[Mimedefang] Reporting Encrypted-ZIP-files w/ vexira
Cormack, Ken
kcormack at acs.roadway.com
Thu Mar 11 12:35:03 EST 2004
Group,
I'd like to have encrypted zip files logged as such, rather than have them
logged as "unknown-Vexira-virus".
In my mimedefang.pl, I use the following commandline parameters for Vexira.
--allfiles --alltypes --warnings-as-alerts -z -rs
Running that commandline against my test zip, I use the following:
vexira --allfiles --alltypes --warnings-as-alerts -z -rs
testfile.zip
This generates the output below. I'd like to be able to key on the words
"contents encrypted" and report the file as "Encrypted-ZIP-file", rather
than "unknown-Vexira-virus". The change would need to go in sub
interpret_vexira_code ($), but I'm not sure of the syntax needed. My
attempt shown commented below, doesnt work. Any ideas?
sub interpret_vexira_code ($) {
# Based on info from Nels Lindquist
# Based on code from H+BEDV AntiVir
my($code) = @_;
# OK
return ($code, 'ok', 'ok') if ($code == 0);
# Virus or virus in memory
if ($code == 1 or $code == 2) {
$VirusName = $1 if ($CurrentVirusScannerMessage =~ m/ALERT: \[(\S+)/
or
$CurrentVirusScannerMessage =~ /!Virus! \S+
(\S+)/ or
$CurrentVirusScannerMessage =~ m/VIRUS: file
contains code of the virus '(\S+)'/);
# $VirusName = "Encrypted-ZIP-file" if ($$CurrentVirusScannerMessage
=~ m/contents encrypted/);
$VirusName = "unknown-Vexira-virus" if $VirusName eq "";
return ($code, 'virus', 'quarantine');
}
# All other codes should not happen
return ($code, 'swerr', 'tempfail');
}
Here's the output from Vexira, that I'm trying to key off of.
Vexira Antivirus / Linux Version 2.2.0-9
Copyright (C) 2002-2004 Central Command, Inc. and/or its suppliers.
Portions copyright (C) 1996-2004 H+BEDV Datentechnik GmbH.
All rights reserved.
Loading /usr/lib/Vexira/vexira.vdf ...
VDF version: 6.24.0.51 created 11 Mar 2004
Vexira Antivirus license: 2003000000 for ACS, Inc. Procurement Division PO
8442805
WARNING: testfile.zip archive not completely scanned: contents encrypted
----- scan results -----
directories: 0
files: 1
alerts: 0
warnings: 1
scan time: 00:00:01
------------------------
Thank you for using Vexira Antivirus!
KEN CORMACK, RHCE
Sr. UNIX Systems Analyst,
Open Systems Group
Sr. Software Analyst,
TSG Midrange Systems Group
AFFILIATED COMPUTER SERVICES, INC.
More information about the MIMEDefang
mailing list