Migration Guide from kav4samba to kav4fs

1. Backup kav4samba configuration file (/etc/opt/kaspersky/kav4samba.conf)

2. Uninstall kav4samba
a. Stop kav4samba by running /etc/init.d/kav4samba stop
b. Stop Samba by running /etc/init.d/smb stop
c. Uninstall kav4samba by running rpm -e kav4samba
d. Start Samba by running /etc/init.d/smb start
3. [Optional] Install webmin (for web-based remote configuration of kav4fs) by
running rpm i webmin-1.510-1.noarch.rpm

4. Installing kav4fs
a. Run rpm -i kav4fs-5.7-26.i386.rpm

b. Run /opt/kaspersky/kav4fs/lib/bin/setup/postinstall.pl

c. Enter the directory where the license file is located

d. Please enter the proxy information if needed. Normally there will be no
proxy

e. Enter yes and press Enter to download the update. Wait for the
pattern update to finish

f. The pattern update can take anywhere from half an hour to 2 hour,
depending on the Internet connection
speed

g. Enter yes and press Enter to compile the
kavmonitor

h. Once compilation finished successfully, you should see the following.
If you encountered any problem, please refer to the next section
Common Problems

5. Configure kav4fs by editing /etc/opt/kaspersky/kav4fs.conf. Some
recommended settings (/u/TeamMer is the Samba folder)
a. OnInfected=MovePath /tmp/infected
b. ExcludeDirs=/tmp:/proc
c. IncludeDirs=/u/TeamMer:/home
6. Create schedule task for pattern update and on-demand scanning (/u/TeamMer
is the Samba folder)
a. Run crontab e and add the following two lines
i. 0 0-23/1 * * * /opt/kaspersky/bin/kav4fs-keepup2date
ii. 0 0 * * * /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner -
pi/tmp/infected.lst -ps/tmp/suspicion.lst pc/tmp/corrupted.lst -
pw/tmp/warning.lst -o /tmp/kav4fs-kavscanner-`date "+%Y-
%m-%d-$$"`.log /u/TeamMer
7. Create a daily log rotation for all the log files in /var/log/kaspersky/kav4fs
folder
8. [Optional] Install Kaspersky Agent by running rpm -i klnagent-
6.0.529.i386.rpm

Common Problems
1.



2. Invalid Module Format error during kavmonitor compilation
Problem: This is cause by a gcc version mismatch between the default gcc compile at
/usr/bin/gcc and the gcc used to compile the kernel. This can be confirm by
1. Running the command dmesg. You will see a message at the end regarding
kavmon with mismatch gcc version
2. Verify the default gcc version by running gcc version
3. Verify the gcc version used to compile the kernel by running cat
/proc/version

Solution: Install another copy of gcc that matches the kernels gcc version
1. Note the kernels gcc version by running cat /proc/version (Assume the
version is 3.4.0)
2. Go to the GCC website gcc.gnu.org, download the gcc matching kernels
gcc version (e.g., for V3.4.0 ftp://gd.tuwien.ac.at/gnu/gcc/releases/gcc-
3.4.0/gcc-3.4.0.tar.gz)
3. Untar and downloaded gcc (e.g., tar xzf gcc-3.4.0.tar.gz)
4. Change directory to gcc-3.4.0
5. Compile gcc by running the following sequence of command
a. ./configure --prefix=/opt/gcc2 --program-prefix=2
b. make
c. make install
6. Now the correct gcc version is install in the directory /opt/gcc2
7. Make the new gcc the default gcc compiler
a. Note the current default gcc compiler linking by running the following
command ls alF /usr/bin/gcc
b. Run the command rm f /usr/bin/gcc then follow by ln s
/opt/gcc2/<gcc> /usr/bin/gcc (You need to find out the actual gcc file
name from the /opt/gcc2 directory and replace the <gcc>
c. Now build kavmonitor by running the command
/opt/kaspersky/kav4fs/
d. Restore the default gcc compiler. Run the command rm f
/usr/bin/gcc then follow by ln s <previous gcc noted in steps 7a>
/usr/bin/gcc