Avira Support Forum

I tried to scan several partitions but avia ofen hangs. One last message of avira is:

scan progress: file "/mnt/sda1/Programme/Gemeinsame Dateien/Microsoft Shared/Stationery/Hintergrund fÃŒr SÃŒÃ

and gkrellm shows no HDD activity, ps shows a constant CPU time for several days.
I see this problem on MS-Windows and Linux partitions.
What can i do to avoid hanging of avira?

Hi,
Please be more specific. When you use Rescue CD, this doesn't involves Windows as operating system.

Quoted from "Nicolae Moldoveanu"

Hi,
Please be more specific. When you use Rescue CD, this doesn't involves Windows as operating system.

I'm using Debian Lenny and the avira version from http://www.avira.com/de/download/.
I simply used

avscan -s

and avscan simply hangs, some minutes after the start.

Because top shows

Cpu0 : 0.5%us, 0.6%sy, 0.2%ni, 98.5%id, 0.2%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu1 : 0.6%us, 1.0%sy, 0.2%ni, 98.1%id, 0.2%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu2 : 0.6%us, 0.7%sy, 0.1%ni, 98.4%id, 0.1%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu3 : 0.5%us, 0.6%sy, 0.1%ni, 98.5%id, 0.3%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu4 : 0.4%us, 0.5%sy, 0.2%ni, 98.8%id, 0.2%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu5 : 1.1%us, 0.7%sy, 0.1%ni, 97.8%id, 0.2%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu6 : 0.5%us, 0.5%sy, 0.1%ni, 98.7%id, 0.1%wa, 0.0%hi, 0.0%si, 0.0%st
Cpu7 : 3.9%us, 10.8%sy, 0.2%ni, 84.2%id, 0.6%wa, 0.0%hi, 0.3%si, 0.0%st
Mem: 16538976k total, 15825056k used, 713920k free, 1600036k buffers
Swap: 1002052k total, 0k used, 1002052k free, 8344764k cached

not enough (ECC) memory or CPUs can't be the problem.
I also checked the log files but, the avira really hangs; after the hangup the are no entries.

Hi,
Please use "-v" and "--log-file" options (without quotes) to create a scan log.
Then post it here.

Quoted from "Nicolae Moldoveanu"

Hi,
Please use "-v" and "--log-file" options (without quotes) to create a scan log.
Then post it here.

Ok, after

/usr/lib/AntiVir/avupdate --product=Guard

and

avguard start

i used

avscan --scan-mode=all --detect-prefixes=alltypes -s --scan-in-archive=yes --scan-in-mbox=yes -v --log-file=/var/log/avscan/log`date +%y%U%T`.txt ./

and after some minutes the scan hangs with this output:

...
scan progress: 12073 files, -130412722 bytes file "/mnt/sda1/Programme/Gemeinsame Dateien/Microsoft Shared/Stationery/Hintergrund fÌr Schönwetter.jpg"
scan progress: 12074 files, -130411007 bytes file "/mnt/sda1/Programme/Gemeinsame Dateien/Microsoft Shared/Stationery/Hintergrund fÃŒr Sonnenblumen.jpg"
scan progress: 12075 files, -130410915 bytes file "/mnt/sda1/Programme/Gemeinsame Dateien/Microsoft Shared/Stationery/Hintergrund fÃŒr SÃŒÃ"

And this is the logfile content:

No protocol specified
X server not responding
: ":0.0"

I tested avscan with few files and it works, but a whole partition with thousends of files is too much for avscan.

Hi,
I can't see the link between X server and AnitVir. Could you please scan from a text console?

Quoted from "Nicolae Moldoveanu"

Hi,
I can't see the link between X server and AnitVir. Could you please scan from a text console?

The scan was from a text console.

I also tried

avscan -s -v --log-file=/var/log/avscan/log`date +%y%U%T`.txt ./

but see no change; the error can be reproduced.
Is there a limit of 12075 files or three minutes?


The logfile locks different today, no error message but a warning:

2009-10-24 10:13:58 4way avscan[9136]: AVGU: INFO Info: automatically excluding /sys/ from scan (special fs)
2009-10-24 10:13:58 4way avscan[9136]: AVGU: INFO Info: automatically excluding /proc/ from scan (special fs)
2009-10-24 10:13:58 4way avscan[9136]: AVGU: INFO Info: automatically excluding /home/quarantine/ from scan (quarantine)
2009-10-24 10:25:27 4way avscan[9136]: AVGU: ALERT AntiVir ALERT for file "/mnt/sda1/tmp/Windows Vista 64bit/Microsoft Windows Vista Sidebar Gadgets/Longhorn_Retro.gadget": Settings.html <<< HTML/Crypted.Gen ; virus ; Contains detection pattern of the HTML script virus HTML/Crypted.Gen

Hi,
This is very strange. Please tell us if the crash occurs at the same file or random.

Quoted from "Nicolae Moldoveanu"

Hi,
This is very strange. Please tell us if the crash occurs at the same file or random.

It's reproducable: The scan progress ends with the same message, the log file has the same content etc..
Today i've been waiting nearly 3 hours and the last change of the log file and scan progress output was 2,5 h ago (11 m after the start) and there is no actitivity anymore.

Hi,
Perhaps scan crashes so, the end message is the same. But it is important to find out if the crash occurs at the same file or random.

Quoted from "Nicolae Moldoveanu"

Hi,
Perhaps scan crashes so, the end message is the same. But it is important to find out if the crash occurs at the same file or random.

It's always at the same file, due to the output.
And there is no crash; avscan simply hangs. After killing via Ctrl-c the last log file line is

2009-10-26 22:25:54 4way avscan[29126]: AVGU: WARNING Warning: scan job incomplete

Hi,
How big is the file that causes the stall? I will try to reproduce your issue,

Quoted from "Nicolae Moldoveanu"

Hi,
How big is the file that causes the stall? I will try to reproduce your issue,

This ist the output of ls -ilaF:

44172 -rwxrwxrwx 2 root users 208845 2008-05-27 06:35:04 /mnt/sda1/tmp/Windows\ Vista\ 64bit/Microsoft\ Windows\ Vista\ Sidebar\ Gadgets/Longhorn_Retro.gadget*

and this from file:

/mnt/sda1/tmp/Windows Vista 64bit/Microsoft Windows Vista Sidebar Gadgets/Longhorn_Retro.gadget: Zip archive data, at least v2.0 to extract

sha1sum is:

60affcc327389af139238823f2dca3f1cc477042

Today i reproduced the hanging and

lsof | grep avscan

shows that the hanging avscan simply stopped scanning and does nothing:

avscan 24216 root cwd DIR 8,1 8192 5 /mnt/sda1
avscan 24216 root rtd DIR 7,0 4096 2 /
avscan 24216 root txt REG 7,0 1709721 13050509 /usr/lib/AntiVir/avscan
avscan 24216 root mem REG 7,0 42500 57407 /emul/ia32-linux/lib/libnss_files-2.9.so
avscan 24216 root mem REG 7,0 83704 57427 /emul/ia32-linux/lib/libnsl-2.9.so
avscan 24216 root mem REG 7,0 3055584 25576045 /usr/lib/locale/locale-archive
avscan 24216 root mem REG 7,0 1397124 57416 /emul/ia32-linux/lib/libc-2.9.so
avscan 24216 root mem REG 7,0 9676 57421 /emul/ia32-linux/lib/libdl-2.9.so
avscan 24216 root mem REG 7,0 145232 57413 /emul/ia32-linux/lib/libm-2.9.so
avscan 24216 root mem REG 7,0 38440 57426 /emul/ia32-linux/lib/libnss_nis-2.9.so
avscan 24216 root mem REG 7,0 30436 57424 /emul/ia32-linux/lib/libnss_compat-2.9.so
avscan 24216 root mem REG 7,0 129636 57415 /emul/ia32-linux/lib/ld-2.9.so
avscan 24216 root 0u CHR 136,3 0t0 5 /dev/pts/3
avscan 24216 root 1u CHR 136,3 0t0 5 /dev/pts/3
avscan 24216 root 2u CHR 136,3 0t0 5 /dev/pts/3
avscan 24216 root 3u unix 0xffff81043c8b2400 0t0 2798606 socket
avscan 24216 root 4u unix 0xffff81039db6e400 0t0 2798597 /var/run/avguard/ondemand-frontend-yABgGy
avscan 24216 root 9u unix 0xffff81045a9c7140 0t0 1968807 /tmp/ksocket-user0/kdeinit4__0
avscan 24216 root 10u unix 0xffff81043d5279c0 0t0 1968676 socket
avscan 24216 root 11u unix 0xffff81043d5279c0 0t0 1968676 socket
avscan 24216 root 12u unix 0xffff81043d5279c0 0t0 1968676 socket
avscan 24216 root 14u unix 0xffff81043d5279c0 0t0 1968676 socket
avscan 24216 root 15u unix 0xffff81043d5279c0 0t0 1968676 socket
avscan 24216 root 16u unix 0xffff81043d5279c0 0t0 1968676 socket
avscan 24216 root 18u unix 0xffff81043d5279c0 0t0 1968676 socket
avscan 24216 root 23u unix 0xffff81043d5279c0 0t0 1968676 socket

Hi,
Please do the following:
- post here the content of the following files:
/etc/fstab
/etc/avira/avguard.conf
- upload the following files using a service like rapidshare then post here the download link:
"/mnt/sda1/Programme/Gemeinsame Dateien/Microsoft Shared/Stationery/Hintergrund fÌr Schönwetter.jpg"
"/mnt/sda1/Programme/Gemeinsame Dateien/Microsoft Shared/Stationery/Hintergrund fÃŒr Sonnenblumen.jpg"
"/mnt/sda1/Programme/Gemeinsame Dateien/Microsoft Shared/Stationery/Hintergrund fÃŒr SÃŒÃ"

- post here the output of command:
uname -a, /lib/libc.so.6 | head -n1

fstab:

# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
/dev/sda4 / ext3 noatime,errors=remount-ro,loop=/dev/loop0,encryption=AES256,gpgkey=/etc/loopkeys/sda4.gpg 0 0
/dev/mapper/sda2_crypt none swap sw 0 0
/dev/fd0 /media/floppy auto auto 0 0
/dev/sda1 /mnt/sda1 ntfs-3g users,gid=users 0 0
...


The /etc/avira/avguard.conf is equal to the default (/etc/avira/avguard.conf.default).


uname -a:
Linux 4way 2.6.26-1-amd64 #1 SMP Sat Jan 10 17:57:00 UTC 2009 x86_64 GNU/Linux


/lib/libc.so.6 | head -n1:
GNU C Library stable release version 2.9, by Roland McGrath et al.


files:
https://sslsites.de/www.schutzfehler.de/tmp/files.zip

Hi,

please try to mount your NTFS partition like

/dev/sda1 /mnt/sda1 ntfs-3g users,gid=users,umask=0022,nls=utf8 0 0

via /etc/fstab and then give it a try again. Please post the result. Thanks!

Quoted from "Patrick Lichtner"

Hi,

please try to mount your NTFS partition like

/dev/sda1 /mnt/sda1 ntfs-3g users,gid=users,umask=0022,nls=utf8 0 0

via /etc/fstab and then give it a try again. Please post the result. Thanks!

I tried it, but not change.

Is there no chance to do a scan of a MS-Windows partition with avscan?