SweepViruses.pm: minor patch to 4.29.7, for 4.30

Jeff A. Earickson jaearick at COLBY.EDU
Thu Apr 29 15:32:17 IST 2004 

Julian,

Attached is a minor "diff -c" patch to /lib/MailScanner/SweepViruses.pm.
The purpose of the patch is to change the syslog output for ClamAVmodule
and SophosSAVI from:

MailScanner[29668]: INFECTED:: W32/Bagle-AA:: (pathname)
MailScanner[29668]: INFECTED:: Worm.Bagle.Z:: (pathname)

to:

MailScanner[24988]: INFECTED::SophosSAVI:: W32/Bagle-AA:: (pathname)
MailScanner[24988]: INFECTED::ClamAVModule:: Worm.Bagle.Z:: (pathname)

I would like to know which anti-virus engine caused the syslog, since
I have perl scripts that track this stuff on a daily basis and
different engines call the same virus by different names.

Could this be rolled into the 4.30 version?

This may also be applicable to other anti-virus engine logging that
doesn't operate by way of perl APIs (I don't use any, so can't test).

Jeff Earickson
Colby College

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
For further info about MailScanner, please see the Most Asked
Questions at    http://www.mailscanner.biz/maq/     and the archives
at    http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------- next part --------------
*** SweepViruses.pm.orig	Thu Apr 29 10:13:59 2004
--- SweepViruses.pm	Thu Apr 29 10:21:09 2004
***************
*** 925,934 ****
          next;
        }
        if ($results->virus) {
!         print "INFECTED::";
          print " $results" . ":: $dirname/$childname/$filename\n";
        } else {
!         print "CLEAN:: :: $dirname/$childname/$filename\n";
        }
      }
      $child->close;
--- 925,934 ----
          next;
        }
        if ($results->virus) {
!         print "INFECTED::ClamAVModule::";
          print " $results" . ":: $dirname/$childname/$filename\n";
        } else {
!         print "CLEAN::ClamAVModule :: $dirname/$childname/$filename\n";
        }
      }
      $child->close;
***************
*** 984,996 ****
          next;
        }
        if ($results->infected) {
!         print "INFECTED::";
          foreach $virus ($results->viruses) {
            print " $virus";
          }
          print ":: $dirname/$childname/$filename\n";
        } else {
!         print "CLEAN:: :: $dirname/$childname/$filename\n";
        }
      }
      $child->close;
--- 984,996 ----
          next;
        }
        if ($results->infected) {
!         print "INFECTED::SophosSAVI::";
          foreach $virus ($results->viruses) {
            print " $virus";
          }
          print ":: $dirname/$childname/$filename\n";
        } else {
!         print "CLEAN::SophosSAVI :: $dirname/$childname/$filename\n";
        }
      }
      $child->close;

More information about the MailScanner mailing list