[Mimedefang] Virus Scanner messages
Stephane Lentz
Stephane.Lentz at ansf.alcatel.fr
Wed Jul 10 17:04:01 EDT 2002
Hi David,
the interesting pattern for Trend antivirus is : Found virus
For instance the amavis code to get the virusname based on
the vscan output is :
# Trend FileScanner/Linux
#
if ($vscan) {
do_log(2,"Using $vscan");
chop($output = `$vscan -a $TEMPDIR/parts/*`);
$errval = retcode($?);
do_log(2,$output);
if ($errval == 0) { # no errors, no viruses found
$scanner_errors = 0;
} elsif ($errval == 1 || $errval == 2) { # no errors, viruses
discovered
$scanner_errors = 0;
@virusname = ($output =~ /Found virus (.+) in/g);
@virusname = (undef) if !@virusname; # just in case: make list
nonnil
do_virus();
} else {
do_log(0,"Virus scanner failure: $vscan (error code: $errval)");
}
}
For the newest version you can update the interpret_trend_code function :
instead of
return ($code, 'virus', 'quarantine') if ( ($code == 2) || ($code == 1));
put :
return ($code, 'virus', 'quarantine') if ( ($code == 4) || ($code == 3) || ($code == 2) || ($code == 1) );
I encountered one case where the scanner returned 3 and another when it
was 4. I'm still waiting for a complete list of exit codes from Trend Micro.
If someone else use Trend products, request it (let's put some pressure ...).
regards,
Stéphane
On Wed, Jul 10, 2002 at 12:28:24PM -0400, David F. Skoll wrote:
> Hi,
>
> I really want to release 2.16 soon! So everyone who uses virus-scanners,
> please send me regular expressions which pick out interesting lines
> from the chatter of the scanner output.
>
> So far, I only have for H+BEDV AntiVir. Interesting lines match this
> expression: /!Virus!|>>>|VIRUS:/
>
> Regards,
>
> David.
---
Stephane Lentz / Alcanet International - Internet Services
More information about the MIMEDefang
mailing list