[Rspamd-Users] Avast antivirus - IO timeout

Tomasz Kaźmierczak tkazmierczak at man.poznan.pl
Tue Mar 12 11:14:38 UTC 2024 

Hello,

we trying Avast as antivirus for rspamd (now have 30-day trial license).

Rspamd and Avast on the same VM.

Standard configuration:

# local.d/antivirus.conf

avast {

   symbol = "AVAST_VIRUS";
   servers = "127.0.0.1:8080";

   scan_mime_parts = true; # (Default) Just attachments
   use_files = false; # (Default) Or true if you need the file mode (not 
recommend)
   use_https = false; # (Default) Enable if you like to use SSL

   warnings_as_threat = false; # (Default)

   # https://repo.avcdn.net/linux-av/doc/avast-techdoc.pdf
   parameter = {
     archives = true, # (Default)
     # email = false,
     # full = false,
     # pup = false,
     # heuristics = 40,
     # detections = false,

   }
}

And rspamd.log:

2024-03-12 10:46:36 #909(main) <7festm>; lua; lua_util.lua:1216: enable 
debug for Lua module avast (antivirus aliased)
2024-03-12 10:46:36 #909(main) <7festm>; lua; antivirus.lua:209: added 
antivirus engine avast -> AVAST_VIRUS
2024-03-12 10:48:33 #1188(normal) <d6edc7>; avast; avast.lua:168: 
established connection to 127.0.0.1:8080; retransmits=0
2024-03-12 10:48:37 #1188(normal) <d6edc7>; lua; avast.lua:179: failed 
to request to avast (127.0.0.1:8080): IO timeout
2024-03-12 10:48:37 #1188(normal) <d6edc7>; lua; avast.lua:148: 
AVAST_VIRUS [avast]: failed to scan, maximum retransmits exceed
2024-03-12 10:48:37 #1188(normal) <d6edc7>; lua; common.lua:113: avast: 
result - FAILED with error: "failed to scan and retransmits exceed - 
score: 0"
2024-03-12 10:48:37 #1188(normal) <d6edc7>; task; finalize_item: slow 
rule: AVAST_VIRUS(328): 4006.03 ms; enable slow timer delay

Avast log:

Mar 12 10:48:33 mosaic-rspamd-proxy avast-rest[1275]: Session: 
[7fd678000cd0] New connection from 127.0.0.1:49954

avast-rest is working properly:

/usr/share/avast$ ./scan-rest.sh eicar.txt
eicar.txt       {"issues":[{"path":["eicar.txt"],"virus":"EICAR Test-NOT 
virus!!!"}],"vps_version":"24031202"}


Is any option to "enable slow timer delay" or increase retransmit?

Maybe some one use AVAST and can help with configuration.


Thank you

kazix


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5799 bytes
Desc: Kryptograficzna sygnatura S/MIME
URL: <https://lists.rspamd.com/pipermail/users/attachments/20240312/3181f4ce/attachment.bin>

More information about the Users mailing list