Discussion:
F-Secure and failure to start
(too old to reply)
Alex
2016-06-23 02:21:08 UTC
Permalink
Hi,
I've installed the downloadable trial version of F-Secure for Linux
(installed on fedora) and it appears to be running properly. However,
amavis doesn't seem to be able to control it.

Jun 22 22:17:56 mail01 amavis[4471]: (04471-01) (!)run_av (F-Secure
Linux Security) FAILED - unexpected exit 1, output="Something wrong in
initializing backend. Code:256\nFATAL: Failed to get configuration"
Jun 22 22:17:56 mail01 amavis[4471]: (04471-01) (!)F-Secure Linux
Security av-scanner FAILED: /usr/bin/fsav unexpected exit 1,
output="Something wrong in initializing backend. Code:256\nFATAL:
Failed to get configuration" at (eval 87) line 905.

Where is the configuration file it is referencing?

This doesn't appear to be using a socket like clamav or sophos use. Is
there a more optimized configuration available that uses the f-secure
socket?

I have the following configuration in my amavisd.conf:

### http://www.f-secure.com/ version 9.14
['F-Secure Linux Security',
['/usr/bin/fsav', 'fsav'],
'--virus-action1=report --archive=yes --auto=yes '.
'--list=no --nomimeerr {}', [0], [3,4,6,8],
qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
# NOTE: internal archive handling may be switched off by '--archive=no'
# to prevent fsav from exiting with status 9 on broken archives

Can someone confirm for me that the above is the proper method of
invocation for the current version (11.0 build 79) of f-secure?
Alex
2016-06-26 23:48:24 UTC
Permalink
Hi all, I was really hoping someone had some experience with the
F-Secure antivirus scanner and Linux. Is there no one out there using
it any longer?

Can you make a recommendation for another virus scanner besides Sophos
(sucks) and clamav+sane?
Post by Alex
Hi,
I've installed the downloadable trial version of F-Secure for Linux
(installed on fedora) and it appears to be running properly. However,
amavis doesn't seem to be able to control it.
Jun 22 22:17:56 mail01 amavis[4471]: (04471-01) (!)run_av (F-Secure
Linux Security) FAILED - unexpected exit 1, output="Something wrong in
initializing backend. Code:256\nFATAL: Failed to get configuration"
Jun 22 22:17:56 mail01 amavis[4471]: (04471-01) (!)F-Secure Linux
Security av-scanner FAILED: /usr/bin/fsav unexpected exit 1,
Failed to get configuration" at (eval 87) line 905.
Where is the configuration file it is referencing?
This doesn't appear to be using a socket like clamav or sophos use. Is
there a more optimized configuration available that uses the f-secure
socket?
### http://www.f-secure.com/ version 9.14
['F-Secure Linux Security',
['/usr/bin/fsav', 'fsav'],
'--virus-action1=report --archive=yes --auto=yes '.
'--list=no --nomimeerr {}', [0], [3,4,6,8],
qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
# NOTE: internal archive handling may be switched off by '--archive=no'
# to prevent fsav from exiting with status 9 on broken archives
Can someone confirm for me that the above is the proper method of
invocation for the current version (11.0 build 79) of f-secure?
Thomas Jarosch
2016-06-27 07:33:06 UTC
Permalink
Hi Alex,
Post by Alex
### http://www.f-secure.com/ version 9.14
['F-Secure Linux Security',
['/usr/bin/fsav', 'fsav'],
'--virus-action1=report --archive=yes --auto=yes '.
'--list=no --nomimeerr {}', [0], [3,4,6,8],
qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
# NOTE: internal archive handling may be switched off by
'--archive=no'
# to prevent fsav from exiting with status 9 on broken archives
Can someone confirm for me that the above is the proper method of
invocation for the current version (11.0 build 79) of f-secure?
your invocation line looks ok to me, but the devil might be in the details.

Here's my invocation line:

--------------------------
@av_scanners = (
['F-Secure Antivirus', '/opt/f-secure/fssp/bin/fsav',
'--allfiles --mime --archive --usedaemon --nopass --nomimeerr --nomimepart --noinvalidmime --maxnested=20 {}',
[0,4,8],
[3,6],
qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
);
--------------------------

You can try the following:

Invoke fsav from the cmdline as root user. If you can scan an eicar test file with it,
try again after changing to the amavisd user. May be it's a permission problem
that when the fsav binary is invoked as the amavisd user,
it does not have access to the F-secure daemon socket.

Besides that I can't offer much help :)

Cheers,
Thomas
Dino Edwards
2016-06-27 13:06:27 UTC
Permalink
I can't offer any help with F-Secure, the only thing I know is Sophos, I've actually written a guide on how to integrate with amavis which I can share if you care. I know you said it sucks, just curious why do you believe it does.
-----Original Message-----
From: amavis-users [mailto:amavis-users-
Sent: Sunday, June 26, 2016 7:48 PM
Subject: Re: F-Secure and failure to start
Hi all, I was really hoping someone had some experience with the F-Secure
antivirus scanner and Linux. Is there no one out there using it any longer?
Can you make a recommendation for another virus scanner besides Sophos
(sucks) and clamav+sane?
Post by Alex
Hi,
I've installed the downloadable trial version of F-Secure for Linux
(installed on fedora) and it appears to be running properly. However,
amavis doesn't seem to be able to control it.
Jun 22 22:17:56 mail01 amavis[4471]: (04471-01) (!)run_av (F-Secure
Linux Security) FAILED - unexpected exit 1, output="Something wrong in
initializing backend. Code:256\nFATAL: Failed to get configuration"
Jun 22 22:17:56 mail01 amavis[4471]: (04471-01) (!)F-Secure Linux
Security av-scanner FAILED: /usr/bin/fsav unexpected exit 1,
Failed to get configuration" at (eval 87) line 905.
Where is the configuration file it is referencing?
This doesn't appear to be using a socket like clamav or sophos use. Is
there a more optimized configuration available that uses the f-secure
socket?
### http://www.f-secure.com/ version 9.14
['F-Secure Linux Security',
['/usr/bin/fsav', 'fsav'],
'--virus-action1=report --archive=yes --auto=yes '.
'--list=no --nomimeerr {}', [0], [3,4,6,8],
qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
# NOTE: internal archive handling may be switched off by '--archive=no'
# to prevent fsav from exiting with status 9 on broken archives
Can someone confirm for me that the above is the proper method of
invocation for the
Jyrki Tuohela
2016-06-28 07:33:01 UTC
Permalink
Hello,

In my experience F-secure works well in Debian based distros. You run the F-secure installation package, I prefer command line version in servers.
Then it installs everything under /opt (don't have right now server to check, but it is maybe /opt/f-secure/ ) Logs go under /var/opt/f-secure if i remember right.
F-secure configuration files are under /opt/f-secure/fssp (or fsav or ...)

F-secure works as daemon, too. If you define in amavis-configuration file F-secure work as daemon it just works. You should check user and group settings so, that F-secure can write to amavis-owned folders. Maybe adding F-secure to amavis group and giving write-rights to that group helps.

This should be the method to start with. In Fedora also might be some differences in configuring F-secure, but most likely it is possible to get it work with some work.

Kind regards

Jyrki
________________________________________
From: amavis-users [amavis-users-bounces+jyrki.tuohela=***@amavis.org] On Behalf Of Alex [***@gmail.com]
Sent: Thursday, June 23, 2016 5:21
To: amavis-***@amavis.org
Subject: F-Secure and failure to start

Hi,
I've installed the downloadable trial version of F-Secure for Linux
(installed on fedora) and it appears to be running properly. However,
amavis doesn't seem to be able to control it.

Jun 22 22:17:56 mail01 amavis[4471]: (04471-01) (!)run_av (F-Secure
Linux Security) FAILED - unexpected exit 1, output="Something wrong in
initializing backend. Code:256\nFATAL: Failed to get configuration"
Jun 22 22:17:56 mail01 amavis[4471]: (04471-01) (!)F-Secure Linux
Security av-scanner FAILED: /usr/bin/fsav unexpected exit 1,
output="Something wrong in initializing backend. Code:256\nFATAL:
Failed to get configuration" at (eval 87) line 905.

Where is the configuration file it is referencing?

This doesn't appear to be using a socket like clamav or sophos use. Is
there a more optimized configuration available that uses the f-secure
socket?

I have the following configuration in my amavisd.conf:

### http://www.f-secure.com/ version 9.14
['F-Secure Linux Security',
['/usr/bin/fsav', 'fsav'],
'--virus-action1=report --archive=yes --auto=yes '.
'--list=no --nomimeerr {}', [0], [3,4,6,8],
qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
# NOTE: internal archive handling may be switched off by '--archive=no'
# to prevent fsav from exiting with status 9 on broken archives

Can someone confirm for me that the above is the proper method of
invocation for the current version (11.0 build 79) of f-secure?

Loading...