I have been using antivir with amavisd-new for years. Late last year, updates were having a hard time, so I updated it to version 3, and after some work got it running ok (though it required avguard daemon running). Lately, it has been failing to update, though I found updating via product=Scanner would work. Figuring I may need to update soon, I downloaded the latest, 3.1.3.4. After some work, I think I have it working, but have one question. Unlike previous versions, it appears to me that only root can now scan, meaning a user and amavis now fail unless I set the scanning file, avscan, suid. I am not that comfortable setting a program SUID that would be interacting with possible viruses, and is not the default permissions. How bad is it to run this SUID? Does anyone else have any better understanding of the latest antivir? I believe the below will illustrate my point and findings so far. jmorris:/home/joe # cd /usr/lib/AntiVir/guard/ jmorris:/usr/lib/AntiVir/guard # chmod 755 avscan jmorris:/usr/lib/AntiVir/guard # ls -l avscan -rwxr-xr-x 1 root vscan 2182456 2010-03-26 09:04 avscan jmorris:/usr/lib/AntiVir/guard # avscan --allfiles Avira AntiVir Personal (ondemand scanner) Copyright (C) 2010 by Avira GmbH. All rights reserved. SAVAPI-Version: 3.1.1.8, AVE-Version: 8.2.1.204 VDF-Version: 7.10.5.241 created 20100326 AntiVir license: 0000149996 Info: automatically excluding /sys/ from scan (special fs) Info: automatically excluding /proc/ from scan (special fs) Info: automatically excluding /var/spool/amavis/virusmails/ from scan (quarantine) scan progress: directory "/usr/lib/AntiVir/guard/" scan progress: symbolic link "/usr/lib/AntiVir/guard/libdazuko.so" points to an earmarked file (skipped) ------ scan results ------ directories: 1 scanned files: 97 skipped: 3 alerts: 0 suspicious: 0 scan time: 00:00:01 -------------------------- jmorris:/usr/lib/AntiVir/guard # rcavguard stop Stopping AVIRA AntiVir Workstation Personal ... Stopping: avguard.bin done jmorris:/usr/lib/AntiVir/guard # avscan --allfiles Error: Failed to connect to Guard daemon You need to start avguard before using on-demand scans. You need root-access to do that. jmorris:/usr/lib/AntiVir/guard # rcavguard start Starting AVIRA AntiVir Workstation Personal ... Starting: avguard.bin done jmorris:/usr/lib/AntiVir/guard # exit exit joe@jmorris:~> avscan --allfiles Warning: quarantine directory /var/spool/amavis/virusmails/ not accessible Error: Failed to connect to Guard daemon joe@jmorris:~> su Password: jmorris:/home/joe # cd /usr/lib/AntiVir/guard/ jmorris:/usr/lib/AntiVir/guard # chmod 4755 avscan jmorris:/usr/lib/AntiVir/guard # exit exit joe@jmorris:~> avscan --allfiles Warning: quarantine directory /var/spool/amavis/virusmails/ not accessible Avira AntiVir Personal (ondemand scanner) Copyright (C) 2010 by Avira GmbH. All rights reserved. SAVAPI-Version: 3.1.1.8, AVE-Version: 8.2.1.204 VDF-Version: 7.10.5.241 created 20100326 AntiVir license: 0000149996 Info: automatically excluding /sys/ from scan (special fs) Info: automatically excluding /proc/ from scan (special fs) Info: automatically excluding /var/lib/ntp/proc/ from scan (special fs) Info: automatically excluding /var/spool/amavis/virusmails/ from scan (quarantine) scan progress: directory "/home/joe/" scan progress: symbolic link "/home/joe/.DCOPserver_jmorris_:0" points to an earmarked file (skipped) scan progress: inaccessible file "/home/joe/.gvfs" was skipped ------ scan results ------ directories: 1 scanned files: 42 skipped: 76 alerts: 0 suspicious: 0 scan time: 00:00:01 -------------------------- joe@jmorris:~> example from mail log: Mar 27 17:16:00 jmorris amavis[3856]: (03856-02) (!)run_av (Avira AntiVir) FAILED - unexpected exit 251, output="Error: Failed to connect to Guard daemon" Mar 27 17:16:00 jmorris amavis[3856]: (03856-02) (!)Avira AntiVir av-scanner FAILED: /usr/bin/avscan unexpected exit 251, output="Error: Failed to connect to Guard daemon" at (eval 111) line 594. -- Joe Morris Registered Linux user 231871 running openSUSE 11.1 x86_64 -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org