HTTP Anti-Virus Proxy
http://havp.hege.li/forum/

HAVP 0.86 and AVAST -- Could not read from scanner socket
http://havp.hege.li/forum/viewtopic.php?f=3&t=244		 Page 1 of 1
Author:  joer [ 06 Jun 2007 21:41 ]
Post subject:  HAVP 0.86 and AVAST -- Could not read from scanner socket
Hey all, me again.

I've been testing HAVP with different virus scanners to see how well they all work, pick up on threats, load the system, etc. I'm running into some trouble with AVAST!

When I start HAVP with only AVAST, HAVP starts up fine, and both the HAVP log and the avastd.log indicate that it correctly picks up on the EICAR test pattern as part of HAVP initialization.

However, when I process any page, I get a very long timeout (2 minutes?) and eventually see "Avast: Could not read from scanner socket".

I've tried running AVAST as both root (the default) and clamav to match HAVP. I've tried loosening the /var/run/avast4/local.sock permissions. I've also tried running avastd using the TCP server, running on 127.0.0.1. Each time the results are the same.

My hunch is that Avast may have changed their protocol?

I'm running HAVP 0.86
Avast Lib Engine 4.7.1
Avst 4 Server 3.0.1
Squid 2.6 STABLE 6 (redhat EL 5 stock)

I tried setting the LOGLEVEL in HAVP to 1, but didn't get much more interesting stuff.

I do see an entry in the avastd.log file, indicating that it scanned a file in /var/tmp/havp/havp-XXXX. But there's only the one entry before "avastserverpeer: connection timeout".

Thanks in advance for any light you can shed on this.

Cheers!
-Joe Rhodes
Author:  flowerpig [ 14 Aug 2007 16:34 ]
Post subject: 
Yes, Have that problem, I modify the source,can be fix it.

vi havp/scanners/avastscanner.cpp
find that code (At 162 lines)
Code:
    while ( MatchBegin( Response, "221", 3 ) == false );

replace to
Code:
    while (( MatchBegin( Response, "221", 3 ) == false) and (Response != "" ));

recompile havp,That be fix.
Page 1 of 1 All times are UTC + 2 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/