[Mimedefang] Virus Scanners

[Jason Englander]

On Wed, 10 Jul 2002, Adam Beatham wrote:

> So I have a couple of dumb questions.  What would be the best way to
> implement dual scanners within the same filter?

Everyone you ask would probably have a different answer for the 'best'
way (and I might have a different answer tomorrow <g>), but you'd just
have to call the scanner-specific function for each scanner and not do
a 'return ___' until the 2nd one runs.

One way would be to change message_contains_virus and
entity_contains_virus to look something like this:

sub message_contains_virus () {
    my ($code, $category, $action);
    ($code, $category, $action) = message_contains_virus_sophie()   if $Features{'Virus:SOPHIE'};
    ($code, $category, $action) = message_contains_virus_filescan() if $Features{'Virus:FileScan'} && $category ne 'virus';
    return ($code, $category, $action) if $category eq 'virus';
    return (wantarray ? (0, 'ok', 'ok') : 0);
}

That way if Sophie thinks it's infected, it won't be scanned with
File::Scan, and it won't return back until it scans it woth both of them.

> And just how does File::SCan work.. I actually use it on another system,
> just for minimal protection at this point.  but how does one update the
> signatures and what not?

The signatures are part of the perl module itself (download it and look
in /usr/lib/perl5/site_perl/5.6.1/File/Scan.pm or whatever it would be on
your system - you'll see...), so to update the signatures, you have to
update the perl module.  ie. download it from
http://cpan.perl.org/modules/by-module/File/ or the easy way (if you
have the CPAN module configured):

perl -MCPAN -e 'install File::Scan'

You could run that from cron (with > /dev/null 2>&1 at the end of it)
every night if you want to be really lazy. [ and that assumes that
there would never be _any_ problems updating it automatically.
See Murphy's Law. ]

  Jason

-- 
Jason Englander
jason at englanders.cc