F-Secure and failure to start

Dino Edwards dino.edwards at mydirectmail.net
Mon Jun 27 15:06:27 CEST 2016


I can't offer any help with F-Secure, the only thing I know is Sophos, I've actually written a guide on how to integrate with amavis which I can share if you care. I know you said it sucks, just curious why do you believe it does. 

> -----Original Message-----
> From: amavis-users [mailto:amavis-users-
> bounces+dino.edwards=mydirectmail.net at amavis.org] On Behalf Of Alex
> Sent: Sunday, June 26, 2016 7:48 PM
> To: amavis-users at amavis.org
> Subject: Re: F-Secure and failure to start
> 
> Hi all, I was really hoping someone had some experience with the F-Secure
> antivirus scanner and Linux. Is there no one out there using it any longer?
> 
> Can you make a recommendation for another virus scanner besides Sophos
> (sucks) and clamav+sane?
> 
> On Wed, Jun 22, 2016 at 10:21 PM, Alex <mysqlstudent at gmail.com> wrote:
> > Hi,
> > I've installed the downloadable trial version of F-Secure for Linux
> > (installed on fedora) and it appears to be running properly. However,
> > amavis doesn't seem to be able to control it.
> >
> > Jun 22 22:17:56 mail01 amavis[4471]: (04471-01) (!)run_av (F-Secure
> > Linux Security) FAILED - unexpected exit 1, output="Something wrong in
> > initializing backend. Code:256\nFATAL: Failed to get configuration"
> > Jun 22 22:17:56 mail01 amavis[4471]: (04471-01) (!)F-Secure Linux
> > Security av-scanner FAILED: /usr/bin/fsav unexpected exit 1,
> > output="Something wrong in initializing backend. Code:256\nFATAL:
> > Failed to get configuration" at (eval 87) line 905.
> >
> > Where is the configuration file it is referencing?
> >
> > This doesn't appear to be using a socket like clamav or sophos use. Is
> > there a more optimized configuration available that uses the f-secure
> > socket?
> >
> > I have the following configuration in my amavisd.conf:
> >
> >   ### http://www.f-secure.com/ version 9.14
> >    ['F-Secure Linux Security',
> >     ['/usr/bin/fsav', 'fsav'],
> >     '--virus-action1=report --archive=yes --auto=yes '.
> >     '--list=no --nomimeerr {}', [0], [3,4,6,8],
> >     qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
> >     # NOTE: internal archive handling may be switched off by '--archive=no'
> >     #   to prevent fsav from exiting with status 9 on broken archives
> >
> > Can someone confirm for me that the above is the proper method of
> > invocation for the current version (11.0 build 79) of f-secure?


More information about the amavis-users mailing list