Avast support?
Rick Cooper
rcooper at dwford.com
Sun Apr 29 19:58:41 IST 2007
Julian,
I have attached information for adding avast to MailScanner. I didn't send a
diff because my MailScanner installs still have patches that are not in the
MailScanner releases. I also didn't do an avast-autoupdate because when you
install the avast it installs a cron job, and scripts to run in. It
apparently can be either a perl or .sh script depending on what the rpm
install script decides is right for your system. They are fairly complex
scripts but you could call them from an avast-autoupdate script by adding:
/usr/bin/avastvpsupdate.pl or /usr/bin/avastvpsupdate.sh
To the autoupdate script
There is also a note in the avast-wrapper script about changing the prog=
line from avastcmd to avast if you are using the workstation version. Other
than that this will work for both as they share options and output.
Hope it saves you some trouble, and sorry about not having a diff, but the
AvastForMailScanner.txt contains everything you need to add to each of the
related files (including MailWatch-> functions.php if using it)
Rick
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
> Of Julian Field
> Sent: Sunday, April 29, 2007 4:54 AM
> To: MailScanner discussion
> Subject: Re: Avast support?
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Send me a fully working copy of Avast and I'll take a look
> into it for
> you. Talk to me off-list.
>
> Andrew MacLachlan wrote:
> > This question has been asked before
> (http://thread.gmane.org/gmane.mail.virus.mailscanner/27068/fo
> cus=31924) but it didn't seem to go anywhere.
> > I have a customer that requires Avast support and I don't
> really want to use amavis (which does support Avast).
> > Is there much appetite for this?
> >
> > Regards,
> >
> > Andrew MacLachlan
> >
> >
> >
>
> Jules
>
> - --
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules at Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> For all your IT requirements visit www.transtec.co.uk
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.1 (Build 1012)
> Charset: ISO-8859-1
>
> wj8DBQFGNF02EfZZRxQVtlQRAj54AJ4qztZXcFA4qtZ6uj/qSbVrwN1PZQCfX4DE
> e4pe8OUrUBsIdMnAcj44Xx0=
> =1tvr
> -----END PGP SIGNATURE-----
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> For all your IT requirements visit www.transtec.co.uk
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
-------------- next part --------------
Update MailScanner.conf
# Which Virus Scanning package to use:
# avast from www.avast.com
Add to virus.scanners.conf
avast /opt/MailScanner/lib/avast-wrapper /usr/bin
Add to SweepViruses
My $Scanners = (
"avast" => {
Name => 'Avast',
Lock => 'Avastbusy.lock',
CommonOptions => '-t A -n --testfull',
DisinfectOptions => '',
ScanOptions => '',
InitParser => \&InitAvastParser,
ProcessOutput => \&ProcessAvastOutput,
SupportScanning => $S_SUPPORTED,
SupportDisinfect => $S_NONE,
},
# Initialise any state variables the AVAST output parser uses
sub InitAvastParser {
;
}
sub ProcessAvastOutput {
my($line, $infections, $types, $BaseDir, $Name) = @_;
chomp $line;
# Remove all the carriage-returns from the line
$line =~ s/[\r\n]//g;
# Convert tabs to a space
$line =~ s/\t/ /;
#print STDERR "Line: $line\n";
# return 0 unless $line =~ /\[infected by: (.+?)\]$/i;
return 0 unless $line =~ /\[infected by: (.+?)\]$/i;
my $virus = $1;
# Remove Archived and/or BasDir from the line
$line =~ s/^.*?$BaseDir\///;
# Now remove the virus found string since we have the virus name already
$line =~ s/^(.*?)\s.+$/$1/;
MailScanner::Log::DebugLog("%s", "AVAST : Remove BaseDir $BaseDir/\n");
# Now create the standard log line of ID/filename
my $logout = $line;
MailScanner::Log::DebugLog("%s", "AVAST : Changed Output to $line\n");
# Remove redundant whitespace from log line
$logout =~ s/\s{2,}/ /g;
MailScanner::Log::InfoLog("%s", $logout);
# The format would now be:
# single file infection ID/filename
# Archive file with infection ID/ArchiveName/FileName
# Get the ID, the file to remove and the infected file name if an archive
my ($id,$part,$file) = split(/\//,$line);
MailScanner::Log::DebugLog("%s", "AVAST : id:$id:part = $part: File = $file\n");
$infections->{$id}{$part} .= $Name . ': ' if $Name;
# Avast checks the archived file before the archive it's self so
# we skip the archive if we have already recorded it with the filename
# so the user report only displays archivefile => filename but the
# postmaster message will still show both.
unless (defined $infections->{$id}{$file}) {
$infections->{$id}{$part} .= "Found virus ($virus) in file $part\n" if $file eq '';
$infections->{$id}{$part} .= "Found virus ($virus) in Archive $part => $file\n" if $file ne '';
$types->{$id}{$part} .= "v"; # so we know what to tell sender
}
return 1;
}
IF YOU ARE USING MAILWATCH FOR MAILSCANNER NEED TO ADD (ABOVE default:)
case 'avast':
define(VIRUS_REGEX, '/\[infected by: (.+?)\]$/i');
break;
TO THE if(!defined(VIRUS_REGEX) || !DISTRIBUTED_SETUP) { SECTION
-------------- next part --------------
A non-text attachment was scrubbed...
Name: avast-wrapper
Type: application/octet-stream
Size: 1481 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070429/a9ee1c98/avast-wrapper.obj
More information about the MailScanner
mailing list