Hello folks,
I am mostly a Linux newbie, but I got “asked” to do a test install of avast4server on a CentOS 4 email server recently. Normally this wouldn’t be such a big deal since there are wonderful RPM’s available to take care of things. However, the details make this a real pain;
-
This server uses a vendor supplied custom MTA. This MTA uses a local inet socket port for connecting to antivirus software, and it supposedly worked with ClamAV elsewhere, so I can reasonably believe that the socket activity works.
-
I am supposed to avoid making changes to /etc/ where possible (/etc/init.d/avastd being one of the few allowed exceptions)
-
I am supposed to run Avast as the following user/group (mail/mail)
-
I am supposed to confine all other files to /opt/avast/
So, that means no RPM install. For safety reasons, I am running a copy of the email server in a virtual machine for testing my install/setup, in case I do something stupid. I got the tarball for avast4server and amavisd-new, and set them up in separate /opt/avast and/opt/amavis directories. I got amavisd-new up and running, also under the user/group (mail/mail) and that seems to be working at least.
I altered the mkinstall.sh files for avast4server and libavastengine so they would install over in /opt/avast/ so it looks like
/opt/avast/etc/
/opt/avast/bin/
/opt/avast/lib/
/opt/avast/man/
/opt/avast/run/
/opt/avast/sbin/
/opt/avast/share
/opt/avast/var/
I was somewhat worried about the library location checks from /etc/ld.so.conf so I did add the avast engine library location in there.
I have amavisd-new communicating with avast through a local socket file /opt/avast/var/run/avast4/mailscanner.sock and I am only running the first of the three avast scanning options in the amavisd-new configuration file. I thought that since I am not doing real on-demand scanning and am using the avastd daemon, this was appropriate.
Avast daemon comes up, and the child processes all list as user mail. I try a telnet SMTP test to the local inet port of amavisd-new, but when I send the . to end the message, the connection seems to hang until a set timeout expires, then amavisd-new is unhappy because there’s no response from Avast.
Looking at the Avast log, I see the following
info: listenning on unix socket /opt/avast/var/run/avast4/mailscanner.sock
warning: can’t set group name to ‘mail’, Operation not permitted
info: started new ‘mail’ process (pid=3833)
warning: can’t set group name to ‘mail’, Operation not permitted
info: started new ‘mail’ process (pid=3834)
warning: can’t set group name to ‘mail’, Operation not permitted
info: started new ‘mail’ process (pid=3835)
info: new avast! socket connection at /opt/avast/var/run/avast4/mailscanner.sock
info: closing avast! connection
Amavisd-new says the following
avast! Antivirus daemon: Sending SCAN /opt/amavis/tmp/amavis-20070907T215302-06275/parts\r\nQUIT\r\n to UNIX socket /opt/avast/var/run/avast4/mailscanner.sock
timer set to 10 s (was 320 s)
prolong_timer ask_daemon_internal: timer set to 256 s
(!)avast! Antivirus daemon: timed out, retrying (1)
Now I thought that maybe because I was doing a test text message through telnet, I might be making some sort of mistake. So I set an external Thunderbird email client to connect to the amavisd-new port and tried sending through an email message with a jpg attachment. Same things in the logs (some extra entries for processing the attachment file but same messages), and Thunderbird said it could connect but couldn’t deliver.
The idiot check here is whether I installed correctly considering the irregular placement of files, and whether avast can operate correctly in such a situation. I get the feeling that amavisd-new is sending things correctly, but avast is doing nothing with the information received. Anybody got any ideas?
(update - I tried a similar dual avast/amavisd-new setup but using the RPM installs. I get the exact same result. Maybe this is a amavisd-new problem?)