avast for linux business 4.0.3 on Ubuntu 20.04 focal

Starting via systemd: (“avast.target
A meta unit linked in all avast services. Restarting this unit restarts all avast daemons, and
recreates sockets. Enabling it enables everything Avast antivirus needs to operate.”)
creates sockets but fails when trying to scan sth:
root@wastl:~# systemctl restart avast.target
root@wastl:~# ls /run/avast
emsg.sock scan.sock

root@wastl:~# scan -i /tmp/eicar.com
read(): Connection reset by peer
and the sockets are gone.

However when starting avast manually/interactively:
root@wastl:~# avast start
2022-04-05 15:17:09.002+0200 [ 6821: 1aa5] NOTICE main: Starting 4.0.3 (d92998101785 LNX)
2022-04-05 15:17:10.501+0200 [ 6821: 1aa5] NOTICE engine: Loaded VPS #22040402

root@wastl:~# scan -i /tmp/eicar.com
/tmp/eicar.com EICAR Test-NOT virus!!!||algo

it is working. So, what’s the correct way to start avast in a systemd environment? I suppose there’s a problem with the unit files.

systemd tries to start avast as user:group avast:avast.

Trying that manually gives the following error:
root@wastl:/etc/avast# sudo -u avast avast
2022-04-05 17:00:48.552+0200 [ 7661: 1ded] NOTICE main: Starting 4.0.3 (d92998101785 LNX)
2022-04-05 17:00:48.725+0200 [ 7661: 1ded] ERROR engine: avldrLoadModule(): Permission denied
2022-04-05 17:00:48.725+0200 [ 7661: 1ded] ERROR main: Failed to load VPS.
2022-04-05 17:00:48.725+0200 [ 7661: 1ded] ERROR main: Fatal error. Exiting.

(Apparently it works only when running as root).
What resources could cause the permission denied?

Hi, did you by any chance uninstall avast-fss ?

We have reports that this might happen in some cases.
There are several possible fixes:

• change the ownership of all /var/lib/avast/ to avast:avast
• remove contents of /var/lib/avast/defs and manually trigger avast-vpsupdate.service (systemctl start avast-vpsupdate.service. It will take a while as it redownloads the complete detection database)
• change the user and group of the service to root by editing the unit file (systemctl edit avast.service)
• uninstall and install the avast package. (not a reinstall) . This should in effect be the equivalent of removing the /var/lib/avast/defs/ directory.

I’d recommend first trying to remove /var/lib/avast/defs and reinitializing the detection database. If that doesn’t work, reinstall, and the permissions should be set up correctly.

avast-fss was never installed.

I realized however some files in /var/lib/avast belonged to root. So I applied the first suggestion and recursively chowned everything under /var/lib/avast to avast:avast.
That fixed the thing.
Thanks!

That’s interesting.
We’d be very grateful if you could describe some of the machine’s history, to figure out how the root files got there.
Important events: distribution upgrade, Avast 3.X → 4.X migration.

Great you got it sorted, and thanks in advance for any information.