[Mimedefang] Problem scanning multiple attachments with Kaspersky Anti-Virus for Linux Workstation 5.0.2.0
Cahya Wirawan
cwirawan at email.archlab.tuwien.ac.at
Wed Apr 21 18:08:28 EDT 2004
On Thu, Apr 01, 2004 at 09:29:04PM -0500, David F. Skoll wrote:
> On Fri, 2 Apr 2004, Ernst-Paul ten Brinke wrote:
>
> > Let's say you send a message with an attachment a.zip en b.zip and a.zip
> > contains a virus and b.zip not.
>
> > Calling aveclient with multiple files or in this case with a * returns only
> > the scan return code of the last MIME part scanned.
>
> Wow. aveclient is badly broken, then; I recommend switching to a different
> virus scanner. Otherwise, you'll have to call entity_contains_virus
> for each part, and that's a waste of time.
Hi David, what is the intention to scan all files in the $CWD/Work
directory including the original email INPUTMBOX? I see it in
mimedefang.pl :
sub message_contains_virus_avp5 () {
...
my($code, $category, $action) =
run_virus_scanner($Features{'Virus:AVP5'} . " -s -p /var/run/aveserver
$CWD/Work/* 2>&1","INFECTED");
...
}
because for kaspersky it is enough only to scan INPUTMBOX , and it is
not necessary to scan again each part of the email.
And this makes also problem for mimedefang because if we scan all
files in Work directory, kaspersky 5 will return error code for the latest
file it scanned.
Also if I change the code above to:
run_virus_scanner($Features{'Virus:AVP5'} . " -s -p /var/run/aveserver
$CWD/Work/INPUTMBOX 2>&1","INFECTED");
mimedefang with kasperky will recognize correctly an email with multiple
attachments, no matter in which order the attachment is.
regards,
cahya.
More information about the MIMEDefang
mailing list