[Mimedefang] Virus Scanner messages

[Nels Lindquist]

Hi there.

Since upgrading to the newest versions of H+BEDV Antivir, I've been 
running into some issues with the result messages.

First of all, they've changed the "-q" parameter to antivir so that 
*all* output is suppressed, rather than just the startup information.

In order to get some useful output from it, it's necessary to remove 
the "-q" parameter from the command line.  However, the resulting 
output is quite verbose.

I find it really annoying to get 26 lines of output for one infected 
file.  Having not used all of the other scanners, I don't know how 
verbose they are.  (NAI uvscan is pretty succinct).  Anyway, I don't 
know how generally applicable this would be, but I propose the 
following changes:

The run_virus_scanner subroutine should accept an (optional?) 
additional parameter, corresponding to a unique pattern on the output 
lines which contain virus information (hopefully this exists for each 
scanner).  For antivir, that would be "!Virus!"; for uvscan it would 
be "Found:".

Then we could do something like this (pcode):

sub run_virus_scanner ($cmd, $pat) {
    ....
    open (SCANNER, "$cmd |");
    while (<SCANNER>) {
        push (@msgs, $_);
    }
    my (@virs) = grep(/$pat/, @msgs);
    for (my $i = 0; $i < @virs; $i++) {
        $VirusScannerMessages .= @virs[$i];
    }
    ....
    return (...);
}

I've done an antivir-specific version of this for myself, but if 
other scanners are similarly verbose, it might make the warning 
messages more readable.

What do y'all think?

----
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.