[Mimedefang] multi AV scanners
Royce Williams
royce.williams at acsalaska.net
Tue May 11 20:14:26 EDT 2004
On 5/10/2004 10:26 PM, Stewart James wrote:
>>>Second, Looking at the log entries there is nothing that shows which
>>>scanner detected the virus. Now, this would be quite beneficial.
>>>Considering it would be cool to be able to do reports saying clam found
>>>100% - trend never found them (because clam is run before trend).
>>
>>Details of a mod for this are in the list archive - I know 'cos that's where
>>I found this myself.
>>
>
> I have spent a bit of time looking over the list archives and have not
> found a resolution to this. If anyone can point me in the direction I
> would be greatful.
I spent a good chunk of time trying to figure out what combination of
search strings would cough up the mod described above. The closest that
I got was
http://lists.roaringpenguin.com/pipermail/mimedefang/2003-August/016283.html
This may be of help to you, depending on what way you'll be turning your
logs into reports. Unfortunately, it doesn't solve my problem of wanting
to use the scanner as a variable name in mimedefang-filter (without having
to override the now perfectly usable fall-through version of
essage_contains_virus() included in mimedefang.pl.)
I'd love to be able to do this:
return action_bounce("Virus $VirusName found by $scanner - message from $RelayAddr rejected");
I'll keep looking.
-royce
--
------------------------------------------------------------------------
Royce D. Williams IP Engineering, ACS
work: [first.last]@acsalaska.net PGP: 3FC087DB/1776A531
personal: [first]@alaska.net http://www.tycho.org/royce/
More information about the MIMEDefang
mailing list