Author Topic: avastguard  (Read 14180 times)

0 Members and 1 Guest are viewing this topic.

daemon45

  • Guest
avastguard
« on: September 15, 2004, 07:17:19 PM »
I know I must be missing something simple....

Prior to installing avast for  Linux on my home machine (RH9) I installed it on the box at work (RH7.2). Dazuko and Avast seemed to go in fine.

The deamons seem to be starting up normally, but I can't find where to configure the avastguard scanner. If I just let things run as default, no on-access scanning takes place. If I stop the avastguard deamon and restart it by using the command line and use  include (-i) options,  a known infected file gets detected. If I include the "/" directory however, the next time I perform any command the system locks up.

Can't seem to find much in the way of documentation, and the man pages aren't helping me much.

What am I missing?

Thanks.



Offline Vlk

  • Moderator
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:avastguard
« Reply #1 on: September 15, 2004, 09:27:07 PM »
I don't quite understand the question... so if you include e.g. "/usr", no file (even in the /usr directory) is scanned??

I've heard that telling avastguard to scan all files (using the "/" directory option) doesn't work -- this is because of some infinite loops.
I'm not sure which exactly files are using the problems, though...
If at first you don't succeed, then skydiving's not for you.

daemon45

  • Guest
Re:avastguard
« Reply #2 on: September 16, 2004, 05:23:58 AM »
What happens is that avastguard loads during boot, but won't actually detect anything. When I stop it, and start it from the command-line with the "-i" switches, it will effectively prevent an infected file from writing to the included location. The problem is that I know I shouldn't have to stop the thing manually and restart it from the command-line with the include switches. There's got to be a config file somwhere, or do I have to edit the /etc/init.d/avastguard script?

What am I missing?

Thanks.

Dublin

  • Guest
Re:avastguard
« Reply #3 on: September 16, 2004, 10:12:54 AM »
To configure avastguard at boot time, please, edit /etc/init.d/avastguard script.

daemon45

  • Guest
Re:avastguard
« Reply #4 on: September 16, 2004, 03:29:26 PM »
Ok. Now that I know to edit the avastguard script itself, it works.

Now, as for that infinite loop problem when including "/", is that in avast, or dazuko?

Thanks.

Dublin

  • Guest
Re:avastguard
« Reply #5 on: September 20, 2004, 03:35:09 PM »
Try to add '-e/proc' option to your avastrelay.

daemon45

  • Guest
Re:avastguard
« Reply #6 on: September 20, 2004, 07:33:10 PM »
Try to add '-e/proc' option to your avastrelay.

avastrelay? or avastguard?

Offline Vlk

  • Moderator
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:avastguard
« Reply #7 on: September 20, 2004, 09:39:05 PM »
Avastguard of course... ;) :)
What Dublin meant is excluding the /proc directory -- this one seems to be causing the lockups (because of some fine timing issues that we are now trying to solve).

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

daemon45

  • Guest
Re:avastguard
« Reply #8 on: September 21, 2004, 04:35:47 AM »
Avastguard of course... ;) :)
What Dublin meant is excluding the /proc directory -- this one seems to be causing the lockups (because of some fine timing issues that we are now trying to solve).

Whew... had me goin' for a minute there... ;D

I think I remember trying that... Seems to me that I remember thinking that the /proc directory should stay excluded anyway. For the most part there shouldn't be anything going on there that hasn't already been accessed elsewhere, and hopefully scanned. I'll give it another go though. Did so many permutations that I really can't say I remember. I'll let you know.

Thanks.

daemon45

  • Guest
Re:avastguard
« Reply #9 on: September 21, 2004, 09:29:08 PM »
Still locks up.
I'll just try including certain shared directories.
Somehow though, I just don't think on-access scanning is a good idea for Linux... Including the /home directories really has an adverse effect on speed.

Thanks

Offline Vlk

  • Moderator
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:avastguard
« Reply #10 on: September 22, 2004, 01:44:38 PM »
Well it's primarily meant for Samba shares where it really has a meaning. Other than that, as far as Linux viruses are on the List of Threatened Species you're probably right...

Under Windows, it's a bit easier because many files can be (at least roughly) recognized by their name extension and hence it's possible to filter what to scan by filenames...
If at first you don't succeed, then skydiving's not for you.