Author Topic: Evaluating Avast / Questions  (Read 2609 times)

0 Members and 1 Guest are viewing this topic.

Offline RA23

  • Newbie
  • *
  • Posts: 2
Evaluating Avast / Questions
« on: July 28, 2023, 11:40:48 AM »
Hello,

for evaluation of "Avast Business Antivirus for Linux" I installed it with an test license in an VM running CentOS7.
Installation works fine and I can scan files.

Q1: Avast daemon runs per default as avast user. When I scan user-directories I get a lot permission denied errors.
When I start the daemon as root (by modifying systemd-unit-file) the scan works. But is it recommended
to run the  daemon as root? Is there a other solution available?

Q2: What I am looking for: A virus-scan-software which just runs when I start it. No daemon required. Are
there any plans to implement that?

Best regards

Offline Radek Brich

  • Developer (Linux AV, Mac AV)
  • Avast team
  • Jr. Member
  • *
  • Posts: 53
Re: Evaluating Avast / Questions
« Reply #1 on: July 28, 2023, 02:08:27 PM »
Hi,

thanks for your interest. We'll consider your feedback.

1. The idea is that the daemon runs with unprivileged user whenever possible. This is good enough for scaning blobs via REST API or for scanning files under your control (e.g. something you upload for scanning).

The `scan` tool currently passes just the path to the scan service, which walks directories and reads the files, so it needs to run as root to be able to scan other user's files. The same applies for `avast-fss`, which actually switches the service to root when installed.

We're aware this is not ideal. We plan to change this, so both FSS and scan tool would pass open files to the service, so only those would read files and possibly require root. The service, which contains the scanning engine, should run as unprivileged user, because it doesn't need higher privileges for the scanning logic.

Your workaround (switching daemon to root) is the best way for now.

2. This is theoretically possible, the drawback of such fat scan tool would be that it would take some time to start (loading the engine + virus definitions takes up to few seconds). So it would need to be an alternative, and it would be very inefficient to run in a batch on individual files. We currently don't have plan to implement this.

Offline RA23

  • Newbie
  • *
  • Posts: 2
Re: Evaluating Avast / Questions
« Reply #2 on: August 01, 2023, 12:29:15 PM »
Hi,

thanks for Your feedback.

Here are a few reasons why i would like to have a standalone scanner:
I want to scan the data on my file servers (Samba) at night recursively. That means it is not so important
for me how long the scanner needs to load its signatures as long as this happens just once per recursive scan.
Since on the clients (Windows) themselves also virus scanners are running, this is then the second check.

Best regards,