more Panda Wrapper drama

Rick Cooper rcooper at DWFORD.COM
Fri Nov 11 01:51:31 GMT 2005

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Glenn Steen
> Sent: Thursday, November 10, 2005 9:56 AM
> Subject: Re: more Panda Wrapper drama
> On 10/11/05, Victor DiMichina <victor at> wrote:
> > Searching through the archives,  I have found a lot of questions but no
> > answers on how to actually get the Panda Wrapper to work.    Below is
> > the output of two tests on an EICAR virus.
> >
> > The  first command was done with the wrapper.   Here you see the command
> > and the output of "Virus: 0" even though there is clearly an eicar virus
> > in that directory.:
> >
> > [root at hoshi 715]# /usr/lib/MailScanner/panda-wrapper /usr -nsb -eng -aex
> > -nso -aut -cmp .
> > Virus: 0
> >
> This is a matetr of how you are calling the wrapper, or rather how it
> differs from the directory layout when you call it compared to when it
> is called in MS.
> (As implied in my not
> panda:install#notes_on_panda_support_in_mailscanner)
> It assumes that the files to scan is in subdirectories to the current
> working directory (the "." is ignored), and runs pavcl once/directory.
> so if you "cd .." and rerun the wrapper, it'll probably work OK....
> And If you pass the EICAR through "the normal way"
> it'd probably work too.
> Rick Cooper (who wrote the current wrapper) can perhaps elaborate a
> bit on why it looks like it does (as well as if I'm right;).

I think you are right, I think he ran the test from the directory that the
file was located in. The current dir is excluded because no unpacked files
are ever placed there for one thing, and the per directory scan was because
(IIRC) depending on the length of the directory path there is no way to tell
where the infection came from (dirname = message-id) because pavcl will
truncate the paths, hence if you are scanning a batch and find a virus you
may well end up flagging the wrong message as containing the infection,
which would be bad.

As an aside Panda called me last week and asked if I would be interested in
using them for the corporate desktop A/V solution and I recapped my
experiences with their Linux command line product and the related tech
support. I assured them BitDefender would be our desktop solution. I did
tell their people that the way they handled the pavcl output problems would
certainly weigh in on how comfortable I would be in signing on with the
windows product for 300+ desktops and the support people made it clear the
could not care less... the sales person certainly did not seem to agree with
them. It's too bad given every person I spoke with at panda that was related
to the pavcl project, except the programmers, agreed that the pavcl out put
was handled badly and the programming staff had been asked to change it for
more than a year... Last I checked it had not been updated. They should take
a lesson from the BD *nix project and they might find a more receptive I.T.
community when it comes to the windows product.


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list