Panda not working

Steen, Glenn Glenn.Steen at AP1.SE
Tue Mar 8 12:34:20 GMT 2005 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

The more I look at it, the more sure I am that the only place
where the pavcl-wrapper (original) works is within MS, or if run
exactly like in MS (meaning that it relies heavily on the ...
expected directory hierarchy). I think I've got another bright
idea of how to both make it efficient _and_ retain the exact same
output, while making it a bit more like the other wrappers...
Stay tuned... Perhaps not for today, but...:-).

-- Glenn

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Steen, Glenn
> Sent: den 8 mars 2005 12:56
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Panda not working
> 
> 
> > -----Original Message-----
> > From: MailScanner mailing list 
> > [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Paul Welsh
> > Sent: den 8 mars 2005 00:37
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Panda not working
> > 
> > 
> > > -----Original Message-----
> > > From: MailScanner mailing list 
> > > [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Steen, Glenn
> > > Sent: 07 March 2005 17:35
> > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > Subject: Re: Panda not working
> > > 
> > > Ok, this one has pimples the size of Everest, but could you 
> > > just try it
> > > out Paul? To run it as MailScanner does call it like:
> > > /usr/lib/MailScanner/panda-wrapper /usr -aut -aex -heu -nso 
> > -cmp -esp
> > > /tmp
> > > 
> > 
> > Hi Glenn
> > 
> > OK, this worked.  Thanks very much.  
> > 
> > The output is messy when you use the -AEX option on a whole 
> > directory, but I
> > guess this command:
> > 
> > /usr/lib/MailScanner/panda-wrapper /usr -aut -aex -heu -nso 
> -cmp -esp
> > /tmp/eicar.com
> > 
> > would be more similar to the way MailScanner will use it and 
> > this gets the
> > output:
> > 
> > Virus: 1##Base: /tmp/eicar.com##1: '' => Eicar##
> Isn't it pretty:-). This strange format is what 
> ProcessPandaOutput seems
> to need in SweepViruses.pm ... Didn't wan't to mess with it.
> 
> As designed I'm looking at only processing directories, while
> the old script only processed the current directory and called
> pavcl once/file ... at least, that seems to have been the goal.
> I'll have to look further, but I'm not at all certain that MS 
> will call
> it once per file as in your example, rather once per batch...
> 
> The -AEX option is what the old one is called with (along with a few
> others, like the -AUT:-) from MS and ... Well, the output 
> does get messy
> but not unreadably so.
> 
> While the old script certainly has warts, it should've worked 
> OK within 
> MS, if nowhere else... But it doesn't for me. Perhaps the 
> pavcl I use is
> at cause... (look below for version info and a bit of testruns).
> 
> > 
> > I'm a bit puzzled why you included the -ESP switch because 
> > that changes the
> > output to Spanish.
> Man, I was in a hurry to catch a commuter train,... and since 
> the script
> is done (originally) in spanish to accomodate both spanish 
> and english...
> I just had to test it. But you are so right, it wasn't included by
> design, just by accident.
> 
> I think I'll do some more testing, PHB willing etc:-).
> 
> > 
> > Now I'll let MS run for a while with the eval version and 
> > then I'll install
> > the free version and see if the free version is capable of 
> > using the latest
> > update file; Panda support suggested not.
> Interresting.... I'm testing with the "free" version rpm.
> 
> Some info and runs:
> # rpm -qi pavcl
> Name        : pavcl                        Relocations: (not 
> relocatable)
> Version     : 7.01.00                           Vendor: (none)
> Release     : 1                             Build Date: ons 
> 11 aug 2004 13.37.00
> Install Date: mån  7 mar 2005 15.24.09      Build Host: spd
> Group       : Applications/System           Source RPM: 
> pavcl-7.01.00-1.src.rpm
> Size        : 8964781                          License: Panda 
> Sowftware International
> Signature   : (none)
> Summary     : Panda Antivirus for Linux 7.01.00.0004
> Description :
> El antivirus pavcl es una utilidad de consola que permite escanear
> un sistema de ficheros buscando los posibles virus que pudieran
> encontrarse en los archivos
> # 
> /root/MailScanner-install-4.39.6/perl-tar/MailScanner-4.39.6/l
> ib/panda-wrapper /usr -aut -nso -cmp -aex ignored_directory_arg
> Virus: 0
> # /usr/lib/MailScanner/panda-wrapper /usr -aut -nso -cmp -aex .
> Virus: 3##Base: 
> /var/spool/MailScanner/quarantine/20050303/0E0C023DC7.6426E##1
> : '/./message.exe' => W32/Lovgate##2: 
> '/./message.zip/var/spool/MailScanner/quarantine/20050303/.../
> message.zip[message.exe]' => W32/Lovgate##3: 
> '/./message/var/spool/MailScanner/quarantine/20050303/.../mess
> age[~000000. at x@]1message.zip].../message[message.zip][message.
> exe]' => W32/Lovgate##
> # /usr/lib/MailScanner/panda-wrapper /usr -aut -nso -cmp .
> Virus: 2##Base: 
> /var/spool/MailScanner/quarantine/20050303/0E0C023DC7.6426E##1
> : '/./message.exe' => W32/Lovgate##2: 
> '/./message.zip/var/spool/MailScanner/quarantine/20050303/.../
> message.zip[message.exe]' => W32/Lovgate##
> # ls
> message  message.exe  message.zip
> #
> 
> I probably should make it just run on dirs, and make sure the 
> $base contain a trailing slash...
> 
> -- Glenn
> > 
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > 
> > Support MailScanner development - buy the book off the website!
> > 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list