I am running Red Hat Enterprise Linux Server 6.4. I have been trying to get Symantec to work with no progress. My kernel version is 2.6.32-431.5.1.el6.x86_64, so after reading http://www.symantec.com/business/support/index?page=content&id=TECH101598 I went out and got the source to compile against my version (thanks for keeping your software up to date Symantec, your only a few years behind).
I extracted the source and realized I didn't have the utilities to build Symantec. At that point I found the utilities in the rhel-6-server-optional-rpms branch. I added that branch and then installed sharutils and ncompress.
I ran the build and it of course failed. I then found this link, https://www-secure.symantec.com/connect/forums/sav-savap-antivirus-centos-62. I went through the solution listed in the coments and was able to get the build to succeed. At that point all of the builds and installs appeared to work fine.
My build command was: sudo ./build.sh --kernel-dir /lib/modules/$(uname -r)/build
Once it finished I copied the new files over with: cp ./bin.ira/* /opt/Symantec/autoprotect/
I then tried to restart autoprotect and rtvscand.
Output of sudo /etc/init.d/autoprotect restart:
Stopping AP: symap: module in use (symap: count=2)
Starting AP: symev already loaded.
symap already loaded.
Setting major=246 from /proc/symap
Output of sudo /etc/init.d/rtvscand restart:
Stopping rtvscand: FAILED
Starting rtvscand: ................................. (it eventually times out with a failed message.)
I then took a look at /var/log/messages and get:
rtvscand: --- rtvscand started (pid 8874) ---
rtvscand: rtvscand running as daemon
rtvscand: rtvscand shutdown -- was running 0:00
rtvscand: --- rtvscand (pid 8874) has terminated ---
symcfgd: subscriber 18 has left -- closed 1 remaining handles
I tried some other commands hoping to get information about the state of the software or a specific error message.
output of sudo /opt/Symantec/symantec_antivirus/sav autoprotect -e:
Unable to determine status of scanning daemon
*** This command may not function correctly or may be delayed
output of sudo /opt/Symantec/symantec_antivirus/sav info -a
Unable to determine status of scanning daemon
*** This command may not function correctly or may be delayed
Could not contact rtvscan - AutoProtect probably disabled
output of sudo /opt/Symantec/symantec_antivirus/sav manualscan -s /home/
Unable to query value MaxInput
Unable to determine status of scanning daemon
*** This command may not function correctly or may be delayed
When I do a ps aux the only Symantec entry listed is:
/opt/Symantec/symantec_antivirus/symcfgd -l info
I was able to copy the virus definitinos on the system and wehn I ran the definitions script it updated the definitions and exited with a success message.
I eventually need to get the autoprotect running, but in the near term I at least have to get a manual scan working so I can scan the EICAR file and make sure the installation is working. Can anyone point me toward a solution?
Thanks.