[Mimedefang] Problem scanning multiple attachments with Kaspersky Anti-Virus for Linux Workstation 5.0.2.0

[Cahya Wirawan]

On Thu, Apr 01, 2004 at 09:29:04PM -0500, David F. Skoll wrote:
> On Fri, 2 Apr 2004, Ernst-Paul ten Brinke wrote:
> 
> > Let's say you send a message with an attachment a.zip en b.zip and a.zip
> > contains a virus and b.zip not.
> 
> > Calling aveclient with multiple files or in this case with a * returns only
> > the scan return code of the last MIME part scanned.
> 
> Wow.  aveclient is badly broken, then; I recommend switching to a different
> virus scanner.  Otherwise, you'll have to call entity_contains_virus
> for each part, and that's a waste of time.

Hi David, what is the intention to scan all files in the $CWD/Work 
directory including the original email INPUTMBOX? I see it in
mimedefang.pl :
  sub message_contains_virus_avp5 () {
  ...
  my($code, $category, $action) =
  run_virus_scanner($Features{'Virus:AVP5'} . " -s -p /var/run/aveserver
    $CWD/Work/* 2>&1","INFECTED");
  ...
  }

because for kaspersky it is enough only to scan INPUTMBOX , and it is
not necessary to scan again each part of the email. 
And this makes also problem for mimedefang because if we scan all
files in Work directory, kaspersky 5 will return error code for the latest
file it scanned. 
Also if I change the code above to:
  run_virus_scanner($Features{'Virus:AVP5'} . " -s -p /var/run/aveserver
    $CWD/Work/INPUTMBOX 2>&1","INFECTED");
mimedefang with kasperky will recognize correctly an email with multiple
attachments, no matter in which order the attachment is.

regards,
cahya.