Panda not working

Steen, Glenn Glenn.Steen at AP1.SE
Tue Mar 8 11:55:56 GMT 2005 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Paul Welsh
> Sent: den 8 mars 2005 00:37
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Panda not working
> 
> 
> > -----Original Message-----
> > From: MailScanner mailing list 
> > [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Steen, Glenn
> > Sent: 07 March 2005 17:35
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Panda not working
> > 
> > Ok, this one has pimples the size of Everest, but could you 
> > just try it
> > out Paul? To run it as MailScanner does call it like:
> > /usr/lib/MailScanner/panda-wrapper /usr -aut -aex -heu -nso 
> -cmp -esp
> > /tmp
> > 
> 
> Hi Glenn
> 
> OK, this worked.  Thanks very much.  
> 
> The output is messy when you use the -AEX option on a whole 
> directory, but I
> guess this command:
> 
> /usr/lib/MailScanner/panda-wrapper /usr -aut -aex -heu -nso -cmp -esp
> /tmp/eicar.com
> 
> would be more similar to the way MailScanner will use it and 
> this gets the
> output:
> 
> Virus: 1##Base: /tmp/eicar.com##1: '' => Eicar##
Isn't it pretty:-). This strange format is what ProcessPandaOutput seems
to need in SweepViruses.pm ... Didn't wan't to mess with it.

As designed I'm looking at only processing directories, while
the old script only processed the current directory and called
pavcl once/file ... at least, that seems to have been the goal.
I'll have to look further, but I'm not at all certain that MS will call
it once per file as in your example, rather once per batch...

The -AEX option is what the old one is called with (along with a few
others, like the -AUT:-) from MS and ... Well, the output does get messy
but not unreadably so.

While the old script certainly has warts, it should've worked OK within 
MS, if nowhere else... But it doesn't for me. Perhaps the pavcl I use is
at cause... (look below for version info and a bit of testruns).

> 
> I'm a bit puzzled why you included the -ESP switch because 
> that changes the
> output to Spanish.
Man, I was in a hurry to catch a commuter train,... and since the script
is done (originally) in spanish to accomodate both spanish and english...
I just had to test it. But you are so right, it wasn't included by
design, just by accident.

I think I'll do some more testing, PHB willing etc:-).

> 
> Now I'll let MS run for a while with the eval version and 
> then I'll install
> the free version and see if the free version is capable of 
> using the latest
> update file; Panda support suggested not.
Interresting.... I'm testing with the "free" version rpm.

Some info and runs:
# rpm -qi pavcl
Name        : pavcl                        Relocations: (not relocatable)
Version     : 7.01.00                           Vendor: (none)
Release     : 1                             Build Date: ons 11 aug 2004 13.37.00
Install Date: mån  7 mar 2005 15.24.09      Build Host: spd
Group       : Applications/System           Source RPM: pavcl-7.01.00-1.src.rpm
Size        : 8964781                          License: Panda Sowftware International
Signature   : (none)
Summary     : Panda Antivirus for Linux 7.01.00.0004
Description :
El antivirus pavcl es una utilidad de consola que permite escanear
un sistema de ficheros buscando los posibles virus que pudieran
encontrarse en los archivos
# /root/MailScanner-install-4.39.6/perl-tar/MailScanner-4.39.6/lib/panda-wrapper /usr -aut -nso -cmp -aex ignored_directory_arg
Virus: 0
# /usr/lib/MailScanner/panda-wrapper /usr -aut -nso -cmp -aex .
Virus: 3##Base: /var/spool/MailScanner/quarantine/20050303/0E0C023DC7.6426E##1: '/./message.exe' => W32/Lovgate##2: '/./message.zip/var/spool/MailScanner/quarantine/20050303/.../message.zip[message.exe]' => W32/Lovgate##3: '/./message/var/spool/MailScanner/quarantine/20050303/.../message[~000000. at x@]1message.zip].../message[message.zip][message.exe]' => W32/Lovgate##
# /usr/lib/MailScanner/panda-wrapper /usr -aut -nso -cmp .
Virus: 2##Base: /var/spool/MailScanner/quarantine/20050303/0E0C023DC7.6426E##1: '/./message.exe' => W32/Lovgate##2: '/./message.zip/var/spool/MailScanner/quarantine/20050303/.../message.zip[message.exe]' => W32/Lovgate##
# ls
message  message.exe  message.zip
#

I probably should make it just run on dirs, and make sure the $base contain a trailing slash...

-- Glenn
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list