Kaspersky Labs
aveclient
['KasperskyLab AVP - aveclient',
['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
'/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'],
'-p /var/run/aveserver -s {}/*',
[0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/m,
qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m,
],
NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious, corrupted or protected archives are to be handled.
AntiViral Toolkit Pro (AVP)
['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
'-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ?
qr/infected: (.+)/m,
sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
],
AVPDaemonClient
The kavdaemon and AVPDaemonClient have been removed from Kasperky products and replaced by aveserver and aveclient.
['KasperskyLab AVPDaemonClient',
[ '/opt/AVP/kavdaemon', 'kavdaemon',
'/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
'/opt/AVP/AvpTeamDream', 'AvpTeamDream',
'/opt/AVP/avpdc', 'avpdc' ],
"-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/m ],
Change the startup-script in /etc/init.d/kavd to:
DPARMS="-* -Y -dl -f=/var/lib/maia /var/lib/maia"
or perhaps:
DPARMS="-I0 -Y -* /var/lib/maia"
adjusting /var/lib/maia above to match your $TEMPBASE. The '-f=/var/lib/maia' is needed if not running it as root, so it can find, read, and write its pid file, etc., see 'man kavdaemon'. defUnix.prf: there must be an entry "*/var/lib/maia" (or whatever directory $TEMPBASE specifies) in the 'Names=' section.
cd /opt/AVP/DaemonClients
configure
cd Sample
make
cp AvpDaemonClient /opt/AVP/
su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"
Command-Line Scanner (kavscanner)
['Kaspersky Antivirus v5.5',
['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner',
'/opt/kav/5.5/kav4unix/bin/kavscanner',
'/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'],
'-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25],
qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/m,
# sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
# sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
],
