Panda not working

Rick Cooper rcooper at DWFORD.COM
Mon May 9 14:57:22 IST 2005


> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Steen, Glenn
> Sent: Monday, May 09, 2005 6:01 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Panda not working
>
>
> > -----Original Message-----
> > From: MailScanner mailing list
> > [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Andreas Svensson
> > Sent: den 9 maj 2005 12:17
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Sv: Re: Panda not working
> >
> >
> > I noticed that the Amavis-new "scanner" works with panda...
> > In their conf they have:
> > <---
> >   ### http://www.pandasoftware.com/
> >   ['Panda Antivirus for Linux', ['pavcl'],
> >     '-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
> >     qr/Number of files infected[ .]*: 0(?!\d)/,
> >     qr/Number of files infected[ .]*: 0*[1-9]/,
> >     qr/Found virus :\s*(\S+)/ ],
> > --->
> > Does this help us?
> > /Andreas
> Nope. The thing is, they garble up the output (curses/TERM issues) and
> well.. that gets kind of "dangerous" in batch mode... Who wan'ts an AV
> that is "mostly right" or "sometimes wrong"? Not me.
> If amavis spawns one pavcl/message, they might get it right most of the
> time, but... Well, I'm no amavis guru:-). Chances are that they're
> fooling themselves too:).
>
[...]

This is not necessarily the case. If you do *not* use the -nor switch each
time pavcl is run it produces a plain text version of it's console output in
/var/log/panda named pavcl.rpt. Example:

---------------------------------------------------
Date                : 09/05/2005
Time                : 07:39:41
File checked        : /opt/bdc/eicar.rar[eicar.com]

   Found virus :EICAR-AV-TEST-FILE



                 Panda Antivirus Linux, (c) Panda Software 2004

Time employed for scan .............: 00:00:00
Number of files scanned ............: 2
Number of files infected ...........: 1
Number of files disinfected ........: 0
Number of files renamed ............: 0
Number of files deleted ............: 0

                            Copyright Panda Software

Shouldn't be particularly tough to parse.  example using the wrapper script:

pavcl -aut -aex -heu -nso -eng /opt/bdc/eicar.rar &> /dev/null #(although I
don't generally trust heuristic)
if [ -f /var/log/panda/pavcl.rpt ]; then
    cat /var/log/panda/pavcl.rpt
else
    echo "pavcl.rpt file is missing"
fi

Of course it's an over simplified example but it appears to be consistently
accurate. If you wanted to do away with the wrapper e altogether this could
be processed through the Message.pm::SafePipe function.

If Julian thinks there is enough call for the panda handling and doesn't
have the time to mess with it I could probably do something with it this
week.


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list