[Mimedefang] password protected zip archives and virus checking

[Barry Byrne]

David:

I should have figured this one out myself. I'm using something like:

if ($VirusFound && entity_contains_virus_sophos($entity)) {
    action_notify_sender("Attachment '$fname' was deleted. blah blah");
    return action_quarantine($entity, "Attachment quarantined. blah blah");
    }

>From testing and reading the man page on sweep, sophos returns 0 if all is
OK and 3 if it finds a virus. It returns 2 for password protected files (or,
according to the man page, 'If  some  error  preventing  further  execution
is discovered').

So I guess testing for a return code of 2 and doing something appropriate
with the entity would be the way to go. On reflection though, I think I'll
leave it as is, especially given sweep's vague reasons for returning 2! I
guess if I was really bothered, I could parse the output from sweep for
complaints about passwords!

Thanks for you help.

Cheers,

Barry


> -----Original Message-----
> From: mimedefang-admin at lists.roaringpenguin.com
> [mailto:mimedefang-admin at lists.roaringpenguin.com]On Behalf Of David F.
> Skoll
> Sent: 04 March 2002 16:53
> To: mimedefang at lists.roaringpenguin.com
> Subject: Re: [Mimedefang] password protected zip archives and virus
> checking
>
>
> On Mon, 4 Mar 2002, Barry Byrne wrote:
>
> > Using sophos to scan for viruses, password protected zip files
> get flagged
> > as viruses. The warning in the mail/quarantine report looks like:
>
> Doesn't sophos return a different return code for password-protected
> files than for non-password-protected files?  How are you calling
> the entity_contains_virus_sophos() routine?
>
> If it turns out that Sophos returns the same code for password-protected
> files as for viruses, then we're SOL...
>
> Regards,
>
> David.
>
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>