Jump to content
Kaspersky Support Forum

KVRT ignores custom folder

Ph0nq

By Ph0nq
in Kaspersky Virus Removal Tool

 Share

Recommended Posts

Ph0nq

Ph0nq

Posted
Posted

Hi team,

I guess I'm facing the same (or a similar) issue as this guy. Whatever I feed into KVRT as custom folders, they're completely ignored. I've tried to run the commands suggested in the other post but they're not available in my webspace. (A 'uname -a' simply returns "Linux <FQDN> 4.18.0-477.13.1.lve.el7h.x86_64 #1 SMP Thu Jun 1 16:49:27 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux" and the ISP is not disclosing which distribution they're using...)

First of all, I had to install the tool as a regular user, I don't have root access nor a graphical display: 

-bash-4.2$ ./kvrt.run --allowuser --target /full_path_to/install_dir -- -silent -accepteula

It succeeded but contrary to the docs I can't start the tool thru 'kvrt.run': 

-bash-4.2$ ./kvrt.run -- -silent -accepteula -custom /full_path_to/my_dir/ -dontencrypt -details
It seems that it's non-graphical mode now (XDG_SESSION_TYPE = <>, XDG_CURRENT_DESKTOP = <>).
Please, run kvrt.run under root manually (use su or sudo) or add --allowuser to run under normal user.
-bash-4.2$ ./kvrt.run --allowuser -- -silent -accepteula -custom /full_path_to/my_dir/ -dontencrypt -details
Product will be runned under current user
Generated directory is </tmp/5aedbe490e94d02f2482798>
Temp root </tmp> mounted with noexec, aborting. Use --target argument.

So when I start the script instead, KVRT is running and scanning the system files but no custom directories. If I'm passing along only custom files it simply returns: 

-bash-4.2$ cd install_dir
-bash-4.2$ ./kvrt_runner.sh -accepteula -silent -customonly -custom ~/my_dir/ -dontencrypt -details -tracelevel DBG
=================================
Running kvrt with args <-accepteula -silent -customonly -custom /full_path_to/my_dir/ -dontencrypt -details -tracelevel DBG>
=================================
compver: 24.0.5.0 x86-64 (Jul  9 2024 17:36:48)
Product folder </full_path_to/KVRT2024_Data>
=================================
Scan is started
=================================
=================================
Scan is finished with results:
        Processed: 0
        Processing errors: 0
        Detected: 0
        Password protected: 0
        Corrupted: 0
=================================
=================================
kvrt exited with code <0>
=================================

What am I missing here? Thanks for any hints...

Yury N.

Yury N.

Posted
Posted (edited)
1 час назад, Ph0nq сказал:

First of all, I had to install the tool as a regular user, I don't have root access nor a graphical display: 

-bash-4.2$ ./kvrt.run --allowuser --target /full_path_to/install_dir -- -silent -accepteula

Hello.

It's not required. KVRT is a portable tool with integrated antivirus databases. You should run a scan immediately.

./kvrt.run --allowuser -- -accepteula -silent -customonly -custom ~/my_dir/

But it won't work on your system due "Temp root </tmp> mounted with noexec, aborting. Use --target argument." So you should run 

./kvrt.run --allowuser --target /full_path_to/temp_dir -- -accepteula -silent -customonly -custom /full_path_to/my_dir/

And delete "/full_path_to/temp_dir" folder yourself after every KVRT run. Also recommended use full path. So use "-custom /full_path_to/my_dir/".
 

1 час назад, Ph0nq сказал:

What am I missing here? Thanks for any hints...

Files exist in "/full_path_to/my_dir/"? My be "~/my_dir" resolved to other directory?

If files exist please provide traces. 
./kvrt.run --allowuser --target /full_path_to/temp_dir -- -accepteula -silent -customonly -custom /full_path_to/my_dir/ -trace

And provide "Traces" folder in "Product folder </full_path_to/KVRT2024_Data>".

Edited by Yury N.
  • Like 1
Ph0nq

Ph0nq

Posted
  • Author
Posted

Thank you Yuri.

Yes, the directory resolves correctly but I do see interesting entries in the trace file, like 

10:25:40.853    0x7f821984e700    INF    vrt: custom: Custom Scan for </var/www/vhosts/my_web_space/my_dir> is started
10:25:40.853    0x7f821984e700    INF    vrt: custom: Path </var/www/vhosts/my_web_space/my_dir> has FS magic <0xef53> and <0x3d6079ca> blocks
[...]
10:25:40.853    0x7f821984e700    INF    vrt: linux mp: Skip mount point </var/www/vhosts/system/my_web_space> due to type <Volume>
[...]
10:25:40.953    0x7f821984e700    ERR    vrt: custom: Exception caught at line 1004 =>  std::bad_cast
10:25:40.953    0x7f821984e700    INF    scan notify: Progress calculation is finished
10:25:40.953    0x7f821984e700    INF    vrt: automode: scan notify: Progress calculation is finished
10:25:40.953    0x7f821984e700    ERR    vrt: custom: Can't get files count with error 0x80000047
10:25:40.953    0x7f821984e700    ERR    vrt: avs: Scan was ended with error 0x80000047
10:25:40.953    0x7f821984e700    INF    vrt: avs: sl: All pended async tasks (0) has been done
10:25:40.953    0x7f821984e700    INF    vrt: avs: ksnq: Shutdown is requested for 0x7f82100021b0

Those "Skip mount point" entries show up for all sub dirs in my_dir, so in the end, nothing seems to be left to scan.

Where can I sent the whole trace file to?

Yury N.

Yury N.

Posted
Posted (edited)
55 минут назад, Ph0nq сказал:

Where can I sent the whole trace file to?

Upload to any file sharing server. Google drive for example. And provide link to me in private message.

Edited by Yury N.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...