[Mimedefang] return values from message_contains_virus()

Tony Nugent tony at linuxworks.com.au
Fri Aug 30 03:19:00 EDT 2002 

  my($code, $category, $action) = message_contains_virus();

$action is set to one of: ok, quarantine or tempfail.  Am I right to
assume that it corresponds to the possible values of $category in
this manner?

	$action		$category
	=======		=========
	ok		ok
	quarantine	virus suspicious
	tempfail	not-installed cannot-execute interrupted swerr

(ie, $action is the general condition, $category is more specific.
If so, then it makes some scripting decisions a whole lot more
efficient to design :)

  (My filter was occasionally, rarely, generating errors that
  resulted from assuming that any "not ok" message always had a
  virus to find in at least one of its parts).

Exactly what constitutes a "suspicious" message (or part)?

Does calling action_tempfail() result in a positive response from
subsequent calls to message_rejected()?

Here's something for the scrapbook... this function creates a string
that specifies the currently installed version of the NAI virus
scanner.  I put it into the headers of (selected) messages that have
passed as ok, eg:

X-Virus-Scan: NAI Virus Scan for Linux v4.16.0 (engine v4.1.60) DAT v4220 created Aug 28 2002

sub get_nai_version () {
  my(@scanver) = grep(/^(Vi|Scan )/, `uvscan --noboot --version`));
  chomp(@scanver);
  my($uvscanver) = join(" ", at scanver);
  # $uvscanver looks like this:
  #   Virus Scan for Linux v4.16.0 Scan engine v4.1.60 for Linux. Virus data file v4220 created Aug 28 2002
  $uvscanver =~ s/^Vi.*x (v[^ ]*).*Scan engine (v[^ ]*).*Virus data file (v[^ ]*) created (.*)$/$1 $2 $3 $4/;
  my($vs,$se,$df,$dd) = ($1,$2,$3,$4);
  return "NAI Virus Scan for Linux $vs (engine $se) DAT $df created $dd\n";
}

I'm sure that the perl could be reworked in a much more elegant
fashion, but it works well enough.  I don't want to call it very
often...  I'd like to use it initially to set a global variable and
then have a way (eg, in filter_begin) to recheck for version changes
only on an irregular basis, say, once per day soon after I know that
a cron job has checked for and downloaded/installed any DAT updates.

Is there an easy way to trigger a function call based on a date or
timeout alarm?  (It doesn't need to interrupt anything, just flag
that the alarm/timeout has occurred when its status is next checked
and then reset in the filter).

  (yeah, I know, I'm asking lots of questions here lately... I'm
  trying to really streamline my filters and take advantage of some
  of the very cool new extra functionality introduced into defang
  over the past few months - and with it I am spinning some nice
  magic :)

Cheers
Tony

More information about the MIMEDefang mailing list