Panda Antivirus (pavcl v 9.00.00)

Rick Cooper rcooper at dwford.com
Tue May 30 15:05:15 IST 2006 

I noted last week Glenn mentioned something about a new panda pavcl (version
9). It would appear they have made good their promise to make it more "parse
friendly". They have included the following two switches:

	-noscr
	-rpt:filename
with these switches there is no terminal output during the scan and the
report file can be named, and then of course parsed after the scan. This
means an entire batch can be scanned at once and the report file parsed to
accurately determine which message and file(s) contain the viruse(s).

The down side is I have *no* time right now to rewrite the wrapper to handle
the new version. If someone wants to either write a separate version 9.xx
wrapper, great... or you could fork the current wrapper to handle both by
doing something like

pavcl -info|grep -i version |sed "s/Product version: //"

and check for =~ /9\.\d{2}\.\d{2}/

recommended command line options for version
9.xx: -nor -noscr -nob -eng -auto -cmp -heu -aex -rpt:./pavcl.out

and look at the file it appears pretty easy to parse:

File checked        : full_path/archive_name[archive_name]..[infected_file]
	Found virus :Virus_Name

so if an archive contained
	test1.zip->
			test2.zip->
					eicar.com

you would see
File checked        :/path/test1.zip
	Found virus:EICAR-AV-TEST-FILE

File checked        :/path/test1.zip[test2.zip][eicar.com]
	Found virus:EICAR-AV-TEST-FILE

So you would have to track your infections from the base archive through
nested archives and report only the base archive and  infected file name as
one infection.

If no one does a version 9 wrapper by this weekend I *might* have the time
to do something Sunday. Once the wrapper is done I think anyone using pavcl
should update to the version 9 right away, as it seems to me this new
functionality would be faster and more stable than the old method, although
I *think* the current wrapper will work with the new version, although you
will notice it's slower because they now scan boot sectors by default so
the -nob option added to the current wrapper would remove that extra
processing.





Rick Cooper


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list