more Panda Wrapper drama

Rick Cooper rcooper at DWFORD.COM
Fri Nov 11 01:34:43 GMT 2005 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Victor DiMichina
> Sent: Wednesday, November 09, 2005 6:10 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: more Panda Wrapper drama
>
>
> Searching through the archives,  I have found a lot of questions but no
> answers on how to actually get the Panda Wrapper to work.    Below is
> the output of two tests on an EICAR virus.
>
> The  first command was done with the wrapper.   Here you see the command
> and the output of "Virus: 0" even though there is clearly an eicar virus
> in that directory.:
>
> [root at hoshi 715]# /usr/lib/MailScanner/panda-wrapper /usr -nsb -eng -aex
> -nso -aut -cmp .
> Virus: 0
>
>
> and the very next command was run with pavcl in the same directoy,
> finding the virus:
>
> [root at hoshi 715]# pavcl  -nsb -eng -aex -nso -aut -cmp .
>
>                                Panda Antivirus Linux,
> Copyright 1989-2003 (c) Panda Software
>
> Time employed for scan .............: 00:00:00
> Number of files scanned ............: 5
> Number of files infected ...........: 4
> Number of files disinfected ........: 0
> Number of files renamed ............: 0
> Number of files deleted ............: 0
>
> Has anyone gotten the Panda Wrapper to actually work?
>

Yes, my question would be if the directory structure was as is described in
the comments at the top of the wrapper?

# Make sure your testing dir is one directory deep (don't for get the . BTW)
# example
# test+
#     .+ testfiles
#     .+ moretestfiles
# execute from directory test and it will scan the testfiles and
moretestfiles
# directories. There should be no sub-dirs below those two, this simulates
# MailScanner's process-dir->message-dir structure

For a variety of reasons this is the structure that *must* be implemented
for the scan to work. For instance if the virus was in a file in the
directory 'test' (see above) it would not be caught. It must simulate the
same structure as MailScanner creates when it unpacks the mail. If you had
the virus in the same directory as the test command was issued, create a
subdirectory and move the virus there and re-run the test and it should pick
it up, no problem.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list