[Mimedefang] Trend Micro Filescanner/Interscan support

Anthony Giggins AGiggins at synergyit.com.au
Tue May 21 19:03:04 EDT 2002 

To use this you need to install Interscan for Linux right?

-----Original Message-----
From: Stephane Lentz [mailto:Stephane.Lentz at ansf.alcatel.fr] 
Sent: Tuesday, 21 May 2002 7:16 AM
To: mimedefang at lists.roaringpenguin.com
Subject: [Mimedefang] Trend Micro Filescanner/Interscan support

Hi David and other mimedefangers, 

I would like to help to add support for Trend Micro Interscan /
Filescanner (both come with the command scanner /etc/iscan/vscan).
The filescanner is free for personnal use and there is some
evaluation version for Interscan Viruswall which can be 
downloaded at http://www.antivirus.com/download (versions exist
for HP-UX, Linux, Solaris. There is some Milter version available
only for Solaris unfortunately which is called "Sendmail Edition"). 

I started some work to add support for this popular - at least 
in France - antivirus. This is yet alpha code (I need David's
advices on some issue and it's the first time I look at Mimedefang's
internals).

The vscan return codes are a bit tricky (information taken from
the Amavis README.scanners) :

<<
     0: no virus found
     1: virus found
     2: virus found

 I do not have a list of return codes. Consider three files a, b and c.
a and
 b are infected, c is not infected:
 /etc/iscan/vscan /tmp/test/a - return code: 1
 /etc/iscan/vscan -a /tmp/test/* - return code: 2
 /etc/iscan/vscan -a /tmp/test/ - return code: 0 (although two viruses
 were detected)

>>

David, I wonder if I should not use $Work/* instead of $Work in 
mimedefang.pl in the message_contains_virus_trend function, right ? 

I've attached unified diff for mimedefang-2.11 for the configure.in
and mimedefang.pl.in. 


PS : The redhat/sendmail.spec works for Mandrake 8.2 too. It can be 
improved by adding chkconfig comments.
Just one thing that puzzles me : the two directory tests :
if [ -d /var/spool/mimedefang & ! -d /var/spool/MIMEDefang ]; then
if [ -d /var/spool/quarantine & ! -d /var/spool/MD-Quarantine ]; then

shouldn't & be replaced by -a ? 

regards, 

Stephane
---
Stephane Lentz / Alcanet International - Internet Services

More information about the MIMEDefang mailing list