Adding Virus Scanner names - WAS: RE: [Mimedefang] MIMEDefang 2.5 4 is Released

[Cormack, Ken]

Matthew.van.Eerde at hbinc.com Wrote:

> Feature Request: could you have have the various virus detection
> routines record which scanner caught the virus? This would be
> useful for purposes of evaluating scanner performance, and it
> can be very helpful in diagnosing false positives.

Here's what I do...


In mimedefang.pl, at or about line 34 (depending upon what version of
MIMEDefang you are using), add the variable "$VirusScanner" to the list of
variables, turning this...
	use vars qw($AddWarningsInline @StatusTags
Into this...
	use vars qw($AddWarningsInline @StatusTags $VirusScanner


Then in each "sub entity_contains_virus_*" and "sub
message_contains_virus_*", turn this...
	sub entity_contains_virus_clamd ($) {
Into this...
	sub entity_contains_virus_clamd ($) {
	    $VirusScanner = "CLAMD" ;

And this...
	sub message_contains_virus_clamd () {
Into this...
	sub message_contains_virus_clamd () {
	   $VirusScanner = "CLAMD" ;



Do the above for whichever scanners you use.

Then, in your mimedefang-filter, in sub filter_begin, look for the following
lines:

    if ($FoundVirus) {
        md_graphdefang_log('virus', $VirusName, $RelayAddr);

And add the following line immediately after those:

        md_graphdefang_log('scanner_name', $VirusScanner, $VirusName);



You will end up with log entries that look like this:

Nov  8 08:57:41 mail01 mimedefang.pl[5476]:
MDLOG,jA8DvZYn007582,scanner_name,CLAMD,HTML.Phishing.Bank-209,<ageadventure
@clust06-www02.powweb.com>,<munged at mydomain>,Verify Your Account Information