[Mimedefang] Virus Scanners

Steffen Kaiser skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Thu Jul 11 04:31:01 EDT 2002 

On Wed, 10 Jul 2002, Stephane Lentz wrote:
> On Wed, Jul 10, 2002 at 01:38:23PM -0400, Adam Beatham wrote:
> > ...
> > So I have a couple of dumb questions.  What would be the best way to
> > implement dual scanners within the same filter?
>
> => this may be Off Topic but you could use another antivirus configured
> as a second Milter filter too.

Maybe I misunderstood the question, but why not call two or more virus
scanners sequentially, e.g.:

The usual example looks like so:
# Scan the message with the first virus scanner found
sub message_contains_virus () {
 return message_contains_virus_avp()      if ($Features{'Virus:AVP'});
 return message_contains_virus_fprot()    if ($Features{'Virus:FPROT'});
 return message_contains_virus_fsav()     if ($Features{'Virus:FSAV'});
 return message_contains_virus_hbedv()    if ($Features{'Virus:HBEDV'});
 return message_contains_virus_nai()      if ($Features{'Virus:NAI'});
 return message_contains_virus_rav()      if ($Features{'Virus:RAV'});
 return message_contains_virus_sophie()   if ($Features{'Virus:SOPHIE'});
 return message_contains_virus_sophos()   if ($Features{'Virus:SOPHOS'});
 return message_contains_virus_trend()    if ($Features{'Virus:TREND'});
 return message_contains_virus_filescan() if ($Features{'Virus:FileScan'});
 return (wantarray ? (0, 'ok', 'ok') : 0);
}


But you can run all installed ones:
# Try the message with all scanners until a virus is found
sub message_contains_virus () {
 my @res = (0, 'ok', 'ok');	# default return values

 $Features{'Virus:AVP'} && (@res = message_contains_virus_avp())[0]
  or $Features{'Virus:FPROT'} && (@res = message_contains_virus_fprot())[0]
  or $Features{'Virus:FSAV'} && (@res = message_contains_virus_fsav())[0]
  or $Features{'Virus:HBEDV'} && (@res = message_contains_virus_hbedv())[0]
  or $Features{'Virus:NAI'} && (@res = message_contains_virus_nai())[0]
  or $Features{'Virus:RAV'} && (@res = message_contains_virus_rav())[0]
  or $Features{'Virus:SOPHIE'} && (@res = message_contains_virus_sophie())[0]
  or $Features{'Virus:SOPHOS'} && (@res = message_contains_virus_sophos())[0]
  or $Features{'Virus:TREND'} && (@res = message_contains_virus_trend())[0]
  or $Features{'Virus:FileScan'} && (@res = message_contains_virus_filescan())[0]
 ;

 return (wantarray ? @res: $res[0]);
}

Maybe the test ($res[0] != 0 => return) is too loose and one should use the
same as when one calls &message_contains_virus, e.g.:
$res[1] eq 'virus' ==> return @res, so you don't return on failures,
but when a virus was found only.

Umm, as FileScan is that little overhead, like you said, one should
consider to place it first in the line, in order to avoid unnecessary
shell-outs.

Bye,

-- 

Steffen Kaiser

More information about the MIMEDefang mailing list