Atomicorp

I have kapersky installed on my server and under the previous ask it wrked fine, but now seems to running into some problems after the last mini update of files.

The activity output follows the same pattern of

04:21:09 vps123456-0 2 1002 vps123456-0 before-queue[15851]: LOG Internal error in handler `20-kav-rcpt-GtOoZQ`. Skip handler.
04:21:09 vps123456-0 2 1002 vps123456-0 kav-handler[15859]: Failed to parse /opt/kav/sdk8l3/etc/kav-handler.cfg
04:21:09 vps123456-0 2 1002 vps123456-0 before-queue[15851]: handlers_stderr: I/O warning : failed to load external entity "/opt/kav/sdk8l3/etc/kav-handler.cfg"
04:21:09 vps123456-0 2 1002 vps123456-0 before-queue[15851]: call_handlers: Error during call `/usr/local/psa/handlers/info/20-kav-rcpt-hFHjvZ/executable` handler

I presume something has been locked down that stopping it from executing a command. I did try and look in the config and saw some references to restricting processes that made calls but I didn't want to mess about with it.

Any pointers are greatly appreciated as we have a high volume of mail and want to have all the layers possible as we dont have asl kernel enhancements.

Cheers

Yeah its probably trying to do something scary and the kernel is blocking it. Check your logs for grsec messages related to it and hit the Report False Positive button on them.

Hi Scott, Im running a VPS server and no kernel enhancements are in place. ( Not sure if thats related to what your saying about the kernel blocking )

Kapersky has been working fine for the last two months and IMAP since the server was online - all with ASL 2.0 in place however since updating on the 19th July to ASL 3 problems have developed which are causing major problems.

I am not in doubt this can be fixed but its causing a headache from impatient users.

I will do the false positive thing now and hopefully can get it sorted.

edit ---- > I have submitted the false positives via the asl system. How does it work, do I get notified of an update or does it silently do its thing ?

ps - I presume the "fix" will actually fix it and not just remove the errors from the log as its an antivirus so it needs to work ;0)

Thanks

04:21:09 vps123456-0 2 1002 vps123456-0 before-queue[15851]: handlers_stderr: I/O warning : failed to load external entity "/opt/kav/sdk8l3/etc/kav-handler.cfg"

I dont use KAV, but I'd say thats your problem. Looks like KAV cant load its config. Unfortunately, thats not something ASL would have anything to do with, so not much we can do to help. I'd check that config and contact KAspersky about this error.

Hi Scott, Im running a VPS server and no kernel enhancements are in place. ( Not sure if thats related to what your saying about the kernel blocking )

Yep, thats what Scott meant. Since you are on a VPS, you aren't using the ASL kernel, therefore you can completely rule out ASL. Its not the cause.

edit ---- > I have submitted the false positives via the asl system. How does it work, do I get notified of an update or does it silently do its thing ?

Those error messahes look like something is wrong with the mail handler, definitely ask Kaspersky and your mail vendor what those messages mean too, and let us know what they tell you. I think your config is just missing (or maybe KAV got upgraded and its in a different place?)

mikeshinn wrote:

04:21:09 vps123456-0 2 1002 vps123456-0 before-queue[15851]: handlers_stderr: I/O warning : failed to load external entity "/opt/kav/sdk8l3/etc/kav-handler.cfg"

I dont use KAV, but I'd say thats your problem. Looks like KAV cant load its config. Unfortunately, thats not something ASL would have anything to do with, so not much we can do to help. I'd check that config and contact KAspersky about this error.

Hi Scott, Im running a VPS server and no kernel enhancements are in place. ( Not sure if thats related to what your saying about the kernel blocking )

Yep, thats what Scott meant. Since you are on a VPS, you aren't using the ASL kernel, therefore you can completely rule out ASL. Its not the cause.

edit ---- > I have submitted the false positives via the asl system. How does it work, do I get notified of an update or does it silently do its thing ?

Those error messahes look like something is wrong with the mail handler, definitely ask Kaspersky and your mail vendor what those messages mean too, and let us know what they tell you. I think your config is just missing (or maybe KAV got upgraded and its in a different place?)

Ok will look into this and see if i can get a response back.

Thanks

This might be related:

http://kb.parallels.com/en/111560

Hi Scott, I am not sure what this was but I had to go through a process of uninstalling restoring the kav sdk from a backup and switch to qmail and back to postfix again to get it to work properly and I tested with eicar to make sure its working all nice and good so I am happy to report all is well.

Like I said I am not sure what the problem was but I reverted to a backed up copy of some files relating to kapersky and all is well.

kav still in the same place as well

Just need to sort out imap and one other thing and its all sorted - woot woot