4.54.4

Julian Field MailScanner at ecs.soton.ac.uk
Tue May 23 11:06:34 UTC 2006 

On 23 May 2006, at 11:10, Steve Freegard wrote:

> Hi Jules,
>
> 4.54.4 is working fine here for the last 30 minutes or so, can also  
> confirm
> that the change made for batch logging works fine.
>
> New feature request:
>
> Historically MailWatch 1.0 used to use regexps to parse the reports  
> for
> virus names, this wasn't particularly optimal and broke completely  
> when the
> 'Virus Scanners = auto' functionality came out as MailWatch reads
> MailScanner.conf to work out which virus scanners were installed and
> therefore which regexp to use to parse the reports.

See below.
You can also find out easily by running a MailScanner --lint and  
parsing the output of that.

>
> I'm getting quite close to releasing an alpha version of MailWatch  
> 2.0,
> hopefully in the coming weeks (not months...), but I don't have any  
> virus
> reporting in the current version as I would like to change how this is
> reported.
>
> I would like to propose to move the virus name regexps into  
> MailScanner
> itself as part of the scanner definitions e.g. something like:
>
> my %Scanners = (
>  sophossavi => {
>   ....
>   VirusRegexp => /INFECTED::\s(\S+)/
>   ....
> }

What happens when the regexp needs to use a ( ) before the one  
containing the virus name?

>
> Then store the virus names are a hash of hashes based on the safe  
> filename
> and the virus scanner name, something like:
>
> %safefile = ("filename" => {'sophossavi'  => 'W32/Mytob-HW'},
>                            {'bitdefender' => '...'})
>
> Storing it this way would then make it easy to spot when one  
> scanner engine
> misses a virus compared to another (this event could also be logged to
> syslog also for those not using MailWatch) and makes it easy to see  
> the
> names given to corresponding viruses from each vendor.

Eek. This is actually going to involve some work isn't it :(

Auto-detecting the virus scanners is pretty easy, you can look how  
MailScanner does it, it's not hard.

> I have a collection of regexps for a lot of scanners already, but  
> would be
> happy to get demos/trials of each scanner to test this against so  
> we have a
> complete set for each supported scanner (plus I can test each  
> scanner and
> publish the results).

I have copies for most of the major scanners, but in each case I have  
promised never to pass them on to anyone.

>
> What do you think?
>
> Kind regards,
> Steve.
>
>> -----Original Message-----
>> From: mailscanner-beta-bounces at lists.mailscanner.info
>> [mailto:mailscanner-beta-bounces at lists.mailscanner.info] On
>> Behalf Of Julian Field
>> Sent: 23 May 2006 09:09
>> To: MailScanner Beta-testers
>> Subject: 4.54.4
>>
>> I have just released 4.54.4 for you. As far as I am aware at
>> the moment, you shouldn't have any known problems with this release.
>> Please confirm this works okay for you.
>> Those on non-Linux platforms, if you have time please can you
>> make sure the installation process is documented on the Wiki
>> (Solaris 10 especially!).
>>
>> Many thanks folks!
>> Jules.
>> --
>> Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store PGP
>> footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>> MailScanner thanks transtec Computers for their support.
>>
>> -- 
>> MailScanner-Beta mailing list
>> mailscanner-beta at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner-beta
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
> -- 
> MailScanner-Beta mailing list
> mailscanner-beta at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner-beta
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

More information about the MailScanner-Beta mailing list