[Mimedefang] Virus Scanner Output
Anthony Giggins
agiggins at bigpond.net.au
Sat Jun 15 12:03:38 EDT 2002
I'm prolly posting this to the wrong people but here goes
Does anyone know how to make the vscan logs readable by the web
administration It appears to be in a completely different format. There
must be a log convertion utility somewhere? Has anyone come across this?
I've had a look and cant seem to locate this, my next step would be to
contact trend support.
-----Original Message-----
From: mimedefang-admin at lists.roaringpenguin.com
[mailto:mimedefang-admin at lists.roaringpenguin.com] On Behalf Of Stephane
Lentz
Sent: Saturday, 15 June 2002 6:21 PM
To: mimedefang at lists.roaringpenguin.com
Subject: Re: [Mimedefang] Virus Scanner Output
On Sat, Jun 15, 2002 at 05:24:17PM +1000, Anthony Giggins wrote:
> Anyone looked into parsing the output of the virus scanner? I'm now
> testing Trend and the output from it is terrible compared to that of
the
> NAI scanner.
=> I plan to.
> Can anyone supply some tips to push me in the right direction?
=> We should take some ideas/code from amavids-new which does
the following work :
<<
# Trend FileScanner/Linux
#
if ($vscan) {
do_log(2,"Using $vscan");
chop($output = `$vscan -a $TEMPDIR/parts/*`);
$errval = retcode($?);
do_log(2,$output);
if ($errval == 0) { # no errors, no viruses found
$scanner_errors = 0;
} elsif ($errval == 1 || $errval == 2) { # no errors, viruses
discovered
$scanner_errors = 0;
@virusname = ($output =~ /Found virus (.+) in/g);
return 1; # 'true' indicates virus found and stops further
checking
} else {
do_log(0,"Virus scanner failure: $vscan (error code: $errval)");
}
}
>>
Basically as you can see it :
- tries to identify some Found virus lines to get the virus name
- uses some @virusname array since there may be several viruses
in the message.
You can start writing some code ....
regards,
SL/
---
Stephane Lentz / Alcanet International - Internet Services
_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list