CVS doesn't expect you to use interaction in these scripts. There are several reasons the developers didn't include interaction, one of which is that some remote access methods just don't allow it. This is explained on page 163 of 'Essential CVS', and is also somewhere in 'info cvs' but I can't find it there right now.
You may find that verifymsg is more useful to you when checking whether the user has written a proper log file entry. If you combine that with the 'ReReadLogAfterVerify' option in the CVSROOT/config file, your script can change the log message that CVS stores.
If there is simply not enough information in the log file, you can refuse to allow the commit to proceed.