This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SAVDID interface service not starting properly and no lisening port

Running on Red Hat 8

We are using SAVDID interface for Antivirus scan in our application. However, for some reason once is the savdid service starts, there is no lisening port for it

Also, when i check the status of the service, it's says it's running but i also get  "Configuration failed hr: 80040220"  (see screen shots below)

Here are the savdid.service lines (/etc/systemd/system/savdid.service )

 

[Unit]

Description=Sophos SAV Dynamic Interface Daemon

After=network.target

 

[Service]

Type=forking

PIDFile=/var/run/savdid.pid

ExecStart=/usr/local/bin/savdid -d -c /usr/local/savdi/savdid.conf -f /var/run/savdid.pid -s

ExecReload=/bin/kill -HUP $MAINPID

Restart=on-failure

PrivateTmp=true

ProtectSystem=full

ProtectHome=true

NoNewPrivileges=true

 

[Install]

WantedBy=multi-user.target

Here are the savdid.conf lines

#
# Sample configuration file for use on *nix systems
#
#

# The name of a file to hold the process ID
# Only used when running in daemon mode
# Default is /var/run/savdid.pid

pidfile: /var/run/savdid.pid

# User name and group for daemon to switch to for normal running
# savdi must be running as root for this to be useful
#user: savdi
#group: savdi

# No of worker threads to start up
# Normally should be at least the maximum no of clients
# Default is 3
threadcount: 20

# Maximum no of connections/sessions to queue up
# Further connections will be rejected
maxqueuedsessions: 100

# Where to find the virus data if it is held somewhere other than normal
# These options can be specified under the savi configuration but that
# is not advised.

virusdatadir: /opt/sophos-av/lib/sav/
#virusdataname: vdl
idedir: /opt/sophos-av/lib/sav/

# What to do when the daemon must exit
# Options are:-
# DONTWAIT (just exit now!)
# REQUEST (wait for current requests to complete)
# SESSION (wait for current sessions to complete)
# Case 1) An exception has occurred and operation could be compromised
onexception: REQUEST

# Case 2) A request has been made for it to exit
# If there are long running sessions then REQUEST should be considered
onrequest: REQUEST

log {
# Specify the logging mechanism {CONSOLE|FILE|SYSLOG}

type: FILE

# Where to write the log files (if FILE is selected)
logdir: /var/log/savdi/

# Specify the level of logging required
# 0 = errors+threats
# 1 = (0) + process events
# 2 = (1) + session events
# Default is 2

loglevel: 2
}


# Define a IP channel for localhost

channel {

# Send to the log requests received from clients
# For debugging. Default: NO
# logrequests: YES


commprotocol {
type: IP

# IP Address to listen on, default is 0.0.0.0 (any)
address: 0.0.0.0
port: 1344

# Subnet of acceptable client IP addresses.
# Default is to accept from any client.
# subnet: 127.0.0.1/24

# idle timeout in secs when waiting for a request
# 0 is forever. Default: 0
# requesttimeout: 120

# timeout in secs between characters when sending data
sendtimeout: 2

# idle timeout in secs between characters when receiving data
recvtimeout: 10
}

service {
# The name of the service, arbitrary as long as the client
# uses the same name.
name: avscan

# The type of service, for now can only be avscan
type: avscan

scanprotocol {
# The type of protocol in use. Can only be ICAP.
type: ICAP

# Version of the configuration for this service.
# Update when changes are made that may alter the
# result returned to the client. Default: XXX
version: 1.02

# Objects sent for scanning can be retained if they are
# infected or cause the service a problem. Allowed values
# are NONE, MALWARE, PROBLEM, ALL. ALL meaning both
# MALWARE and PROBLEM. Default: NONE
# retain: NONE

# A list of file extensions for files which the client
# should not send to this server. The list is sent as-is
# to the client. See ICAP Transfer-Ignore header. A
# Transfer-Complete: * header is automatically added.
# Default is none.
# dontsend: .jpg, .gif, .bmp, .tiff

# 204 is the ICAP code indicating that the object
# sent for processing is unmodified and OK and will
# not be returned to the client. Default: NO
# allow204: NO

# Don't automatically close the connection after a
# transaction. Default: NO
keepalive: YES

# Maximum permitted size, in bytes, of the body in a request.
# Zero is no limit. Default: 0
# maxbodysize: 0

# Maximum amount of memory, in bytes, to use for an object, before
# putting it into a temporary file. Default: 1000000
#maxmemorysize: 1024

# Maximum size of the chunks, in bytes, for returned data, 0 is
# no maximum. Default: 0
# maxchunksize: 0

# Where to place and name temporary files
# Default: <standard temp directory>/SAVDI_
# On *nix systems: /var/tmp/SAVDI_
# tmpfilestub: /var/tmp/savdi/files/icap_


# The block-* options determine what to do with files
# that result in some sort of error.

# Any of these files may be infected.

# NB Files identified as malware are always blocked.

# Treat zip-bombs as malignant. Zip-bombs are compressed
# files that have many files which are vary highly
# compressed. They are intended to either deny use of
# a scanner by keeping it occupied for excessive periods
# or use excessive resources, such as disc space on the
# end-point. Default: YES
# block-bombs: YES

# Block encrypted files. Encrypted files cannot be scanned
# and may harbour malware. Default: NO
# block-encrypted: NO

# Block corrupt files. Some files are simply corrupt, others
# may not conform to the standard, or one of its known
# variants, but may still be usable. Default: NO
# block-corrupt: NO

# Block timeouts. It took too long to scan the file and
# the scan was terminated early. (See the maxscantime
# option in the scanner section.) Default: YES
# block-timeouts: YES

# The AV engine returned some other error. Scanning of the
# file possibly did not complete. Default: YES
# block-errors: YES

# The AV engine caused an exception. Exceptions can be
# considered as errors that were not caught in time.
# Scanning of the file did not complete. Default: YES
# block-exceptions: YES

# At least one client (c-icap) seems to always expect a
# body, even an empty one. Default: NO
# forceemptybody: YES
}

scanner {
# See the SAVDI documentation for details for configuring
# SAVI

type: SAVI
inprocess: YES

# Turn on auto-stop, ie zip-bomb detection
savists: enableautostop 1

# Turn on most of the other options
savigrp: grpsuper 1

# Limit the time taken to scan a file to this number of seconds
# Zero is forever. Default: 0
# maxscantime: 0
}
}

# Other services with different configurations can be defined

# service {
# name: sophosdef
# type: avscan
#
# scanprotocol {
# type: ICAP
# keepalive: YES
# allow204: NO
# maxmemorysize: 1000000
# maxchunksize: 1000
# }
#
# scanner {
# type: SAVI
# inprocess: YES
# }
# }
}

#
# Define an IP channel for SSSP
#

channel {

commprotocol {
type: IP

# IP Address to listen on, default is 0.0.0.0 (any)

address: 0.0.0.0
port: 4010

# Subnet of acceptable client IP addresses

#subnet: 172.18.33.14/16

# idle timeout in secs when waiting for a request
# 0, the default, is forever
requesttimeout: 120

# timeout in secs between characters when sending data
sendtimeout: 2

# idle timeout in secs between characters when receiving data
recvtimeout: 5
}

scanprotocol {
type: SSSP

# Do we allow the client to use SCANFILE?
allowscanfile: FILE

# Do we allow the client to use SCANDATA?
allowscandata: NO

# If SCANDATA is allowed:-
# maximum amount of data, in bytes, the client can send
maxscandata: 500000
# maximum amount, in bytes, to held in memory before using a temp file
maxmemorysize: 250000
# path name and stub for generating temp file names.
tmpfilestub: /tmp/savid_tmp

# Log each request made by a client?
# logrequests: YES
}

scanner {
# type and inprocess can only be SAVI and YES for now
type: SAVI
inprocess: YES

# Max time to be allowed for scanning a single file
maxscantime: 6

# Max time in seconds to be allowed to complete a request
maxrequesttime: 15

# Deny scanning of /dev and my home directory
# except for the test directory, Everything else
# is allowed
# If deny is used then everything else is allowed unless
# explicitly denied
# If allow is used then everything else is denied unless
# explicitly allowed.
# If a directory tree is allowed, sub-trees may be explicitly
# denied, but the converse is not true. If a directory tree
# is denied it is not possible to allow subtrees.

deny: /dev
deny: /home
# allow: /home/specialuser

#Some SAVI/Engine options
savigrp: GrpArchiveUnpack 1
savigrp: GrpInternet 1
savists: Xml 1
}
}



This thread was automatically locked due to age.