Running on Red Hat 8
We are using SAVDID interface for Antivirus scan in our application. However, for some reason once is the savdid service starts, there is no lisening port for it
Also, when i check the status of the service, it's says it's running but i also get "Configuration failed hr: 80040220" (see screen shots below)
Here are the savdid.service lines (/etc/systemd/system/savdid.service )
[Unit]
Description=Sophos SAV Dynamic Interface Daemon
After=network.target
[Service]
Type=forking
PIDFile=/var/run/savdid.pid
ExecStart=/usr/local/bin/savdid -d -c /usr/local/savdi/savdid.conf -f /var/run/savdid.pid -s
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
PrivateTmp=true
ProtectSystem=full
ProtectHome=true
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
Here are the savdid.conf lines
#
# Sample configuration file for use on *nix systems
#
#
# The name of a file to hold the process ID
# Only used when running in daemon mode
# Default is /var/run/savdid.pid
pidfile: /var/run/savdid.pid
# User name and group for daemon to switch to for normal running
# savdi must be running as root for this to be useful
#user: savdi
#group: savdi
# No of worker threads to start up
# Normally should be at least the maximum no of clients
# Default is 3
threadcount: 20
# Maximum no of connections/sessions to queue up
# Further connections will be rejected
maxqueuedsessions: 100
# Where to find the virus data if it is held somewhere other than normal
# These options can be specified under the savi configuration but that
# is not advised.
virusdatadir: /opt/sophos-av/lib/sav/
#virusdataname: vdl
idedir: /opt/sophos-av/lib/sav/
# What to do when the daemon must exit
# Options are:-
# DONTWAIT (just exit now!)
# REQUEST (wait for current requests to complete)
# SESSION (wait for current sessions to complete)
# Case 1) An exception has occurred and operation could be compromised
onexception: REQUEST
# Case 2) A request has been made for it to exit
# If there are long running sessions then REQUEST should be considered
onrequest: REQUEST
log {
# Specify the logging mechanism {CONSOLE|FILE|SYSLOG}
type: FILE
# Where to write the log files (if FILE is selected)
logdir: /var/log/savdi/
# Specify the level of logging required
# 0 = errors+threats
# 1 = (0) + process events
# 2 = (1) + session events
# Default is 2
loglevel: 2
}
# Define a IP channel for localhost
channel {
# Send to the log requests received from clients
# For debugging. Default: NO
# logrequests: YES
commprotocol {
type: IP
# IP Address to listen on, default is 0.0.0.0 (any)
address: 0.0.0.0
port: 1344
# Subnet of acceptable client IP addresses.
# Default is to accept from any client.
# subnet: 127.0.0.1/24
# idle timeout in secs when waiting for a request
# 0 is forever. Default: 0
# requesttimeout: 120
# timeout in secs between characters when sending data
sendtimeout: 2
# idle timeout in secs between characters when receiving data
recvtimeout: 10
}
service {
# The name of the service, arbitrary as long as the client
# uses the same name.
name: avscan
# The type of service, for now can only be avscan
type: avscan
scanprotocol {
# The type of protocol in use. Can only be ICAP.
type: ICAP
# Version of the configuration for this service.
# Update when changes are made that may alter the
# result returned to the client. Default: XXX
version: 1.02
# Objects sent for scanning can be retained if they are
# infected or cause the service a problem. Allowed values
# are NONE, MALWARE, PROBLEM, ALL. ALL meaning both
# MALWARE and PROBLEM. Default: NONE
# retain: NONE
# A list of file extensions for files which the client
# should not send to this server. The list is sent as-is
# to the client. See ICAP Transfer-Ignore header. A
# Transfer-Complete: * header is automatically added.
# Default is none.
# dontsend: .jpg, .gif, .bmp, .tiff
# 204 is the ICAP code indicating that the object
# sent for processing is unmodified and OK and will
# not be returned to the client. Default: NO
# allow204: NO
# Don't automatically close the connection after a
# transaction. Default: NO
keepalive: YES
# Maximum permitted size, in bytes, of the body in a request.
# Zero is no limit. Default: 0
# maxbodysize: 0
# Maximum amount of memory, in bytes, to use for an object, before
# putting it into a temporary file. Default: 1000000
#maxmemorysize: 1024
# Maximum size of the chunks, in bytes, for returned data, 0 is
# no maximum. Default: 0
# maxchunksize: 0
# Where to place and name temporary files
# Default: <standard temp directory>/SAVDI_
# On *nix systems: /var/tmp/SAVDI_
# tmpfilestub: /var/tmp/savdi/files/icap_
# The block-* options determine what to do with files
# that result in some sort of error.
# Any of these files may be infected.
# NB Files identified as malware are always blocked.
# Treat zip-bombs as malignant. Zip-bombs are compressed
# files that have many files which are vary highly
# compressed. They are intended to either deny use of
# a scanner by keeping it occupied for excessive periods
# or use excessive resources, such as disc space on the
# end-point. Default: YES
# block-bombs: YES
# Block encrypted files. Encrypted files cannot be scanned
# and may harbour malware. Default: NO
# block-encrypted: NO
# Block corrupt files. Some files are simply corrupt, others
# may not conform to the standard, or one of its known
# variants, but may still be usable. Default: NO
# block-corrupt: NO
# Block timeouts. It took too long to scan the file and
# the scan was terminated early. (See the maxscantime
# option in the scanner section.) Default: YES
# block-timeouts: YES
# The AV engine returned some other error. Scanning of the
# file possibly did not complete. Default: YES
# block-errors: YES
# The AV engine caused an exception. Exceptions can be
# considered as errors that were not caught in time.
# Scanning of the file did not complete. Default: YES
# block-exceptions: YES
# At least one client (c-icap) seems to always expect a
# body, even an empty one. Default: NO
# forceemptybody: YES
}
scanner {
# See the SAVDI documentation for details for configuring
# SAVI
type: SAVI
inprocess: YES
# Turn on auto-stop, ie zip-bomb detection
savists: enableautostop 1
# Turn on most of the other options
savigrp: grpsuper 1
# Limit the time taken to scan a file to this number of seconds
# Zero is forever. Default: 0
# maxscantime: 0
}
}
# Other services with different configurations can be defined
# service {
# name: sophosdef
# type: avscan
#
# scanprotocol {
# type: ICAP
# keepalive: YES
# allow204: NO
# maxmemorysize: 1000000
# maxchunksize: 1000
# }
#
# scanner {
# type: SAVI
# inprocess: YES
# }
# }
}
#
# Define an IP channel for SSSP
#
channel {
commprotocol {
type: IP
# IP Address to listen on, default is 0.0.0.0 (any)
address: 0.0.0.0
port: 4010
# Subnet of acceptable client IP addresses
#subnet: 172.18.33.14/16
# idle timeout in secs when waiting for a request
# 0, the default, is forever
requesttimeout: 120
# timeout in secs between characters when sending data
sendtimeout: 2
# idle timeout in secs between characters when receiving data
recvtimeout: 5
}
scanprotocol {
type: SSSP
# Do we allow the client to use SCANFILE?
allowscanfile: FILE
# Do we allow the client to use SCANDATA?
allowscandata: NO
# If SCANDATA is allowed:-
# maximum amount of data, in bytes, the client can send
maxscandata: 500000
# maximum amount, in bytes, to held in memory before using a temp file
maxmemorysize: 250000
# path name and stub for generating temp file names.
tmpfilestub: /tmp/savid_tmp
# Log each request made by a client?
# logrequests: YES
}
scanner {
# type and inprocess can only be SAVI and YES for now
type: SAVI
inprocess: YES
# Max time to be allowed for scanning a single file
maxscantime: 6
# Max time in seconds to be allowed to complete a request
maxrequesttime: 15
# Deny scanning of /dev and my home directory
# except for the test directory, Everything else
# is allowed
# If deny is used then everything else is allowed unless
# explicitly denied
# If allow is used then everything else is denied unless
# explicitly allowed.
# If a directory tree is allowed, sub-trees may be explicitly
# denied, but the converse is not true. If a directory tree
# is denied it is not possible to allow subtrees.
deny: /dev
deny: /home
# allow: /home/specialuser
#Some SAVI/Engine options
savigrp: GrpArchiveUnpack 1
savigrp: GrpInternet 1
savists: Xml 1
}
}
This thread was automatically locked due to age.
