[Mimedefang] Virus Scanner Output

Anthony Giggins agiggins at bigpond.net.au
Sat Jun 15 12:03:38 EDT 2002

I'm prolly posting this to the wrong people but here goes
Does anyone know how to make the vscan logs readable by the web
administration It appears to be in a completely different format. There
must be a log convertion utility somewhere? Has anyone come across this?
I've had a look and cant seem to locate this, my next step would be to
contact trend support.

-----Original Message-----
From: mimedefang-admin at lists.roaringpenguin.com
[mailto:mimedefang-admin at lists.roaringpenguin.com] On Behalf Of Stephane
Sent: Saturday, 15 June 2002 6:21 PM
To: mimedefang at lists.roaringpenguin.com
Subject: Re: [Mimedefang] Virus Scanner Output

On Sat, Jun 15, 2002 at 05:24:17PM +1000, Anthony Giggins wrote:
> Anyone looked into parsing the output of the virus scanner? I'm now
> testing Trend and the output from it is terrible compared to that of
> NAI scanner.

=> I plan to. 
> Can anyone supply some tips to push me in the right direction?

=> We should take some ideas/code from amavids-new which does 
the following work :
# Trend FileScanner/Linux

if ($vscan) {
    do_log(2,"Using $vscan");
    chop($output = `$vscan -a $TEMPDIR/parts/*`);
    $errval = retcode($?);
    if ($errval == 0) {         # no errors, no viruses found
        $scanner_errors = 0;
    } elsif ($errval == 1 || $errval == 2) { # no errors, viruses
        $scanner_errors = 0;
        @virusname = ($output =~ /Found virus (.+) in/g);
        return 1;  # 'true' indicates virus found and stops further
    } else {
        do_log(0,"Virus scanner failure: $vscan (error code: $errval)");


Basically as you can see it :
- tries to identify some Found virus lines to get the virus name
- uses some @virusname array since there may be several viruses
in the message.

You can start writing some code ....


Stephane Lentz / Alcanet International - Internet Services
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com

More information about the MIMEDefang mailing list