many problems with avast server linux

[kabouns]

Hello,

I am some problems with Avast 3.0.1 Linux Server.
- How scan more than one directory (/var and /opt for exemple)
- When avast find virus I don't see log in /var/log/avast4/avastd.log (test with avastcmd and eicar.zip)
- How activate actions with infected files ? It's possible with avastcmd, but with resident scan ?
- With avastcmd there are 3 possibles actions : delete, repair and continue, but quarantine don't exist ? However I can see the "moved" directory.....
 
You find following my avastd.conf file :

Code: [Select]

[global]
     usesyslog = no
     syslogfacility = LOG_DAEMON
     logfile = /var/log/avast4/avastd.log
     maxlogfile=100000
     ignoreloginfo=1

[local]
      daemoncount = 3
      maxdaemoncount = 5
      listen = /var/run/avast4/local.sock
      timeout = 300
      user = root
      rootdir = /var
      datadir = /var/lib/avast4
      tempdir = /var/tmp/avast4
      licensefile = /var/lib/avast4/License.dat
      workdir = /var/lib/avast4
      subdirs = true
      testall = 1
      testfull = 0
      ignoretype = 0
      archivetype = A
      summaryarchive = 0
      maxpackerdepth = 0
      maxfilesizetoextract = 500000
      maxcompressionratio = 50
      compressioncheckthreshold = 10000
      maxtotalcompressionratio = 100
      totalcompressioncheckthreshold = 1000
      loginfected = 1
      logerrors = 1
      logclean = 1

[local2]
   daemoncount = 3
   maxdaemoncount = 5
   listen = /var/run/avast4/local.sock
   timeout = 300
   user = root
   rootdir = /opt
   datadir = /var/lib/avast4
   tempdir = /var/tmp/avast4
   licensefile = /var/lib/avast4/License.dat
   workdir = /opt
   subdirs = true
   testall = 1
   testfull = 0
   ignoretype = 0
   archivetype = A
   summaryarchive = 0
   maxpackerdepth = 0
   maxfilesizetoextract = 500000
   maxcompressionratio = 50
   compressioncheckthreshold = 10000
   maxtotalcompressionratio = 100
   totalcompressioncheckthreshold = 1000
   loginfected = true
   logerrors = true
   logclean = true

HELP ME PLEASE!!!!!

Thank you very much

[zilog]

Hallo,

#1 It seems that You mix two different things together - in the fact, avastcmd has nothing to do with avastd. avastd is a central scanning service, which communicates with its thin clients, such as avastlite. avastcmd is a standalone scanner which doesn't depend on avastd (only uses the same in-memory shared virus database as avastd, but this sharing is fully transparent)

#2 scanning more directories is simple - use more arguments, example: avastcmd /var /opt

#3 actions can't be performed with the avastd directly - it's protocol doesn't allow it, and such actions are hard to "hardwire" in a generic manner - for example, infected mail should be treated differently than infected executable file in user's home. these actions are up to its thin clients.

#4 yes, avastcmd (a a standalone on-demand cmdline probe) doesn't contain this - it's intended for use in on-demand scripts and simple shell constructs like

avastcmd /home/vxer/my_viruses | grep "\[infected by:" | while read a b; do WHAT YOU WANT WITH $a; done

have faaar better flexibility than any hard-wired action, IMHO.

regards,
PC

[kabouns]

Thank you for the reply.
I don't find documentation as well as man page. It's difficult. I don't understand the difference between avastlite and avastcmd. Then if we  consider avastlite as the resident scan what is the difference between avastguard and  avastlite.

Thank you.

kab