Endpoint Protection

Hi,

I am new to Red Hat and I just installed the Symantec Antivirus for Linux on the Red Hat Enterprise 6 platform.

I am able to start the symcfgd service. However I am not able to start the rtvscand service.

And whenever I type ./sav command, I always get this message

"Unable to determine status of scanning daemon.

*** This command may not function correctly or may be delayed

Could not contact rtvscan"

The implementation guide for the Symantec AntiVirus for Linux does not really provide any explaination of why the rtvscan is not starting.

Please help and provide any constructive advice. Thank you.

check this article to know the commands

https://www-secure.symantec.com/connect/articles/sav-linux-scanning-best-practices-somewhat-illustrated-guide

Hello,

You may be interested in these below Articles -

SAV for Linux Scanning Best Practices: A (Somewhat) Illustrated Guide

https://www-secure.symantec.com/connect/articles/sav-linux-scanning-best-practices-somewhat-illustrated-guide

SAV for Linux: A (Somewhat) Illustrated Guide Part 2

https://www-secure.symantec.com/connect/articles/sav-linux-somewhat-illustrated-guide-part-2

SAV for Linux: A (Somewhat) Illustrated Guide Part 3

https://www-secure.symantec.com/connect/articles/sav-linux-somewhat-illustrated-guide-part-3

SAV for Linux: A (Somewhat) Illustrated Guide Part 4: SAVFL Reporter

https://www-secure.symantec.com/connect/articles/sav-linux-somewhat-illustrated-guide-part-4-savfl-reporter

Hope that helps!!

Hi alphaguy,

Was the install successful?  Or did any errors appear durring install? 

Use ps -ef to check what Symantec processes are running. 

Hope this helps!

Mick

Hi all,

I have tried to build autoprotect kernel modules via this link: http://www.symantec.com/business/support/index?page=content&id=TECH132773

I have got the following error:

"
Kernel release is not set, build the kernel modules for the current kernel release(2.6.32-220.el6.x86_64)
Could not detect the file /home/SAVLINUX/ap-kernelmodule-1.0.10-26/include/linux/version.h.

Build was stopped due to error."

I installed the SAVFL on Red Hat Enterprise 6 (64-bit). I have read the readme files and RHEL 6 is not included in the list of supported kernels. The latest one is till RHEL 5.5. Does this mean that RHEL 6 is not supported?

Please advice. Thanks al for your help.

HI all,

i use ps -ef and only the symcfg process runs. the rtvscan is not able to run.

my kernel version is 2.6.32-220.el6.x86_64.

I look at the kernel requirements at this link: http://www.symantec.com/business/support/index?page=content&id=TECH101598,

hence can i conclude that my kernel version is not supported?

Hi alphaguy,

With the latest releases, SAVFL should run on RHEL 6.

SAV for Linux does not run on Red Hat Enterprise Linux 6.0
Article URL http://www.symantec.com/docs/TECH138546 
 

You will have to build your own AP module if you have SAVFL MR14, I believe. 2.6.32-220.el6.x86_64 was one of the kernels supported in MR13.

In the case of an unsupported kernel (see readme.txt included with SAV for Linux) you will have to re-compile the SAV AutoProtect kernel modules to get them loaded. Requires development tools and support files for your Linux release. For example:

Navigate to the extracted ap-kernelmodule folder and run the following commands:

./build.sh --kernel-dir /lib/modules/$(uname -r)/build

... (several build messages here, probably some warnings, hopefully no fatal errors, and finishing with message "Congratulations, build was successful!")

cp ./bin.ira/* /opt/Symantec/autoprotect/

/etc/init.d/autoprotect restart

/etc/init.d/rtvscand restart

For detailed instructions, see the README file provided in the ap-kernelmodule tar file.

Here is a similar connect thread:

https://www-secure.symantec.com/connect/forums/does-sep-client-package-which-comes-under-savfor-linux-folder-sep-121ru2-supports-rhel-5x-6x

Hi all,

thanks alot for all the constructive comments so far.

I am running RHEL server version 6.2.

I entered ./sav info -p and I got 1.0.10.26. Does this mean that the SAVFL version i am currently running is maintenance release version 10?

If I am currently running SAVFL MR10, does it mean that there are no pre-complied auto-protect kernel modules for RHEL version 6.2 and hence, I could not run auto-protect even if i tried building my own AP module?

HI,

I always get this error message when I tried to build my AP modules.

"Kernel release is not set, build the kernel modules for the current kernel release(2.6.32-220.el6.x86_64)"

Does this mean that I do not have the ap modules for my linux version and hence, there is no way of building the ap modules at all?

I am facing the exactly the same problem alphaguy posted.

Has it been solved?