avastguard

I know I must be missing something simple…

Prior to installing avast for Linux on my home machine (RH9) I installed it on the box at work (RH7.2). Dazuko and Avast seemed to go in fine.

The deamons seem to be starting up normally, but I can’t find where to configure the avastguard scanner. If I just let things run as default, no on-access scanning takes place. If I stop the avastguard deamon and restart it by using the command line and use include (-i) options, a known infected file gets detected. If I include the “/” directory however, the next time I perform any command the system locks up.

Can’t seem to find much in the way of documentation, and the man pages aren’t helping me much.

What am I missing?

Thanks.

I don’t quite understand the question… so if you include e.g. “/usr”, no file (even in the /usr directory) is scanned??

I’ve heard that telling avastguard to scan all files (using the “/” directory option) doesn’t work – this is because of some infinite loops.
I’m not sure which exactly files are using the problems, though…

What happens is that avastguard loads during boot, but won’t actually detect anything. When I stop it, and start it from the command-line with the “-i” switches, it will effectively prevent an infected file from writing to the included location. The problem is that I know I shouldn’t have to stop the thing manually and restart it from the command-line with the include switches. There’s got to be a config file somwhere, or do I have to edit the /etc/init.d/avastguard script?

What am I missing?

Thanks.

To configure avastguard at boot time, please, edit /etc/init.d/avastguard script.

Ok. Now that I know to edit the avastguard script itself, it works.

Now, as for that infinite loop problem when including “/”, is that in avast, or dazuko?

Thanks.

Try to add ‘-e/proc’ option to your avastrelay.

avastrelay? or avastguard?

Avastguard of course… :wink: :slight_smile:
What Dublin meant is excluding the /proc directory – this one seems to be causing the lockups (because of some fine timing issues that we are now trying to solve).

Thanks
Vlk

Whew… had me goin’ for a minute there… ;D

I think I remember trying that… Seems to me that I remember thinking that the /proc directory should stay excluded anyway. For the most part there shouldn’t be anything going on there that hasn’t already been accessed elsewhere, and hopefully scanned. I’ll give it another go though. Did so many permutations that I really can’t say I remember. I’ll let you know.

Thanks.

Still locks up.
I’ll just try including certain shared directories.
Somehow though, I just don’t think on-access scanning is a good idea for Linux… Including the /home directories really has an adverse effect on speed.

Thanks

Well it’s primarily meant for Samba shares where it really has a meaning. Other than that, as far as Linux viruses are on the List of Threatened Species you’re probably right…

Under Windows, it’s a bit easier because many files can be (at least roughly) recognized by their name extension and hence it’s possible to filter what to scan by filenames…