Kapersky AntI virus Problem

Community support for Plesk, CPanel, WebMin and others with insight from two of the founders of Plesk. Ask for help here! No question is too simple or complicated. :-)
inquis
Forum Regular
Forum Regular
Posts: 104
Joined: Fri May 06, 2011 8:16 pm
Location: UK

Kapersky AntI virus Problem

Unread post by inquis »

I have kapersky installed on my server and under the previous ask it wrked fine, but now seems to running into some problems after the last mini update of files.

The activity output follows the same pattern of

04:21:09 vps123456-0 2 1002 vps123456-0 before-queue[15851]: LOG Internal error in handler `20-kav-rcpt-GtOoZQ`. Skip handler.
04:21:09 vps123456-0 2 1002 vps123456-0 kav-handler[15859]: Failed to parse /opt/kav/sdk8l3/etc/kav-handler.cfg
04:21:09 vps123456-0 2 1002 vps123456-0 before-queue[15851]: handlers_stderr: I/O warning : failed to load external entity "/opt/kav/sdk8l3/etc/kav-handler.cfg"
04:21:09 vps123456-0 2 1002 vps123456-0 before-queue[15851]: call_handlers: Error during call `/usr/local/psa/handlers/info/20-kav-rcpt-hFHjvZ/executable` handler

I presume something has been locked down that stopping it from executing a command. I did try and look in the config and saw some references to restricting processes that made calls but I didn't want to mess about with it.

Any pointers are greatly appreciated as we have a high volume of mail and want to have all the layers possible as we dont have asl kernel enhancements.

Cheers
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Kapersky AntI virus Problem

Unread post by scott »

Yeah its probably trying to do something scary and the kernel is blocking it. Check your logs for grsec messages related to it and hit the Report False Positive button on them.
inquis
Forum Regular
Forum Regular
Posts: 104
Joined: Fri May 06, 2011 8:16 pm
Location: UK

Re: Kapersky AntI virus Problem

Unread post by inquis »

Hi Scott, Im running a VPS server and no kernel enhancements are in place. ( Not sure if thats related to what your saying about the kernel blocking )

Kapersky has been working fine for the last two months and IMAP since the server was online - all with ASL 2.0 in place however since updating on the 19th July to ASL 3 problems have developed which are causing major problems.

I am not in doubt this can be fixed but its causing a headache from impatient users.

I will do the false positive thing now and hopefully can get it sorted.

edit ---- > I have submitted the false positives via the asl system. How does it work, do I get notified of an update or does it silently do its thing ?

ps - I presume the "fix" will actually fix it and not just remove the errors from the log as its an antivirus so it needs to work ;0)

Thanks
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Kapersky AntI virus Problem

Unread post by mikeshinn »

04:21:09 vps123456-0 2 1002 vps123456-0 before-queue[15851]: handlers_stderr: I/O warning : failed to load external entity "/opt/kav/sdk8l3/etc/kav-handler.cfg"
I dont use KAV, but I'd say thats your problem. Looks like KAV cant load its config. Unfortunately, thats not something ASL would have anything to do with, so not much we can do to help. I'd check that config and contact KAspersky about this error.
Hi Scott, Im running a VPS server and no kernel enhancements are in place. ( Not sure if thats related to what your saying about the kernel blocking )
Yep, thats what Scott meant. Since you are on a VPS, you aren't using the ASL kernel, therefore you can completely rule out ASL. Its not the cause.
edit ---- > I have submitted the false positives via the asl system. How does it work, do I get notified of an update or does it silently do its thing ?
Those error messahes look like something is wrong with the mail handler, definitely ask Kaspersky and your mail vendor what those messages mean too, and let us know what they tell you. I think your config is just missing (or maybe KAV got upgraded and its in a different place?)
inquis
Forum Regular
Forum Regular
Posts: 104
Joined: Fri May 06, 2011 8:16 pm
Location: UK

Re: Kapersky AntI virus Problem

Unread post by inquis »

mikeshinn wrote:
04:21:09 vps123456-0 2 1002 vps123456-0 before-queue[15851]: handlers_stderr: I/O warning : failed to load external entity "/opt/kav/sdk8l3/etc/kav-handler.cfg"
I dont use KAV, but I'd say thats your problem. Looks like KAV cant load its config. Unfortunately, thats not something ASL would have anything to do with, so not much we can do to help. I'd check that config and contact KAspersky about this error.
Hi Scott, Im running a VPS server and no kernel enhancements are in place. ( Not sure if thats related to what your saying about the kernel blocking )
Yep, thats what Scott meant. Since you are on a VPS, you aren't using the ASL kernel, therefore you can completely rule out ASL. Its not the cause.
edit ---- > I have submitted the false positives via the asl system. How does it work, do I get notified of an update or does it silently do its thing ?
Those error messahes look like something is wrong with the mail handler, definitely ask Kaspersky and your mail vendor what those messages mean too, and let us know what they tell you. I think your config is just missing (or maybe KAV got upgraded and its in a different place?)
Ok will look into this and see if i can get a response back.

Thanks
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Kapersky AntI virus Problem

Unread post by scott »

This might be related:

http://kb.parallels.com/en/111560
inquis
Forum Regular
Forum Regular
Posts: 104
Joined: Fri May 06, 2011 8:16 pm
Location: UK

Re: Kapersky AntI virus Problem

Unread post by inquis »

Hi Scott, I am not sure what this was but I had to go through a process of uninstalling restoring the kav sdk from a backup and switch to qmail and back to postfix again to get it to work properly and I tested with eicar to make sure its working all nice and good so I am happy to report all is well.

Like I said I am not sure what the problem was but I reverted to a backed up copy of some files relating to kapersky and all is well.

kav still in the same place as well

Just need to sort out imap and one other thing and its all sorted - woot woot
Post Reply