03:26:25 PM »
avast for linux business 4.0.3 on Ubuntu 20.04 focal

Starting via systemd: ("avast.target
A meta unit linked in all avast services. Restarting this unit restarts all avast daemons, and
recreates sockets. Enabling it enables everything Avast antivirus needs to operate.")
creates sockets but fails when trying to scan sth:
root@wastl:~# systemctl restart avast.target
root@wastl:~# ls /run/avast
emsg.sock  scan.sock

root@wastl:~# scan -i /tmp/eicar.com
read(): Connection reset by peer
and the sockets are gone.

However when starting avast manually/interactively:
root@wastl:~# avast start
2022-04-05 15:17:09.002+0200 [ 6821:  1aa5] NOTICE  main: Starting 4.0.3 (d92998101785 LNX)
2022-04-05 15:17:10.501+0200 [ 6821:  1aa5] NOTICE  engine: Loaded VPS #22040402

root@wastl:~# scan -i /tmp/eicar.com
/tmp/eicar.com  EICAR Test-NOT virus!!!||algo

it is working. So, what's the correct way to start avast in a systemd environment? I suppose there's a problem with the unit files.


Offline cg

  • Newbie
  • *
  • Posts: 9
Re: Recommended way to start avast
« Reply #1 on: April 05, 2022, 05:01:56 PM »
systemd tries to start avast as user:group avast:avast.

Trying that manually gives the following error:
root@wastl:/etc/avast# sudo -u avast avast
2022-04-05 17:00:48.552+0200 [ 7661:  1ded] NOTICE  main: Starting 4.0.3 (d92998101785 LNX)
2022-04-05 17:00:48.725+0200 [ 7661:  1ded] ERROR   engine: avldrLoadModule(): Permission denied
2022-04-05 17:00:48.725+0200 [ 7661:  1ded] ERROR   main: Failed to load VPS.
2022-04-05 17:00:48.725+0200 [ 7661:  1ded] ERROR   main: Fatal error. Exiting.

(Apparently it works only when running as root).
What resources could cause the permission denied?

Offline bednar

  • Avast team
  • Newbie
  • *
  • Posts: 4
Re: Recommended way to start avast
« Reply #2 on: April 05, 2022, 06:21:26 PM »
Hi, did you by any chance uninstall avast-fss ?

We have reports that this might happen in some cases.
There are several possible fixes:
  • change the ownership of all /var/lib/avast/ to avast:avast
  • remove contents of /var/lib/avast/defs and manually trigger avast-vpsupdate.service (systemctl start avast-vpsupdate.service. It will take a while as it redownloads the complete detection database)
  • change the user and group of the service to root by editing the unit file (systemctl edit avast.service)
  • uninstall and install the avast package. (not a reinstall) . This should in effect be the equivalent of removing the /var/lib/avast/defs/ directory.

I'd recommend first trying to remove /var/lib/avast/defs and reinitializing the detection database. If that doesn't work, reinstall, and the permissions should be set up correctly.


Offline cg

  • Newbie
  • *
  • Posts: 9
Re: Recommended way to start avast
« Reply #3 on: April 06, 2022, 11:42:44 AM »
avast-fss was never installed.

I realized however some files in /var/lib/avast belonged to root. So I applied the first suggestion and recursively chowned everything under /var/lib/avast to avast:avast.
That fixed the thing.
Thanks!

Offline bednar

  • Avast team
  • Newbie
  • *
  • Posts: 4
Re: Recommended way to start avast
« Reply #4 on: April 06, 2022, 01:54:57 PM »
That's interesting.
We'd be very grateful if you could describe some of the machine's history, to figure out how the root files got there.
Important events: distribution upgrade, Avast 3.X -> 4.X migration.

Great you got it sorted, and thanks in advance for any information.