Trend virus reporting not working?
Daniel Kleinsinger
danielk at AVALONPUB.COM
Thu Jan 29 20:35:44 GMT 2004
I've just installed some extra scanners into my MailScanner
configuration. I now use sophossavi, f-prot, and trend (I was just
using sophossavi before). The support for trend is apparently alpha (I
had to decrease my minimum code status to get it to work) and it doesn't
seem to log which virus it detected. From my maillog:
Jan 29 11:29:07 nts-2 MailScanner[20732]: Virus and Content Scanning:
Starting
Jan 29 11:29:07 nts-2 MailScanner[20732]: INFECTED:: W32/MyDoom-A::
./i0TJT2iG028320/document.pif
Jan 29 11:29:07 nts-2 MailScanner[20732]: Virus Scanning: SophosSAVI
found 1 infections
Jan 29 11:29:07 nts-2 MailScanner[20732]:
/var/spool/MailScanner/incoming/20732/i0TJT2iG028320/document.pif
Infection: W32/Mydoom.A at mm
Jan 29 11:29:07 nts-2 MailScanner[20732]: Virus Scanning: F-Prot found
virus W32/Mydoom.A at mm
Jan 29 11:29:08 nts-2 MailScanner[20732]: Virus Scanning: F-Prot found 1
infections
Jan 29 11:29:08 nts-2 MailScanner[20732]: Virus Scanning: Trend found 1
infections
Jan 29 11:29:08 nts-2 MailScanner[20732]: Infected message
i0TJT2iG028320 came from 66.136.69.99
Jan 29 11:29:08 nts-2 MailScanner[20732]: Virus Scanning: Found 1 viruses
Looking through SweepViruses.pm it seems there is some code (lines
1902-1946 in version 4.24-5) to "ProcessTrendOutput", but in my case it
doesn't seem to be working. Is it working for other people?
If not, do any Perl programmers want to take a look and see if they can
fix it? The sample output (embedded as a comment in SweepViruses.pm)
that the current code was based on seems pretty similar to the current
output, so it's probably pretty easy to fix. I'm not sure if I called
trend-wrapper correctly to generate the output below, let me know if
it's not correct.
Thanks,
Daniel
command run:
/usr/lib/MailScanner/trend-wrapper /usr/local/trend/ -a -za -r .
output:
Virus Scanner v3.1, VSAPI v6.810-1005
Trend Micro Inc. 1996,1997
Pattern version 749
Pattern number 58124
Configuration: -a -r -nl -c1 -c2 -u -s
Directory .
./eicar.com.txt
*** Found virus Eicar_test_file in file /root/spam/eicar.com.txt
==============================
Directory:
Searched : 1
File:
Searched : 1
Scan : 1
Infected : 1
Infected : 1(Include files been compressed)
Time:
Start : 1/29/04 12:22:32
Stop : 1/29/04 12:22:32
Used : 00:00
More information about the MailScanner
mailing list