[Mimedefang] MIMEDefang 2.28-BETA-2 is available

Stephane Lentz Stephane.Lentz at ansf.alcatel.fr
Thu Dec 12 07:48:01 EST 2002

Hi David, 

On Tue, Dec 10, 2002 at 11:20:00AM -0500, David F. Skoll wrote:
> MIMEDefang 2.28-BETA-2 is available at:
> 	http://www.roaringpenguin.com/mimedefang/#download
> Changes since 2.27 are appended.  The biggest change in this beta is that
> filter_relay, filter_recipient or filter_sender can return a code of
> ACCEPT_AND_NO_MORE_FILTERING.  This means all MIMEDefang filtering is
> skipped for the remainder of the message.  If you never want to filter
> outgoing mail from or some other range of IP addresses, this can
> be a big performance improvement.

Would it possible to redesign the antivirus support in the next MIMEDefang
version (I mean 2.29) ? 
Current issues related to antivirus software are : 
- difficulty to add some new antivirus software support (reported by some users)
- detection of antivirus software at the configure level

These issues have been addressed recently nicely by Mark Martinec (amavisd-new
author) in the amavisd-new-20021116 release (available on

In the amavisd-new config file (amavisd.conf) antivirus 
software are defined through some @scanners variable. 

As written as comment the format is : 
# @av_scanners is a list of n-tuples, where fields semantics is:
#  1. av scanner plain name, to be used in log and reports;
#  2. scanner program name; this string will be submitted to subroutine
#     find_external_programs(), which will try to find the full program
#     path name; if program is not found, this scanner is disabled.
#     Besides a simple string (full program path name or just the basename
#     to be looked for in PATH), this may be an array ref of alternative
#     program names or full paths - the first match in the list will be used;
#     As a special case for more complex scanners, this field may be
#     a subroutine reference, and the whole n-tuple is passed to it as args.
#  3. command arguments to be given to the scanner program;
#     a substring {} will be replaced by the directory name to be scanned,
#     i.e. "$tempdir/parts"
#  4. a set of av scanner exit status values, or a regexp (to be matched
#     against scanner output), indicating NO VIRUSES found;
#  5. a set of av scanner exit status values, or a regexp (to be matched
#     against scanner output), indicating VIRUSES WERE FOUND;
#  6. a regexp (to be matched against scanner output), returning a list
#     of virus names found.
#  7. and 8.: (optional) subroutines to be executed before and after scanner
#     (e.g. to set environment or current directory);
#     see examples for these at KasperskyLab AVP and Sophos sweep.

It is for instance defined as : 
@av_scanners = (

  ['KasperskyLab AntiViral Toolkit Pro (AVP)', 'avp',
    "-* -P -B -Y -O- {}", [0,3], [4],
    qr/(?m)infected: (.+)/,
    sub {chdir('/some/avp/path') or die "Can't chdir to AVP: $!"},
    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},

  ['KasperskyLab AVPDaemonClient', 'avpdc',
    [], [0], [3,4,5,6], qr/(?m)infected: (.+)/ ],

  ['H+B EDV AntiVir', 'antivir',
    '-allfiles -noboot -s -z {}', [0], [1],
    qr/(?mx)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
         (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],

  ['Clam Antivirus', 'clamscan',
    '--stdout --disable-summary -r {}', [0], [1],
    qr/(?m)^.*?: (?!Infected Archive)(.*) FOUND$/ ],

  ['Command AntiVirus for Linux', 'csav',
    '-all -archive -packed {}', [50], [51,52,53],
    qr/(?m)Infection: (.+)/ ],

======== some definitions skipped for not overwhelming the readers :-) ====
  ['Trend Micro FileScanner', 'vscan',
    '-a {}/*', [0], qr/(?m)Found virus/, qr/(?m)Found virus (.+) in/ ],


What do you think of it ?
I alo think that both projects could benefit from having some similar way of 
defining antivirus software support ....


Stephane Lentz / Alcanet International - Internet Services

More information about the MIMEDefang mailing list