[Mimedefang] MD, Vexira, and ecrypted .zips
Cormack, Ken
kcormack at acs.roadway.com
Tue Mar 2 08:24:21 EST 2004
Not being strong in perl -at all-, I'm wondering if the list can take a look
at the code below, from mimedefang.pl, and tell me what might be wrong.
We'd like to have MIMEDefang quarantine any encrypted .zip files, and the
Vexira antivirus that we run returns a zero return code when it encounters
such an archive, despite the "WARNING" message that it also prints. Does
the list have any suggestions before I try this? Thanks in advance!
sub interpret_vexira_code ($) {
# Based on info from Nels Lindquist
# Based on code from H+BEDV AntiVir
my($code) = @_;
# # OK
# return ($code, 'ok', 'ok') if ($code == 0);
# Check for encrypted zip files
$VirusName = $1 if ($CurrentVirusScannerMessage =~ m/WARNING: archive
not completely scanned: contents encrypted/);
$VirusName = "Encrypted-ZIP-file";
# If 0 return code and no "WARNING", we're ok
if ($code == 0 && $VirusName eq "") {
return ($code, 'ok', 'ok');
}
# If 0 return code and a WARNING was found, quarantine the attachment
if ($code == 0 && $VirusName eq "Encrypted-ZIP-File") {
return ($code, 'encrypted', 'quarantine');
}
# Virus or virus in memory
if ($code == 1 or $code == 2) {
$VirusName = $1 if ($CurrentVirusScannerMessage =~ m/ALERT: \[(\S+)/
or
$CurrentVirusScannerMessage =~ /!Virus! \S+
(\S+)/ or
$CurrentVirusScannerMessage =~ m/VIRUS: file
contains code of the virus '(\S+)'/);
$VirusName = "unknown-Vexira-virus" if $VirusName eq "";
return ($code, 'virus', 'quarantine');
}
# All other codes should not happen
return ($code, 'swerr', 'tempfail');
}
KEN
More information about the MIMEDefang
mailing list