Kaspersky Security amavis

Olivier Olivier.Nicole at cs.ait.ac.th
Tue Jun 6 08:14:05 CEST 2023 

Hi Indunil,

> I attached a test EICAR file. ClamAV detected. But Kaspersky did NOT.
>
> See the log of how clamd detected.
>
> clamd
> [1300]:/var/spool/amavisd/tmp/amavis-20230604T171813-16458-RYQrx2PC/parts/p003:
> Win.Test.EICAR_HDB-1 FOUND
>
> Primary AV is Kaspersky Security. Please see below.
>
> amavis[16978]:Using primary internal av scanner code for Kaspersky Security
> 8.0 for Linux Mail Server
> amavis[16978]:Using primary internal av scanner code for ClamAV-clamd
> amavis[16978]:Found secondary av scanner ClamAV-clamscan at
> /usr/bin/clamscan

Can you confirm that Kaspersy is working: save the message with EICAR in
a file and submit that file to Kaspersky manually.

Amavis may need some tweaking to be able to recognise the error message
returned by Kaspersky.

Best regards,

Olivier

>
> Hope to hear from you.
>
> On Tue, May 23, 2023 at 12:58 PM Matus UHLAR - fantomas
> <uhlar at fantomas.sk> wrote:
>
>  On 22.05.23 08:33, Indunil Jayasooriya wrote:
>  >Has anyone integrated Kaspersky Security with amavis?
>  >
>  >This is the url I followed.
>  >
>  >https://support.kaspersky.com/KLMS/8.2/en-US/62460.htm
>  >
>  >I did it. But I get below erros.
>  >
>  >2023 May 22 08:04:56 server amavis[1769]:(01769-04) (!)connect to
>  >/var/run/klms/rds_av failed, attempt #1: Can't connect to a UNIX socket
>  >/var/run/klms/rds_av: Permission denied
>  >2023 May 22 08:04:57 server amavis[1769]:(01769-04) (!)Kaspersky
>  Security
>  >8.0 for Linux Mail Server: All attempts (1) failed connecting to
>  >/var/run/klms/rds_av, retrying (2)
>  >
>  >2023 May 22 08:11:57 server amavis[1768]:(01768-05) (!)Kaspersky
>  Security
>  >8.0 for Linux Mail Server av-scanner FAILED: run_av error: Too many
>  retries
>  >to talk to /var/run/klms/rds_av (All attempts (1) failed connecting to
>  >/var/run/klms/rds_av) at (eval 132) line 659.\n
>  >
>  >Here is the permission.
>  >
>  >ls -al /var/run/klms/rds_av
>  >srw-rw---- 1 kluser klusers 0 May 17 01:35 /var/run/klms/rds_av
>
>  you must have read/execure permissions for /var/run/klms/ directory too.
>  Run:
>
>  ls -la /var/run/klms/
>
>  >some additional info.
>  >
>  ># id amavis
>  >uid=996(amavis) gid=993(amavis) groups=993(amavis),991(klusers)
>
>  this should help if the /var/run/klms/ has 'rx' permissions for group 
>  klusers.
>
>  -- 
>  Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
>  Warning: I wish NOT to receive e-mail advertising to this address.
>  Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu
>  postu.
>  "The box said 'Requires Windows 95 or better', so I bought a Macintosh".

--

More information about the amavis-users mailing list