Guide to building AutoProtect kernel modules for Symantec AntiVirus for Linux 1.0

Article:TECH132773  |  Created: 2010-01-27  |  Updated: 2013-12-18  |  Article URL http://www.symantec.com/docs/TECH132773
Article Type
Technical Solution


Issue



What needs to be installed in order to compile the AutoProtect kernel module for Symantec AntiVirus for Linux (SAVFL), and what steps need to be followed?

 


Solution



Technical Information
This guide assumes you already have the SAV and SAVAP packages installed on your system, and are needing to compile the kernel modules for your system to enable AutoProtect for a kernel version that is not supported by the pre-compiled modules. It is also assumed that you have the ap-kernelmodule file but have not uncompressed it yet. The ap-kernelmodule file is located in the downloaded SAVFL file (Example sav-linux-1.0.10-26.tar.gz).

 

Requirements

You must install gcc and the linux kernel source for the linux kernel you want to build the AutoProtect modules for. The table below contains what packages to install for your distribution in addition to the gcc package.

Distro Kernel Package to install Special Build Command
CentOS kernel-devel
Debian linux-headers-2.6-ARCH (see note) ./build.sh --kernel-dir /usr/src/linux-headers-$(uname -r)
Fedora kernel-devel ./build.sh --kernel-dir /usr/src/kernels/$(uname -r)
SuSE kernel-source ./build.sh --kernel-dir /lib/modules/$(uname -r)/build
Open Enterprise Server kernel-source  
Redhat (and other RHEL-based releases such a CentOS, Scientific Linux, et al)
kernel-devel ./build.sh --kernel-dir /lib/modules/$(uname -r)/build
see also TECH197524
Ubuntu <= 9.10 linux-source ./build.sh --kernel-dir /lib/modules/$(uname -r)
Ubuntu >= 10.04 linux-source ./build.sh --kernel-dir /usr/src/linux-headers-$(uname -r)
VMware ESX
NOTES:
When you use $(uname -r) in the build command, the kernel modules you build will be for the kernel you are currently running. ($(uname -r) is a variable that gets replaced by the currently running kernel version) If you are trying to build for a for a different kernel version, you will need to replace $(uname -r) with the version you want to build for. You will also need to ensure that you have the kernel source installed for the version you are trying to build for.

The packages listed in the table above will install the latest kernel source available from your repository. If you are not running the latest available kernel in your distribution, you will need to ensure that you download the same kernel source as the kernel you are running, and replace $(uname -r).

Debian:
Debian does not provide a generic linux-headers package. Instead, you must download the correct architecture type by specifying it when the linux-headers are downloaded. The packages available are (as of Debian 5.0.4)
linux-headers-2.6-486
linux-headers-2.6-686
linux-headers-2.6-686-bigmem
linux-headers-2.6-amd64
linux-headers-2.6-openvz-686
linux-headers-2.6-vserver-686
linux-headers-2.6-vserver-686-bigmem
linux-headers-2.6-xen-686

Ubuntu 10.10:
Installing linux-source on Ubuntu 10.10 appears to not installing the linux-headers as well. To remedy this, please also install the correct version of the Linux headers packages (eg. linux-headers-generic, linux-headers-generic-pae, linux-headers-server, linux-headers-virtual)

Building the modules
Note: The build will need to be done with root privileges. This guide was created using SAVFL 1.0.9, but should work with 1.0.8 and later.

  1. In the same directory as ap-kernelmodule-1.0.9-13.tar.gz, uncompress the file
    tar xvzf ap-kernelmodule-1.0.9-13.tar.gz
  2. Change into the uncompressed directory
    cd ap-kernelmodule-1.0.9-13
  3. Run the build command (if there is a special build command in the table above, use that)
    ./build.sh
  4. After the build completes, you should see "Congratulations, build was successful!", if you do not see this please review the output of the build command for any error messages. If the build was successful, continue.
     
  5. Change into the directory with the newly built AutoProtect kernel modules
    cd bin.ira
  6. Move the newly built AutoProtect kernel modules into the autoprotect directory
    mv * /opt/Symantec/autoprotect/
  7. Restart the autoprotect and rtvscand services
    /etc/init.d/autoprotect restart
    /etc/init.d/rtvscand restart
  8. Check that AutoProtect is enabled
    /opt/Symantec/symantec_antivirus/sav info -a

 




Legacy ID



2010052714284248


Article URL http://www.symantec.com/docs/TECH132773


Terms of use for this information are found in Legal Notices