[Mimedefang] MD, Vexira, and ecrypted .zips

[Cormack, Ken]

Not being strong in perl -at all-, I'm wondering if the list can take a look
at the code below, from mimedefang.pl, and tell me what might be wrong.
We'd like to have MIMEDefang quarantine any encrypted .zip files, and the
Vexira antivirus that we run returns a zero return code when it encounters
such an archive, despite the "WARNING" message that it also prints.  Does
the list have any suggestions before I try this?  Thanks in advance!

sub interpret_vexira_code ($) {
    # Based on info from Nels Lindquist
    # Based on code from H+BEDV AntiVir
    my($code) = @_;

#    # OK
#    return ($code, 'ok', 'ok') if ($code == 0);

    # Check for encrypted zip files
    $VirusName = $1 if ($CurrentVirusScannerMessage =~ m/WARNING: archive
not completely scanned: contents encrypted/);
    $VirusName = "Encrypted-ZIP-file";

    # If 0 return code and no "WARNING", we're ok
    if ($code == 0 && $VirusName eq "") {
        return ($code, 'ok', 'ok');
    }

    # If 0 return code and a WARNING was found, quarantine the attachment
    if ($code == 0 && $VirusName eq "Encrypted-ZIP-File") {
        return ($code, 'encrypted', 'quarantine');
    }

    # Virus or virus in memory
    if ($code == 1 or $code == 2) {
        $VirusName = $1 if ($CurrentVirusScannerMessage =~ m/ALERT: \[(\S+)/
or
                            $CurrentVirusScannerMessage =~ /!Virus! \S+
(\S+)/ or
                            $CurrentVirusScannerMessage =~ m/VIRUS: file
contains code of the virus '(\S+)'/);
        $VirusName = "unknown-Vexira-virus" if $VirusName eq "";
        return ($code, 'virus', 'quarantine');
    }

    # All other codes should not happen
    return ($code, 'swerr', 'tempfail');
}

KEN