Panda not working

Steen, Glenn Glenn.Steen at AP1.SE
Mon May 9 15:32:14 IST 2005 

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Steen, Glenn
> Sent: den 9 maj 2005 16:22
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Panda not working
> 
> 
> > -----Original Message-----
> > From: MailScanner mailing list 
> > [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Rick Cooper
> > Sent: den 9 maj 2005 15:57
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Panda not working
> > 
> > 
> > > -----Original Message-----
> > > From: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> > > Behalf Of Steen, Glenn
> > > Sent: Monday, May 09, 2005 6:01 AM
> > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > Subject: Re: Panda not working
> > >
> > >
> > > > -----Original Message-----
> > > > From: MailScanner mailing list
> > > > [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of 
> Andreas Svensson
> > > > Sent: den 9 maj 2005 12:17
> > > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > > Subject: Sv: Re: Panda not working
> > > >
> > > >
> > > > I noticed that the Amavis-new "scanner" works with panda...
> > > > In their conf they have:
> > > > <---
> > > >   ### http://www.pandasoftware.com/
> > > >   ['Panda Antivirus for Linux', ['pavcl'],
> > > >     '-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
> > > >     qr/Number of files infected[ .]*: 0(?!\d)/,
> > > >     qr/Number of files infected[ .]*: 0*[1-9]/,
> > > >     qr/Found virus :\s*(\S+)/ ],
> > > > --->
> > > > Does this help us?
> > > > /Andreas
> > > Nope. The thing is, they garble up the output (curses/TERM 
> > issues) and
> > > well.. that gets kind of "dangerous" in batch mode... Who 
> > wan'ts an AV
> > > that is "mostly right" or "sometimes wrong"? Not me.
> > > If amavis spawns one pavcl/message, they might get it right 
> > most of the
> > > time, but... Well, I'm no amavis guru:-). Chances are that they're
> > > fooling themselves too:).
> > >
> > [...]
> > 
> > This is not necessarily the case. If you do *not* use the 
> > -nor switch each
> > time pavcl is run it produces a plain text version of it's 
> > console output in
> > /var/log/panda named pavcl.rpt. Example:
> > 
> > ---------------------------------------------------
> > Date                : 09/05/2005
> > Time                : 07:39:41
> > File checked        : /opt/bdc/eicar.rar[eicar.com]
> > 
> >    Found virus :EICAR-AV-TEST-FILE
> > 
> > 
> > 
> >                  Panda Antivirus Linux, (c) Panda Software 2004
> > 
> > Time employed for scan .............: 00:00:00
> > Number of files scanned ............: 2
> > Number of files infected ...........: 1
> > Number of files disinfected ........: 0
> > Number of files renamed ............: 0
> > Number of files deleted ............: 0
> > 
> >                             Copyright Panda Software
> > 
> > Shouldn't be particularly tough to parse.  example using the 
> > wrapper script:
> > 
> > pavcl -aut -aex -heu -nso -eng /opt/bdc/eicar.rar &> 
> > /dev/null #(although I
> > don't generally trust heuristic)
> > if [ -f /var/log/panda/pavcl.rpt ]; then
> >     cat /var/log/panda/pavcl.rpt
> > else
> >     echo "pavcl.rpt file is missing"
> > fi
> > 
> > Of course it's an over simplified example but it appears to 
> > be consistently
> > accurate. If you wanted to do away with the wrapper e 
> > altogether this could
> > be processed through the Message.pm::SafePipe function.
> Uhum, and this works well with say 5 children on a busy server?
> 
> > If Julian thinks there is enough call for the panda handling 
> > and doesn't
> > have the time to mess with it I could probably do something 
> > with it this
> > week.
> Be my guest (I'm certainly thoroughly fed up with panda... Do
> surprise me and think up a brilliant scheme for it:)
> And yes, I thought of using that "feature" too, but discarded it
> as being unworkable MS (please prove me wrong;).
> One could also use the panda.log file, but that would probably
> become old in a hurry.

... And that they can produce the /&%&(&%/& rpt file, but not sane
output on stdout was (for me) kind of the last straw... I tried
getting in touch with them, but so far... nothing (aparantly Julian
has had more success, since he's had "a conversation"... Mine has
been far to one-sided to be termed a conversation:-).

> -- Glenn
> 
> > 
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> > 
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > 
> > Support MailScanner development - buy the book off the website!
> > 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list