[Mimedefang] File::Scan
Jason Englander
jason at englanders.cc
Thu Mar 20 11:15:01 EST 2003
On Thu, 20 Mar 2003, alan premselaar wrote:
> So, finding any decent kind of documentation explaining what viruses and
> how File::Scan detects them has been fruitless... I know this isn't
> specifically related to MIMEDEfang, but i thought i'd ask anyways.
File::Scan is a perl module. The virus signatures are _in_ the perl
module. On my system it's here:
/usr/local/lib/perl5/site_perl/5.8.0/File/Scan.pm
open up that file. You'll see parts in there that look like this:
/\x0d\x0a\x2e\x0d\x0a...
those are the signatures.
To see what viruses it detects, go into the File::Scan source directory
(if you used CPAN that would be /root/.cpan/build/File-Scan-0.44) and do
this:
cat files/signatures.txt | cut -d':' -f5 | sort | less
If you don't have the source anywhere, try this:
cat /usr/lib/perl5/site_perl/5.8.0/File/Scan.pm | grep "\$virus = \"" | \
cut -d'"' -f2 | grep -v "^$" | sort | less
> i'm using MIMEDefang 2.30 / File::Scan v0.44 / Spamassassin 2.50 / Sendmail
> 8.12.8 and i've noticed a few files that are returning as having found a
> virus, but the virusname is empty.
What are you checking after File::Scan scans? $category eq "suspicious",
$category eq "virus", ?
Jason
--
Jason Englander <jason at englanders.cc>
394F 7E02 C105 7268 777A 3F5A 0AC0 C618 0675 80CA
More information about the MIMEDefang
mailing list