[Mimedefang] Virus Scanner messages
Nels Lindquist
nlindq at maei.ca
Fri Jul 5 17:30:00 EDT 2002
Hi there.
Since upgrading to the newest versions of H+BEDV Antivir, I've been
running into some issues with the result messages.
First of all, they've changed the "-q" parameter to antivir so that
*all* output is suppressed, rather than just the startup information.
In order to get some useful output from it, it's necessary to remove
the "-q" parameter from the command line. However, the resulting
output is quite verbose.
I find it really annoying to get 26 lines of output for one infected
file. Having not used all of the other scanners, I don't know how
verbose they are. (NAI uvscan is pretty succinct). Anyway, I don't
know how generally applicable this would be, but I propose the
following changes:
The run_virus_scanner subroutine should accept an (optional?)
additional parameter, corresponding to a unique pattern on the output
lines which contain virus information (hopefully this exists for each
scanner). For antivir, that would be "!Virus!"; for uvscan it would
be "Found:".
Then we could do something like this (pcode):
sub run_virus_scanner ($cmd, $pat) {
....
open (SCANNER, "$cmd |");
while (<SCANNER>) {
push (@msgs, $_);
}
my (@virs) = grep(/$pat/, @msgs);
for (my $i = 0; $i < @virs; $i++) {
$VirusScannerMessages .= @virs[$i];
}
....
return (...);
}
I've done an antivir-specific version of this for myself, but if
other scanners are similarly verbose, it might make the warning
messages more readable.
What do y'all think?
----
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.
More information about the MIMEDefang
mailing list