McAfee and password-protected zip file detection in MS
Rick Cooper
rcooper at DWFORD.COM
Wed Mar 3 16:08:51 GMT 2004
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Denis Beauchemin
> Sent: Wednesday, March 03, 2004 9:46 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: McAfee and password-protected zip file detection in MS
>
>
> Hi all,
>
> I tried to modify SweepViruses.pm so it could grab McAfee's "is
> password-protected" string and just treat the
> attachment as a virus but
> it doesn't work...
>
> I modified ProcessMcAfeeOutput() this way:
> #return 0 unless $line =~ /Found/;
> return 0 unless (($line =~ /Found/) or ($line =~ /is
> password-protected/));
How about adding a log to stderr like:
print STDERR "Line Was: $line\n";
return 0 unless $line =~ /Found|password-protected/
Then run MS in debug and watch and see what it is seeing, perhaps
something is a bit different than you thought, like case?
>
> Any ideas why it is not kicking in? Could it be
> because McAfee returns
> a zero return code if it detects a password-protected
> zip file (I know
> this is what it does)?
>
> If so, could there be another way of achieving the
> same result without
> having to upgrade to the latest unstable version?
>
> Thanks!
>
> Denis
> --
> Denis Beauchemin, analyste
> Université de Sherbrooke, S.T.I.
> T: 819.821.8000x2252 F: 819.821.8045
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
More information about the MailScanner
mailing list