logging

Hamish Marson hamish at TRAVELLINGKIWI.COM
Thu Sep 12 18:32:50 IST 2002


Julian Field wrote:

> Ok, here are all the responses:
>
> *1. From <$1> To <$2> virus <$3>
>
> *Impossible to generically extract the name of the virus, so this
> would have to include the whole virus report.


Why do you say this? I run amavisd-new (Because I run postfix), and it
manages to extract the name of (ALL) the virii caught in a mail message.
And logs them.

Admittedly it's separate code for each virus engine. But then it's
separate code to call them anyway, because they're all differemt...


e.g. for NAI

#
# McAfee
#

if ($uvscan ne "") {
        $output = `$uvscan $uvscan_args $TEMPDIR/parts`;
        $errval = ($? >> 8);
        do_log(2,$output);
        if ($errval != 0) {
                if ($errval == $uvscan_exitcode) {
                        my $loutput = $output;
                        $loutput =~ s/Found: (.+) NOT a/Found the $1/g;
                        $loutput =~ s/Found the (.+) trojan/Found the $1
virus/g;
                        $loutput =~ s/Found virus or variant (.+) /Found
the $1 virus/g;
                        @virusname = ($loutput =~ /Found the (.+) virus/g);
                        do_virus($output);
         } else {
                        do_log(0,"Virus scanner failure: $uvscan (error
code: $errval)");
                }
        }
}



And @virusname holds the names of all the virii caught...


--

I don't suffer from Insanity...         | Linux User #16396
        I enjoy every minute of it...   |
                                        |
http://www.travellingkiwi.com/          |



More information about the MailScanner mailing list