On Access Scanner

I am trying to test the on-access scanner on my CentOS 5.3 server, I am using the EICAR file I have left it in a bunch of places and used SCP to send the file to the server. The scanner has never picked up the virus and the service is running. Any help would be greatly appreciated, thanks in advance.

In my opinion, since the on-access scanner is “on-access” if you browsed to that part of the file system, it should pick it up.

That’s only because the file was transferred from another system on the network. If you used that machine to download the file in the first place, then the on-access scanner would scan it once downloaded (or as it was downloaded).

I don’t see it not finding the virus a “huge deal” because I doubt that the virus could do any harm by merely being transferred to another computer. Something has to invoke it, and with that, it can do no harm. It’s just another file. Now, when the file is executed, the on-access scanner will scan it as it is loaded, and the virus should be detected.

Or, maybe I’m wrong…

Hallo,
on access means avast4guard + dazuko kernel module - are you sure that dazuko is installed properly, and avast4guard configuration correct?
regards,
pc

I did not get any errors while installing dazuko or the avastguard, after looking through all the logs I do not see anything that would cause me to believe the configuration is not correct.

you should look into avastd logs - whether the file was scanned. probably, you didn’t specify the guarded area in conf. file, and thus, no scan was performed at all (my assumption).

cruel method is bare strace -f -p avastd’s_lowest_pid, works without fiddling with anything :>.

regards,
pc

I figured out my issue, you were correct about the guarded area thanks for the help. My next issue is when I configure the on access scanner and it tries to scan a large directory it freezes up the whole system. I am using an older box but I figured it had enough power, I will try a newer box but is this a common issue?

Hallo,
yes, latencies might be expected, when using on-access scanning massively (some apps are so badly written, that they modify/acces files per-partes, causing this must-scan-it-again hell).

regards,
pc