Author Topic: Testing avast! on Mac OS X 10.6.3  (Read 6583 times)

0 Members and 1 Guest are viewing this topic.

Offline crenelle

  • Newbie
  • *
  • Posts: 2
Testing avast! on Mac OS X 10.6.3
« on: May 11, 2010, 09:27:33 PM »
Hi! I'm using the trial avast! Version 2.7R0 (ServiceKit 1.41)


Hi,

I am playing with AV packages. I've installed avast! for Mac OS X on a MacBookPro2,1 17" laptop and told it to scan a 160 GB HFS+ partition. Well into the scan the alert pops up:

Daemon died

The file scan daemon died scanning path

/

of 1 paths (0 remains). Do you want to scan again when the daemon is re-launched?

Cancel   Scan again


When I select Scan again, it typically proceeds to first download updates. It finishes that with a VPS Upgraded alert.

Then another alert pops up providing the option of

1 Scan all, 2 Scan from current.

Of course, I try 2 first, and the alert goes away, leaving the avast control panel, which says avast! is waiting for command.

I just told it to scan from current. Isn't that the command it has lived all these milliseconds for?

Here's the recent activity log:

11.05.10 03:26:12.854 Scanning 1 paths (auto 0):
11.05.10 03:26:12.854   /
11.05.10 04:10:36.601 Daemon launched
11.05.10 04:10:36.756 Daemon launched
11.05.10 04:10:38.599 Scanned: aborted 0, items: 873295, files: 482117, viruses: 0, warnings: 13
11.05.10 04:10:45.979 Daemon pid 3200 priority 0 reports trial 5157853 (59.697373 days)
11.05.10 10:44:43.169 Checking for update (manually: 0)
11.05.10 10:44:43.215 Update failed (507), falling back...
11.05.10 10:47:12.824 Upgraded successfully, reloading...
11.05.10 10:47:18.828 Update done -- reloaded

I am also curious why my system logs are jam-packed with avast! messages, and even in the current state of not apparently doing anything, I see new avast messages appear every few seconds. I think the answer is that it in fact is doing something, but it just isn't telling me what that happens to be. So I have no idea what it is doing, it isn't providing any kind of meaningful status. I just see the panel with the six main iconic buttons (Scan Now, Scan Volume, Scan Folder,...,Check Update, Virus Chest, Preferences, Background Scan, Show Last Scan) with the first four iconic buttons dimmer (grayed out, disabled?) than the others.

I can't select Preferences... from the avast! menu, it is grayed out, but I CAN click on the enabled Preferences icon.

May 11 10:53:37 bentley-MBP-OSX avast![3107]: DEBUG RECV 48
May 11 10:53:37 bentley-MBP-OSX avast![3107]: DEBUG RECV 56 (len 65535, rename 1)
May 11 10:53:37 bentley-MBP-OSX avast![3107]: DEBUG RECV 63 (len 58)
May 11 10:53:37 bentley-MBP-OSX avast![3107]: DEBUG RECV 70
May 11 10:53:37 bentley-MBP-OSX avast![3107]: DEBUG RECV 78
May 11 10:53:37 bentley-MBP-OSX avast![3107]: KEXT: reading the queue of changed&renamed files
May 11 10:53:37 bentley-MBP-OSX avast![3107]: KEXT (iq 0):   1: "/Users/x/Library/Preferences/com.apple.Console.plist.TWqiBKj" -> "/Users/x/Library/Preferences/com.apple.Console.plist"
May 11 10:53:37 bentley-MBP-OSX avast![3107]: DEBUG RECV 48
May 11 10:53:37 bentley-MBP-OSX avast![3107]: DEBUG RECV 106
May 11 10:53:37 bentley-MBP-OSX avast![3107]: KEXT: done 1 files (lost 0 files in overflown queue), #1523
May 11 10:53:37 bentley-MBP-OSX avast![3107]: done with for kernel input...
May 11 10:53:37 bentley-MBP-OSX avast![3107]: waiting for kernel input...
May 11 10:53:38 bentley-MBP-OSX avast![3107]: KAUTH getting 1 changes...
May 11 10:53:38 bentley-MBP-OSX avast![3107]:   resolving 1 renames
May 11 10:53:38 bentley-MBP-OSX avast![3107]: KAUTH got all changes
May 11 10:53:42 bentley-MBP-OSX avast![3107]: reading for kernel input...
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 48
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 56 (len 67, rename 0)
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 63 (len 67)
May 11 10:53:42 bentley-MBP-OSX avast![3107]: KEXT: reading the queue of changed&renamed files
May 11 10:53:42 bentley-MBP-OSX avast![3107]: KEXT (iq 0):   1: "/Users/x/Library/Preferences/com.avast.MacAvast.plist.ex23l4q"
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 48
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 106
May 11 10:53:42 bentley-MBP-OSX avast![3107]: KEXT: done 1 files (lost 0 files in overflown queue), #1524
May 11 10:53:42 bentley-MBP-OSX avast![3107]: done with for kernel input...
May 11 10:53:42 bentley-MBP-OSX avast![3107]: waiting for kernel input...
May 11 10:53:42 bentley-MBP-OSX avast![3107]: reading for kernel input...
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 48
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 56 (len 65535, rename 1)
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 63 (len 59)
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 70
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 78
May 11 10:53:42 bentley-MBP-OSX avast![3107]: KEXT: reading the queue of changed&renamed files
May 11 10:53:42 bentley-MBP-OSX avast![3107]: KEXT (iq 0):   1: "/Users/x/Library/Preferences/com.avast.MacAvast.plist.ex23l4q" -> "/Users/x/Library/Preferences/com.avast.MacAvast.plist"
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 48
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 106
May 11 10:53:42 bentley-MBP-OSX avast![3107]: KEXT: done 1 files (lost 0 files in overflown queue), #1525
May 11 10:53:42 bentley-MBP-OSX avast![3107]: done with for kernel input...
May 11 10:53:42 bentley-MBP-OSX avast![3107]: waiting for kernel input...
May 11 10:53:43 bentley-MBP-OSX avast![3107]: KAUTH getting 1 changes...
May 11 10:53:43 bentley-MBP-OSX avast![3107]:   resolving 1 renames
May 11 10:53:43 bentley-MBP-OSX avast![3107]: KAUTH got all changes
May 11 10:55:30 bentley-MBP-OSX avast![3107]: reading for kernel input...
May 11 10:55:30 bentley-MBP-OSX avast![3107]: DEBUG RECV 48
May 11 10:55:30 bentley-MBP-OSX avast![3107]: DEBUG RECV 56 (len 54, rename 0)
May 11 10:55:30 bentley-MBP-OSX avast![3107]: DEBUG RECV 63 (len 54)
May 11 10:55:30 bentley-MBP-OSX avast![3107]: KEXT: reading the queue of changed&renamed files
May 11 10:55:30 bentley-MBP-OSX avast![3107]: KEXT (iq 0):   1: "/Users/x/Documents/Mail/y Folder/UsageStats"
May 11 10:55:30 bentley-MBP-OSX avast![3107]: DEBUG RECV 48
May 11 10:55:30 bentley-MBP-OSX avast![3107]: DEBUG RECV 106
May 11 10:55:30 bentley-MBP-OSX avast![3107]: KEXT: done 1 files (lost 0 files in overflown queue), #1526
May 11 10:55:30 bentley-MBP-OSX avast![3107]: done with for kernel input...
May 11 10:55:30 bentley-MBP-OSX avast![3107]: waiting for kernel input...
May 11 10:55:31 bentley-MBP-OSX avast![3107]: KAUTH getting 1 changes...
May 11 10:55:31 bentley-MBP-OSX avast![3107]: KAUTH got all changes

In other words, there's so much junk in the system.log (not in an app specific log), I can't find error messages describing why the daemon stopped working.

The app seems usable, but hogging the whole system.log for your debugging purposes is terrible form, I can't get MY work done when you have a daemon running all the time doing that. I am a little curious why a trial version of the app has this much debug output, doesn't this completely hose the timing?

I am also curious what err 13 and err 42056 means? The avast help specifically doesn't say anything. It seems to be complaining about something but refuses to say what. This makes no sense, particularly since it is complaining about two files in avast! itself, avastKauth.kext and kextloader (both err 13). Shall I delete them?

I am also curious why avast! attempts to talk to the wrong mail app? There are Mac OS X facilities that provide the relevant information.

When I select Scan Volume, it displays a dialog that shows visible folders, but doesn't show stuff like / and its content.

I note that avast! does in fact seem to find quite a few Windows malware packages. I have a mail attachments folder I haven't cleaned out in years, it must have every malware invented in the last ten years for that other platform. Another AV app did not complain about the contents of that folder once.

Thanks!

-Mike

Offline zilog

  • Avast team
  • Advanced Poster
  • *
  • Posts: 957
  • or #f0; daa; add a,#a0; adc a,#40
Re: Testing avast! on Mac OS X 10.6.3
« Reply #1 on: May 12, 2010, 01:30:22 PM »
Hi! I'm using the trial avast! Version 2.7R0 (ServiceKit 1.41)


Hi,

I am playing with AV packages. I've installed avast! for Mac OS X on a MacBookPro2,1 17" laptop and told it to scan a 160 GB HFS+ partition. Well into the scan the alert pops up:

Daemon died

The file scan daemon died scanning path

/

of 1 paths (0 remains). Do you want to scan again when the daemon is re-launched?

Cancel   Scan again


When I select Scan again, it typically proceeds to first download updates. It finishes that with a VPS Upgraded alert.

Then another alert pops up providing the option of

1 Scan all, 2 Scan from current.

Of course, I try 2 first, and the alert goes away, leaving the avast control panel, which says avast! is waiting for command.

I just told it to scan from current. Isn't that the command it has lived all these milliseconds for?

Here's the recent activity log:

11.05.10 03:26:12.854 Scanning 1 paths (auto 0):
11.05.10 03:26:12.854   /
11.05.10 04:10:36.601 Daemon launched
11.05.10 04:10:36.756 Daemon launched
11.05.10 04:10:38.599 Scanned: aborted 0, items: 873295, files: 482117, viruses: 0, warnings: 13
11.05.10 04:10:45.979 Daemon pid 3200 priority 0 reports trial 5157853 (59.697373 days)
11.05.10 10:44:43.169 Checking for update (manually: 0)
11.05.10 10:44:43.215 Update failed (507), falling back...
11.05.10 10:47:12.824 Upgraded successfully, reloading...
11.05.10 10:47:18.828 Update done -- reloaded

I am also curious why my system logs are jam-packed with avast! messages, and even in the current state of not apparently doing anything, I see new avast messages appear every few seconds. I think the answer is that it in fact is doing something, but it just isn't telling me what that happens to be. So I have no idea what it is doing, it isn't providing any kind of meaningful status. I just see the panel with the six main iconic buttons (Scan Now, Scan Volume, Scan Folder,...,Check Update, Virus Chest, Preferences, Background Scan, Show Last Scan) with the first four iconic buttons dimmer (grayed out, disabled?) than the others.

I can't select Preferences... from the avast! menu, it is grayed out, but I CAN click on the enabled Preferences icon.

May 11 10:53:37 bentley-MBP-OSX avast![3107]: DEBUG RECV 48
May 11 10:53:37 bentley-MBP-OSX avast![3107]: DEBUG RECV 56 (len 65535, rename 1)
May 11 10:53:37 bentley-MBP-OSX avast![3107]: DEBUG RECV 63 (len 58)
May 11 10:53:37 bentley-MBP-OSX avast![3107]: DEBUG RECV 70
May 11 10:53:37 bentley-MBP-OSX avast![3107]: DEBUG RECV 78
May 11 10:53:37 bentley-MBP-OSX avast![3107]: KEXT: reading the queue of changed&renamed files
May 11 10:53:37 bentley-MBP-OSX avast![3107]: KEXT (iq 0):   1: "/Users/x/Library/Preferences/com.apple.Console.plist.TWqiBKj" -> "/Users/x/Library/Preferences/com.apple.Console.plist"
May 11 10:53:37 bentley-MBP-OSX avast![3107]: DEBUG RECV 48
May 11 10:53:37 bentley-MBP-OSX avast![3107]: DEBUG RECV 106
May 11 10:53:37 bentley-MBP-OSX avast![3107]: KEXT: done 1 files (lost 0 files in overflown queue), #1523
May 11 10:53:37 bentley-MBP-OSX avast![3107]: done with for kernel input...
May 11 10:53:37 bentley-MBP-OSX avast![3107]: waiting for kernel input...
May 11 10:53:38 bentley-MBP-OSX avast![3107]: KAUTH getting 1 changes...
May 11 10:53:38 bentley-MBP-OSX avast![3107]:   resolving 1 renames
May 11 10:53:38 bentley-MBP-OSX avast![3107]: KAUTH got all changes
May 11 10:53:42 bentley-MBP-OSX avast![3107]: reading for kernel input...
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 48
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 56 (len 67, rename 0)
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 63 (len 67)
May 11 10:53:42 bentley-MBP-OSX avast![3107]: KEXT: reading the queue of changed&renamed files
May 11 10:53:42 bentley-MBP-OSX avast![3107]: KEXT (iq 0):   1: "/Users/x/Library/Preferences/com.avast.MacAvast.plist.ex23l4q"
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 48
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 106
May 11 10:53:42 bentley-MBP-OSX avast![3107]: KEXT: done 1 files (lost 0 files in overflown queue), #1524
May 11 10:53:42 bentley-MBP-OSX avast![3107]: done with for kernel input...
May 11 10:53:42 bentley-MBP-OSX avast![3107]: waiting for kernel input...
May 11 10:53:42 bentley-MBP-OSX avast![3107]: reading for kernel input...
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 48
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 56 (len 65535, rename 1)
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 63 (len 59)
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 70
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 78
May 11 10:53:42 bentley-MBP-OSX avast![3107]: KEXT: reading the queue of changed&renamed files
May 11 10:53:42 bentley-MBP-OSX avast![3107]: KEXT (iq 0):   1: "/Users/x/Library/Preferences/com.avast.MacAvast.plist.ex23l4q" -> "/Users/x/Library/Preferences/com.avast.MacAvast.plist"
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 48
May 11 10:53:42 bentley-MBP-OSX avast![3107]: DEBUG RECV 106
May 11 10:53:42 bentley-MBP-OSX avast![3107]: KEXT: done 1 files (lost 0 files in overflown queue), #1525
May 11 10:53:42 bentley-MBP-OSX avast![3107]: done with for kernel input...
May 11 10:53:42 bentley-MBP-OSX avast![3107]: waiting for kernel input...
May 11 10:53:43 bentley-MBP-OSX avast![3107]: KAUTH getting 1 changes...
May 11 10:53:43 bentley-MBP-OSX avast![3107]:   resolving 1 renames
May 11 10:53:43 bentley-MBP-OSX avast![3107]: KAUTH got all changes
May 11 10:55:30 bentley-MBP-OSX avast![3107]: reading for kernel input...
May 11 10:55:30 bentley-MBP-OSX avast![3107]: DEBUG RECV 48
May 11 10:55:30 bentley-MBP-OSX avast![3107]: DEBUG RECV 56 (len 54, rename 0)
May 11 10:55:30 bentley-MBP-OSX avast![3107]: DEBUG RECV 63 (len 54)
May 11 10:55:30 bentley-MBP-OSX avast![3107]: KEXT: reading the queue of changed&renamed files
May 11 10:55:30 bentley-MBP-OSX avast![3107]: KEXT (iq 0):   1: "/Users/x/Documents/Mail/y Folder/UsageStats"
May 11 10:55:30 bentley-MBP-OSX avast![3107]: DEBUG RECV 48
May 11 10:55:30 bentley-MBP-OSX avast![3107]: DEBUG RECV 106
May 11 10:55:30 bentley-MBP-OSX avast![3107]: KEXT: done 1 files (lost 0 files in overflown queue), #1526
May 11 10:55:30 bentley-MBP-OSX avast![3107]: done with for kernel input...
May 11 10:55:30 bentley-MBP-OSX avast![3107]: waiting for kernel input...
May 11 10:55:31 bentley-MBP-OSX avast![3107]: KAUTH getting 1 changes...
May 11 10:55:31 bentley-MBP-OSX avast![3107]: KAUTH got all changes

In other words, there's so much junk in the system.log (not in an app specific log), I can't find error messages describing why the daemon stopped working.

The app seems usable, but hogging the whole system.log for your debugging purposes is terrible form, I can't get MY work done when you have a daemon running all the time doing that. I am a little curious why a trial version of the app has this much debug output, doesn't this completely hose the timing?

I am also curious what err 13 and err 42056 means? The avast help specifically doesn't say anything. It seems to be complaining about something but refuses to say what. This makes no sense, particularly since it is complaining about two files in avast! itself, avastKauth.kext and kextloader (both err 13). Shall I delete them?

I am also curious why avast! attempts to talk to the wrong mail app? There are Mac OS X facilities that provide the relevant information.

When I select Scan Volume, it displays a dialog that shows visible folders, but doesn't show stuff like / and its content.

I note that avast! does in fact seem to find quite a few Windows malware packages. I have a mail attachments folder I haven't cleaned out in years, it must have every malware invented in the last ten years for that other platform. Another AV app did not complain about the contents of that folder once.

Thanks!

-Mike

Hallo,
install this: http://public.avast.com/~cimbal/avast.3.07.zip

all issues should be gone. This version has some known minor flaws, and will be thus replaced with 3.08 in few days, but all of them are really benign/minor/cosmetic ones.

regards,
pc
May's Law: Software efficiency halves every 18 months, compensating Moore's Law. (David May, INMOS)

Offline crenelle

  • Newbie
  • *
  • Posts: 2
Re: Testing avast! on Mac OS X 10.6.3
« Reply #2 on: May 15, 2010, 03:41:05 AM »
Okdoke Z, finally finished a scan just now, *after* you released 3.0.8, heh. As you suggested, 3.0.7 has some issues.

3.0.7 has been not finding viruses that the old release I was using was finding. It calls .jpg files corrupted CPM archives (this beats the error codes I was seeing, tho); It referred to all my Eudora mailboxes as "This file is a decompression bomb". It thinks a variety of files, like icons.bmp, are password-protected archives. On the flip side it completed a full scan; I couldn't get the older version to do that at all.

I'll take a look at 3.0.8 now...:)

Offline zilog

  • Avast team
  • Advanced Poster
  • *
  • Posts: 957
  • or #f0; daa; add a,#a0; adc a,#40
Re: Testing avast! on Mac OS X 10.6.3
« Reply #3 on: May 16, 2010, 02:29:43 PM »
Okdoke Z, finally finished a scan just now, *after* you released 3.0.8, heh. As you suggested, 3.0.7 has some issues.

3.0.7 has been not finding viruses that the old release I was using was finding. It calls .jpg files corrupted CPM archives (this beats the error codes I was seeing, tho); It referred to all my Eudora mailboxes as "This file is a decompression bomb". It thinks a variety of files, like icons.bmp, are password-protected archives. On the flip side it completed a full scan; I couldn't get the older version to do that at all.

I'll take a look at 3.0.8 now...:)
hallo,
the scanner is the samem so those issues, related to the scasn itself, will be the same. decompression bombs are just archives with unusually hight compression ratios, so maybe eudora's format just passes this criterion.

anyway, warnings are just warning, and have nothing to do with infection.

pc
May's Law: Software efficiency halves every 18 months, compensating Moore's Law. (David May, INMOS)