Panda not working

Steen, Glenn Glenn.Steen at AP1.SE
Mon May 9 15:22:11 IST 2005 

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Rick Cooper
> Sent: den 9 maj 2005 15:57
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Panda not working
> 
> 
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> > Behalf Of Steen, Glenn
> > Sent: Monday, May 09, 2005 6:01 AM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Panda not working
> >
> >
> > > -----Original Message-----
> > > From: MailScanner mailing list
> > > [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Andreas Svensson
> > > Sent: den 9 maj 2005 12:17
> > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > Subject: Sv: Re: Panda not working
> > >
> > >
> > > I noticed that the Amavis-new "scanner" works with panda...
> > > In their conf they have:
> > > <---
> > >   ### http://www.pandasoftware.com/
> > >   ['Panda Antivirus for Linux', ['pavcl'],
> > >     '-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
> > >     qr/Number of files infected[ .]*: 0(?!\d)/,
> > >     qr/Number of files infected[ .]*: 0*[1-9]/,
> > >     qr/Found virus :\s*(\S+)/ ],
> > > --->
> > > Does this help us?
> > > /Andreas
> > Nope. The thing is, they garble up the output (curses/TERM 
> issues) and
> > well.. that gets kind of "dangerous" in batch mode... Who 
> wan'ts an AV
> > that is "mostly right" or "sometimes wrong"? Not me.
> > If amavis spawns one pavcl/message, they might get it right 
> most of the
> > time, but... Well, I'm no amavis guru:-). Chances are that they're
> > fooling themselves too:).
> >
> [...]
> 
> This is not necessarily the case. If you do *not* use the 
> -nor switch each
> time pavcl is run it produces a plain text version of it's 
> console output in
> /var/log/panda named pavcl.rpt. Example:
> 
> ---------------------------------------------------
> Date                : 09/05/2005
> Time                : 07:39:41
> File checked        : /opt/bdc/eicar.rar[eicar.com]
> 
>    Found virus :EICAR-AV-TEST-FILE
> 
> 
> 
>                  Panda Antivirus Linux, (c) Panda Software 2004
> 
> Time employed for scan .............: 00:00:00
> Number of files scanned ............: 2
> Number of files infected ...........: 1
> Number of files disinfected ........: 0
> Number of files renamed ............: 0
> Number of files deleted ............: 0
> 
>                             Copyright Panda Software
> 
> Shouldn't be particularly tough to parse.  example using the 
> wrapper script:
> 
> pavcl -aut -aex -heu -nso -eng /opt/bdc/eicar.rar &> 
> /dev/null #(although I
> don't generally trust heuristic)
> if [ -f /var/log/panda/pavcl.rpt ]; then
>     cat /var/log/panda/pavcl.rpt
> else
>     echo "pavcl.rpt file is missing"
> fi
> 
> Of course it's an over simplified example but it appears to 
> be consistently
> accurate. If you wanted to do away with the wrapper e 
> altogether this could
> be processed through the Message.pm::SafePipe function.
Uhum, and this works well with say 5 children on a busy server?

> If Julian thinks there is enough call for the panda handling 
> and doesn't
> have the time to mess with it I could probably do something 
> with it this
> week.
Be my guest (I'm certainly thoroughly fed up with panda... Do
surprise me and think up a brilliant scheme for it:)
And yes, I thought of using that "feature" too, but discarded it
as being unworkable MS (please prove me wrong;).
One could also use the panda.log file, but that would probably
become old in a hurry.

-- Glenn

> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list