I have kapersky installed on my server and under the previous ask it wrked fine, but now seems to running into some problems after the last mini update of files.
The activity output follows the same pattern of
04:21:09 vps123456-0 2 1002 vps123456-0 before-queue[15851]: LOG Internal error in handler `20-kav-rcpt-GtOoZQ`. Skip handler.
04:21:09 vps123456-0 2 1002 vps123456-0 kav-handler[15859]: Failed to parse /opt/kav/sdk8l3/etc/kav-handler.cfg
04:21:09 vps123456-0 2 1002 vps123456-0 before-queue[15851]: handlers_stderr: I/O warning : failed to load external entity "/opt/kav/sdk8l3/etc/kav-handler.cfg"
04:21:09 vps123456-0 2 1002 vps123456-0 before-queue[15851]: call_handlers: Error during call `/usr/local/psa/handlers/info/20-kav-rcpt-hFHjvZ/executable` handler
I presume something has been locked down that stopping it from executing a command. I did try and look in the config and saw some references to restricting processes that made calls but I didn't want to mess about with it.
Any pointers are greatly appreciated as we have a high volume of mail and want to have all the layers possible as we dont have asl kernel enhancements.
Cheers
Kapersky AntI virus Problem
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: Kapersky AntI virus Problem
Yeah its probably trying to do something scary and the kernel is blocking it. Check your logs for grsec messages related to it and hit the Report False Positive button on them.
Re: Kapersky AntI virus Problem
Hi Scott, Im running a VPS server and no kernel enhancements are in place. ( Not sure if thats related to what your saying about the kernel blocking )
Kapersky has been working fine for the last two months and IMAP since the server was online - all with ASL 2.0 in place however since updating on the 19th July to ASL 3 problems have developed which are causing major problems.
I am not in doubt this can be fixed but its causing a headache from impatient users.
I will do the false positive thing now and hopefully can get it sorted.
edit ---- > I have submitted the false positives via the asl system. How does it work, do I get notified of an update or does it silently do its thing ?
ps - I presume the "fix" will actually fix it and not just remove the errors from the log as its an antivirus so it needs to work ;0)
Thanks
Kapersky has been working fine for the last two months and IMAP since the server was online - all with ASL 2.0 in place however since updating on the 19th July to ASL 3 problems have developed which are causing major problems.
I am not in doubt this can be fixed but its causing a headache from impatient users.
I will do the false positive thing now and hopefully can get it sorted.
edit ---- > I have submitted the false positives via the asl system. How does it work, do I get notified of an update or does it silently do its thing ?
ps - I presume the "fix" will actually fix it and not just remove the errors from the log as its an antivirus so it needs to work ;0)
Thanks
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Kapersky AntI virus Problem
I dont use KAV, but I'd say thats your problem. Looks like KAV cant load its config. Unfortunately, thats not something ASL would have anything to do with, so not much we can do to help. I'd check that config and contact KAspersky about this error.04:21:09 vps123456-0 2 1002 vps123456-0 before-queue[15851]: handlers_stderr: I/O warning : failed to load external entity "/opt/kav/sdk8l3/etc/kav-handler.cfg"
Yep, thats what Scott meant. Since you are on a VPS, you aren't using the ASL kernel, therefore you can completely rule out ASL. Its not the cause.Hi Scott, Im running a VPS server and no kernel enhancements are in place. ( Not sure if thats related to what your saying about the kernel blocking )
Those error messahes look like something is wrong with the mail handler, definitely ask Kaspersky and your mail vendor what those messages mean too, and let us know what they tell you. I think your config is just missing (or maybe KAV got upgraded and its in a different place?)edit ---- > I have submitted the false positives via the asl system. How does it work, do I get notified of an update or does it silently do its thing ?
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Kapersky AntI virus Problem
Ok will look into this and see if i can get a response back.mikeshinn wrote:I dont use KAV, but I'd say thats your problem. Looks like KAV cant load its config. Unfortunately, thats not something ASL would have anything to do with, so not much we can do to help. I'd check that config and contact KAspersky about this error.04:21:09 vps123456-0 2 1002 vps123456-0 before-queue[15851]: handlers_stderr: I/O warning : failed to load external entity "/opt/kav/sdk8l3/etc/kav-handler.cfg"
Yep, thats what Scott meant. Since you are on a VPS, you aren't using the ASL kernel, therefore you can completely rule out ASL. Its not the cause.Hi Scott, Im running a VPS server and no kernel enhancements are in place. ( Not sure if thats related to what your saying about the kernel blocking )
Those error messahes look like something is wrong with the mail handler, definitely ask Kaspersky and your mail vendor what those messages mean too, and let us know what they tell you. I think your config is just missing (or maybe KAV got upgraded and its in a different place?)edit ---- > I have submitted the false positives via the asl system. How does it work, do I get notified of an update or does it silently do its thing ?
Thanks
Re: Kapersky AntI virus Problem
Hi Scott, I am not sure what this was but I had to go through a process of uninstalling restoring the kav sdk from a backup and switch to qmail and back to postfix again to get it to work properly and I tested with eicar to make sure its working all nice and good so I am happy to report all is well.
Like I said I am not sure what the problem was but I reverted to a backed up copy of some files relating to kapersky and all is well.
kav still in the same place as well
Just need to sort out imap and one other thing and its all sorted - woot woot
Like I said I am not sure what the problem was but I reverted to a backed up copy of some files relating to kapersky and all is well.
kav still in the same place as well
Just need to sort out imap and one other thing and its all sorted - woot woot