[Mimedefang] MIMEDefang 2.28-BETA-2 is available
Stephane Lentz
Stephane.Lentz at ansf.alcatel.fr
Thu Dec 12 07:48:01 EST 2002
Hi David,
On Tue, Dec 10, 2002 at 11:20:00AM -0500, David F. Skoll wrote:
> MIMEDefang 2.28-BETA-2 is available at:
>
> http://www.roaringpenguin.com/mimedefang/#download
>
> Changes since 2.27 are appended. The biggest change in this beta is that
> filter_relay, filter_recipient or filter_sender can return a code of
> ACCEPT_AND_NO_MORE_FILTERING. This means all MIMEDefang filtering is
> skipped for the remainder of the message. If you never want to filter
> outgoing mail from 127.0.0.1 or some other range of IP addresses, this can
> be a big performance improvement.
Would it possible to redesign the antivirus support in the next MIMEDefang
version (I mean 2.29) ?
Current issues related to antivirus software are :
- difficulty to add some new antivirus software support (reported by some users)
- detection of antivirus software at the configure level
These issues have been addressed recently nicely by Mark Martinec (amavisd-new
author) in the amavisd-new-20021116 release (available on
http://www.ijs.si/software/amavisd/)
In the amavisd-new config file (amavisd.conf) antivirus
software are defined through some @scanners variable.
As written as comment the format is :
# @av_scanners is a list of n-tuples, where fields semantics is:
# 1. av scanner plain name, to be used in log and reports;
# 2. scanner program name; this string will be submitted to subroutine
# find_external_programs(), which will try to find the full program
# path name; if program is not found, this scanner is disabled.
# Besides a simple string (full program path name or just the basename
# to be looked for in PATH), this may be an array ref of alternative
# program names or full paths - the first match in the list will be used;
# As a special case for more complex scanners, this field may be
# a subroutine reference, and the whole n-tuple is passed to it as args.
# 3. command arguments to be given to the scanner program;
# a substring {} will be replaced by the directory name to be scanned,
# i.e. "$tempdir/parts"
# 4. a set of av scanner exit status values, or a regexp (to be matched
# against scanner output), indicating NO VIRUSES found;
# 5. a set of av scanner exit status values, or a regexp (to be matched
# against scanner output), indicating VIRUSES WERE FOUND;
# 6. a regexp (to be matched against scanner output), returning a list
# of virus names found.
# 7. and 8.: (optional) subroutines to be executed before and after scanner
# (e.g. to set environment or current directory);
# see examples for these at KasperskyLab AVP and Sophos sweep.
It is for instance defined as :
@av_scanners = (
['KasperskyLab AntiViral Toolkit Pro (AVP)', 'avp',
"-* -P -B -Y -O- {}", [0,3], [4],
qr/(?m)infected: (.+)/,
sub {chdir('/some/avp/path') or die "Can't chdir to AVP: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
],
['KasperskyLab AVPDaemonClient', 'avpdc',
[], [0], [3,4,5,6], qr/(?m)infected: (.+)/ ],
['H+B EDV AntiVir', 'antivir',
'-allfiles -noboot -s -z {}', [0], [1],
qr/(?mx)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
(?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
['Clam Antivirus', 'clamscan',
'--stdout --disable-summary -r {}', [0], [1],
qr/(?m)^.*?: (?!Infected Archive)(.*) FOUND$/ ],
['Command AntiVirus for Linux', 'csav',
'-all -archive -packed {}', [50], [51,52,53],
qr/(?m)Infection: (.+)/ ],
======== some definitions skipped for not overwhelming the readers :-) ====
['Trend Micro FileScanner', 'vscan',
'-a {}/*', [0], qr/(?m)Found virus/, qr/(?m)Found virus (.+) in/ ],
);
What do you think of it ?
I alo think that both projects could benefit from having some similar way of
defining antivirus software support ....
Regards,
SL/
---
Stephane Lentz / Alcanet International - Internet Services
More information about the MIMEDefang
mailing list