[Mimedefang] multi AV scanners

[Royce Williams]

On 5/10/2004 10:26 PM, Stewart James wrote:

>>>Second, Looking at the log entries there is nothing that shows which
>>>scanner detected the virus. Now, this would be quite beneficial.
>>>Considering it would be cool to be able to do reports saying clam found
>>>100% - trend never found them (because clam is run before trend).
>>
>>Details of a mod for this are in the list archive - I know 'cos that's where 
>>I found this myself.
>>
> 
> I have spent a bit of time looking over the list archives and have not
> found a resolution to this. If anyone can point me in the direction I
> would be greatful.

I spent a good chunk of time trying to figure out what combination of
search strings would cough up the mod described above.  The closest that
I got was

http://lists.roaringpenguin.com/pipermail/mimedefang/2003-August/016283.html

This may be of help to you, depending on what way you'll be turning your
logs into reports.  Unfortunately, it doesn't solve my problem of wanting
to use the scanner as a variable name in mimedefang-filter (without having
to override the now perfectly usable fall-through version of
essage_contains_virus() included in mimedefang.pl.)

I'd love to be able to do this:

return action_bounce("Virus $VirusName found by $scanner - message from $RelayAddr rejected");

I'll keep looking.

-royce


-- 
------------------------------------------------------------------------
Royce D. Williams                                    IP Engineering, ACS
work: [first.last]@acsalaska.net                  PGP: 3FC087DB/1776A531
personal: [first]@alaska.net                 http://www.tycho.org/royce/