Adding Virus Scanner names - WAS: RE: [Mimedefang] MIMEDefang 2.5 4 is Released
Cormack, Ken
Ken.Cormack at roadway.com
Tue Nov 8 10:30:41 EST 2005
Matthew.van.Eerde at hbinc.com Wrote:
> Feature Request: could you have have the various virus detection
> routines record which scanner caught the virus? This would be
> useful for purposes of evaluating scanner performance, and it
> can be very helpful in diagnosing false positives.
Here's what I do...
In mimedefang.pl, at or about line 34 (depending upon what version of
MIMEDefang you are using), add the variable "$VirusScanner" to the list of
variables, turning this...
use vars qw($AddWarningsInline @StatusTags
Into this...
use vars qw($AddWarningsInline @StatusTags $VirusScanner
Then in each "sub entity_contains_virus_*" and "sub
message_contains_virus_*", turn this...
sub entity_contains_virus_clamd ($) {
Into this...
sub entity_contains_virus_clamd ($) {
$VirusScanner = "CLAMD" ;
And this...
sub message_contains_virus_clamd () {
Into this...
sub message_contains_virus_clamd () {
$VirusScanner = "CLAMD" ;
Do the above for whichever scanners you use.
Then, in your mimedefang-filter, in sub filter_begin, look for the following
lines:
if ($FoundVirus) {
md_graphdefang_log('virus', $VirusName, $RelayAddr);
And add the following line immediately after those:
md_graphdefang_log('scanner_name', $VirusScanner, $VirusName);
You will end up with log entries that look like this:
Nov 8 08:57:41 mail01 mimedefang.pl[5476]:
MDLOG,jA8DvZYn007582,scanner_name,CLAMD,HTML.Phishing.Bank-209,<ageadventure
@clust06-www02.powweb.com>,<munged at mydomain>,Verify Your Account Information
More information about the MIMEDefang
mailing list