logging
Hamish Marson
hamish at TRAVELLINGKIWI.COM
Thu Sep 12 18:32:50 IST 2002
Julian Field wrote:
> Ok, here are all the responses:
>
> *1. From <$1> To <$2> virus <$3>
>
> *Impossible to generically extract the name of the virus, so this
> would have to include the whole virus report.
Why do you say this? I run amavisd-new (Because I run postfix), and it
manages to extract the name of (ALL) the virii caught in a mail message.
And logs them.
Admittedly it's separate code for each virus engine. But then it's
separate code to call them anyway, because they're all differemt...
e.g. for NAI
#
# McAfee
#
if ($uvscan ne "") {
$output = `$uvscan $uvscan_args $TEMPDIR/parts`;
$errval = ($? >> 8);
do_log(2,$output);
if ($errval != 0) {
if ($errval == $uvscan_exitcode) {
my $loutput = $output;
$loutput =~ s/Found: (.+) NOT a/Found the $1/g;
$loutput =~ s/Found the (.+) trojan/Found the $1
virus/g;
$loutput =~ s/Found virus or variant (.+) /Found
the $1 virus/g;
@virusname = ($loutput =~ /Found the (.+) virus/g);
do_virus($output);
} else {
do_log(0,"Virus scanner failure: $uvscan (error
code: $errval)");
}
}
}
And @virusname holds the names of all the virii caught...
--
I don't suffer from Insanity... | Linux User #16396
I enjoy every minute of it... |
|
http://www.travellingkiwi.com/ |
More information about the MailScanner
mailing list