Author Topic: On Access Scanner  (Read 7562 times)

0 Members and 1 Guest are viewing this topic.

bfagan

  • Guest
On Access Scanner
« on: July 20, 2009, 05:30:27 PM »
I am trying to test the on-access scanner on my CentOS 5.3 server, I am using the EICAR file I have left it in a bunch of places and used SCP to send the file to the server. The scanner has never picked up the virus and the service is running. Any help would be greatly appreciated, thanks in advance. 

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: On Access Scanner
« Reply #1 on: July 21, 2009, 05:40:30 AM »
In my opinion, since the on-access scanner is "on-access" if you browsed to that part of the file system, it should pick it up.

That's only because the file was transferred from another system on the network.  If you used that machine to download the file in the first place, then the on-access scanner would scan it once downloaded (or as it was downloaded).

I don't see it not finding the virus a "huge deal" because I doubt that the virus could do any harm by merely being transferred to another computer.  Something has to invoke it, and with that, it can do no harm. It's just another file.  Now, when the file is executed, the on-access scanner will scan it as it is loaded, and the virus should be detected.

Or, maybe I'm wrong...
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline zilog

  • Avast team
  • Advanced Poster
  • *
  • Posts: 957
  • or #f0; daa; add a,#a0; adc a,#40
Re: On Access Scanner
« Reply #2 on: July 23, 2009, 09:44:35 AM »
I am trying to test the on-access scanner on my CentOS 5.3 server, I am using the EICAR file I have left it in a bunch of places and used SCP to send the file to the server. The scanner has never picked up the virus and the service is running. Any help would be greatly appreciated, thanks in advance. 

Hallo,
on access means avast4guard + dazuko kernel module - are you sure that dazuko is installed properly, and avast4guard configuration correct?
regards,
pc
May's Law: Software efficiency halves every 18 months, compensating Moore's Law. (David May, INMOS)

bfagan

  • Guest
Re: On Access Scanner
« Reply #3 on: July 28, 2009, 10:30:22 PM »
I did not get any errors while installing dazuko or the avastguard, after looking through all the logs I do not see anything that would cause me to believe the configuration is not correct.

Offline zilog

  • Avast team
  • Advanced Poster
  • *
  • Posts: 957
  • or #f0; daa; add a,#a0; adc a,#40
Re: On Access Scanner
« Reply #4 on: July 30, 2009, 03:51:31 PM »
I did not get any errors while installing dazuko or the avastguard, after looking through all the logs I do not see anything that would cause me to believe the configuration is not correct.

you should look into avastd logs - whether the file was scanned. probably, you didn't specify the guarded area in conf. file, and thus, no scan was performed at all (my assumption).

cruel method is bare strace -f -p avastd's_lowest_pid, works without fiddling with anything :>.

regards,
pc
May's Law: Software efficiency halves every 18 months, compensating Moore's Law. (David May, INMOS)

bfagan

  • Guest
Re: On Access Scanner
« Reply #5 on: August 04, 2009, 12:00:38 AM »
I figured out my issue, you were correct about the guarded area thanks for the help. My next issue is when I configure the on access scanner and it tries to scan a large directory it freezes up the whole system. I am using an older box but I figured it had enough power, I will try a newer box but is this a common issue?
« Last Edit: August 05, 2009, 06:14:43 PM by bfagan »

Offline zilog

  • Avast team
  • Advanced Poster
  • *
  • Posts: 957
  • or #f0; daa; add a,#a0; adc a,#40
Re: On Access Scanner
« Reply #6 on: August 07, 2009, 04:29:38 PM »
I figured out my issue, you were correct about the guarded area thanks for the help. My next issue is when I configure the on access scanner and it tries to scan a large directory it freezes up the whole system. I am using an older box but I figured it had enough power, I will try a newer box but is this a common issue?

Hallo,
yes, latencies might be expected, when using on-access scanning massively (some apps are so badly written, that they modify/acces files per-partes, causing this must-scan-it-again hell).

regards,
pc
May's Law: Software efficiency halves every 18 months, compensating Moore's Law. (David May, INMOS)