Share Virusdefinition on MAC across Users

Hello,
I wan’t to share my Virusdefinition with other Users so only one must download it.
So I make a Hardlink named /Users/xxxUserDirxxx/Library/Application Support/com.avast.MacAvast to a Folder to another Drive but it doesn’t work. Is there a away to get this running?

thanxs
spacetown

hallo, in general, this should work. vps might be link (even soft), and the scanning daemon might be used by more clients (just check its socket).
what doesn’t work exactly in your case? anyway, you stated “…hard link … another device…” which sounds strange in general - hardlinks aren’t possible between different FSs (inode linkage)…

regards,
pc

or, even more, softlinking the 400.vps directly (= not the whole directory, but the file) won’t work in your case too?
regards,
pc

Yes the socket takes the hardlinked file. But when I stat the vps File after the update, the Linkcount is decremented. I think that the update unlinks the File and make a copy of the new.

You are right, I supposed a hardlink to another Folder.

softlink doesn’t work because the scanner expects a real file and does not follow links. There is a message that the definition is corrupted and the definition from the App-directory is copied.
Even if I softlink the whole directory, it doesn’t work.

The best way would be, that the user could define the directory for the Definition. Even if Unix is a Multiuser Environment, the Admin could make a directory with full access for all users. But when there will be a incremental update there would be no need anymore.

Sorry for my bad english.

Hallo,

softlink doesn’t work because the scanner expects a real file and does not follow links. There is a message that the definition is >corrupted and the definition from the App-directory is copied.
Even if I softlink the whole directory, it doesn’t work.

that’s really strange, because it works for me with no problem (and especially, the possibility of vps soft-linking was checked, in the daemon). the 400.vps file could be a link, and even soft-one, of course. you can try ls -i, and you will see, that the “copied” 400.vps, mentioned in your latest post, was also a hard-link (the same inode numbers).

The best way would be, that the user could define the directory for the Definition. Even if Unix is a Multiuser Environment, the Admin >could make a directory with full access for all users. But when there will be a incremental update there would be no need anymore.

you can make links to “central” 400.vps from the directories of each user. But, then, it would be good to run the daemon with -a switch, when the daemon automatically watches the relevant 400.vps file, and reloads the definitions when the file changes.

gui will attach to any running daemon, what it needs is the response from the socket (sockets responds with initial message → use it and don’t start own daemon instance). thus, runing daemon or more daemons in advance with “-a” and updating the central 400.vps only is possible.


btw. anyway, the easiest thing is to redirect requests to http://files.avast.com/files/latest/mac to some local mirror, nad there are only 3 relevant files:

400.vps (main database, >18MB)
400vps.md5 (small file with md5 stamp)
release.inf (version info)

Thus, simple DNAT and local mirror does the thing as well.

regards,
pc

I’ve tested softlinks again and learned to do the tings in Terminal. ???
When I make a alias with Drag’n’Drop with alt+command pressed the alias has another inode and has 35.889 Byte. When I use the Terminal and ln -s it has the samne inode and only 19 Byte. In the Finder there is no difference between the links.

How can I get the defaultparameters for the daemon (I guess /Applications/avast!.app/Contents/Resources/com.avast.MacAvast.MAD) or is there a way to add parameters for laauching the daemon? Adding the -a in the Section DefaultDaemonFLAGS of the plist-File doesn’t work.

thanxs

Hallo,

I’ve tested softlinks again and learned to do the tings in Terminal. ???
When I make a alias with Drag’n’Drop with alt+command pressed the alias has another inode and has 35.889 Byte. When I use the Terminal and ln -s it has the samne inode and only 19 Byte. In the Finder there is no difference between the links.

Bingo, terminal is the right tool! In that Finder, it’s not link what’s created - rather an alias (which doesn’t behave as hard or soft link, has file-size 0, and keeps the data in its reasource fork instead, that’s that 36kB stuff there - you might use alias_file_name/rsrc to access this stuff).

How can I get the defaultparameters for the daemon (I guess /Applications/avast!.app/Contents/Resources/com.avast.MacAvast.MAD) or is there a way to add parameters for laauching the daemon?

You can run it with -h to get help-list. Exact parameters can be seen using ps -laxwww | grep MAD, for example.

Adding the -a in the Section DefaultDaemonFLAGS of the plist-File doesn’t work.

Those flags are generated by the GUI (which starts the daemon in the fact when it’s found to be NOT running). Just run the daemon in advance, with your desired parameters - and GUI will accept it.

Regards,
PC

Now it works.
Is the update of the vps handled by the gui or by the daemon. When it is handled by the daemon itself, I could specify with the -d Option another Path for the vps.
Do I need the Gui for a persistant scan or can I only start the daemon?

In this version, GUI obtains new 400.vps and informs the daemon using RELOAD command (or, the daemon with -a switch will check for this by its own, even when non-informed).

Since next version, all will be done in daemon, but the location of final 400.vps will be still fixed and known, and thus, it would be possible to share it easily too (one instance runs and checks for updates, while others don’t update, just passively use their softlink to this file).

gui is necessary for on-access scanning (gui buffers those requests for the daemon).

Hello,
after the update the symlink is replaced by the new 400.vps. I hope, in the new version where the daemon makes the update the link will not be deleted. It will be better to change the contents of the file.

Hallo,
the original 400.vps link WILL be deleted (effect of rename() or unlink()/copy()). This is because the 400.vps should be updated atomically (and contents of a file can’t be changed this way without changing its i-node). Thus, when a particular client does the update, it does it this way.

But, why to update its own link to the by-someone-else-already-updated file? Just take care about the fresh state of the central 400.vps, and use it elsewhere. There will be such mode for this (aka “your 400.vps is kept up-to-date by someone else, don’t manipulate the file, just use it” - equivalent to “-a” switch for the daemon AND disabled updates in this version).

regards,
pc

Your idea is very nice.The original 400.vps link WILL be deleted (effect of rename() or unlink()/copy()). This is because the 400.vps should be updated atomically (and contents of a file can’t be changed this way without changing its i-node). Thus, when a particular client does the update, it does it this way.

Hmm,
but where’s the problem? (this port was reported to me recently)

simply, there are clients that don’t update at all, because theuir 400.vps is a soft-link, pointing to the real 400.vps (which is updated by some one else - dedicated client, or wget, for example).

regards,
pc

Hello,
the problem is, that the first user updates the vps. On the next Day another user is the first and he makes the update. So all Users can Update the Definition.

regards,
spacetown

yes, that’s why it’s wise to select one user for those updates (and the rest simply gets his updated vps).
more exactly, the best is to disable updates for all users, and link their vps to some central location with user-read-only 400.vps, manipulated by superuser only.

simple cron script might do each few hours those simple steps:

for download, wget/lynx/links/elinks/whatever will do the job.

regards,
pc

Hello,
thank you for the inspiration. :wink:

I wrote 2 scripts, one StartAvast.sh starts the daemon , waits and then hides the windows with osascript-command (Applescript).

The second one makes the Update of /Users/Shared/400.vps. And then kills the Daemon so that the GUI will restart it. I made it with kill because I could not get the following to run.

The Damon is started with another Tempfolder (uncommented part in StartAvast.sh) When the Update is done, the GUI shows the old Date of the Virusdefinition even after Apple+Q and restart. When I quit with daemon (Alt+Apple+Q) and then restart it, the new date is shown in the GUI. Does anybody has a idea

The call of the Updatescript is made with cron. The first call in the Startscript is uncommented because when the call is made by a Automatoraction, the curl-call is suspended after downloading 400k of the vps.???

Hallo,

I bet that the “-a” switch works (it’s based on timestamp, and thus, downloading brand new 400.vps as separate file, and doing mv (aka rename() syscall) is enough to trigger it). You can check it using separate connection to the daemon’s socket (use telnet -u socket_path), that the banner shows new vps number.

well, gui doesn’t know about it, and the vps string at the left upper corner might stay the same. this can be solved also easily - shorten the daemon’s timeout. after each timeout, gui reconnects to the daemon, and the VPS string is refreshed.

regards,
pc

the link is owned by the owner of trhe target file. Thus, only one preferred user will be able to update the 400.vps (and others will just use it when it’s changed). btw. in the forthcomming version, this will get changed into one global common update system (as for windowsw, although it has some security quirks which make the solution more complicated, as it seems - simply said, global per-machine antivirus protection isn’t by principle compatible with the UNIX user-separation view…)

regards,
pc

regards,
pc