Avast support?

Julian Field MailScanner at ecs.soton.ac.uk
Sun Apr 29 20:59:29 IST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry Rick, I beat you to it. Support for both "avastcmd" command-line 
scanner and the "avastd" daemon are done and tested. It's up on the web 
site as 4.59.4, I just haven't updated the HTML to point to it yet. I'll 
do that tomorrow. I've done quite enough for 1 day, I'm supposed to be 
resting after all :-)

Jules.

Rick Cooper wrote:
> Julian,
>
> I have attached information for adding avast to MailScanner. I didn't send a
> diff because my MailScanner installs still have patches that are not in the
> MailScanner releases. I also didn't do an avast-autoupdate because when you
> install the avast it installs a cron job, and scripts to run in. It
> apparently can be either a perl or .sh script depending on what the rpm
> install script decides is right for your system. They are fairly complex
> scripts but you could call them from an avast-autoupdate script by adding:
>
> 	/usr/bin/avastvpsupdate.pl or /usr/bin/avastvpsupdate.sh
> To the autoupdate script
>
> There is also a note in the avast-wrapper script about changing the prog=
> line from avastcmd to avast if you are using the workstation version. Other
> than that this will work for both as they share options and output.
>
> Hope it saves you some trouble, and sorry about not having a diff, but the
> AvastForMailScanner.txt contains everything you need to add to each of the
> related files (including MailWatch-> functions.php if using it)
>
> Rick
>
>   
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info 
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
>> Of Julian Field
>> Sent: Sunday, April 29, 2007 4:54 AM
>> To: MailScanner discussion
>> Subject: Re: Avast support?
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Send me a fully working copy of Avast and I'll take a look 
>> into it for 
>> you. Talk to me off-list.
>>
>> Andrew MacLachlan wrote:
>>     
>>> This question has been asked before 
>>>       
>> (http://thread.gmane.org/gmane.mail.virus.mailscanner/27068/fo
>> cus=31924) but it didn't seem to go anywhere. 
>>     
>>> I have a customer that requires Avast support and I don't 
>>>       
>> really want to use amavis (which does support Avast).
>>     
>>> Is there much appetite for this?
>>>  
>>> Regards,
>>>
>>> Andrew MacLachlan
>>>
>>>
>>>   
>>>       
>> Jules
>>
>> - -- 
>> Julian Field MEng CITP
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>>
>> MailScanner customisation, or any advanced system administration help?
>> Contact me at Jules at Jules.FM
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>> For all your IT requirements visit www.transtec.co.uk
>>
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: PGP Desktop 9.6.1 (Build 1012)
>> Charset: ISO-8859-1
>>
>> wj8DBQFGNF02EfZZRxQVtlQRAj54AJ4qztZXcFA4qtZ6uj/qSbVrwN1PZQCfX4DE
>> e4pe8OUrUBsIdMnAcj44Xx0=
>> =1tvr
>> -----END PGP SIGNATURE-----
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>> For all your IT requirements visit www.transtec.co.uk
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>>
>>     
>> ------------------------------------------------------------------------
>>
>>
>> Update MailScanner.conf
>>
>> # Which Virus Scanning package to use:
>> # avast		from www.avast.com
>>
>> Add to virus.scanners.conf
>>
>> avast		/opt/MailScanner/lib/avast-wrapper	/usr/bin
>>
>> Add to SweepViruses
>>
>> My $Scanners = (
>>
>>   "avast"   => {
>>     Name                => 'Avast',
>>     Lock                => 'Avastbusy.lock',
>>     CommonOptions       => '-t A -n --testfull',
>>     DisinfectOptions    => '',
>>     ScanOptions         => '',
>>     InitParser          => \&InitAvastParser,
>>     ProcessOutput       => \&ProcessAvastOutput,
>>     SupportScanning     => $S_SUPPORTED,
>>     SupportDisinfect    => $S_NONE,
>>   },
>>
>>
>> # Initialise any state variables the AVAST output parser uses
>> sub InitAvastParser {
>>   ;
>> }
>>
>>
>> sub ProcessAvastOutput {
>>   my($line, $infections, $types, $BaseDir, $Name) = @_;
>>   chomp $line;
>>
>>   # Remove all the carriage-returns from the line
>>   $line =~ s/[\r\n]//g;
>>   # Convert tabs to a space
>>   $line =~ s/\t/ /;
>>   #print STDERR "Line: $line\n";
>>   # return 0 unless $line =~ /\[infected by: (.+?)\]$/i;
>>   return 0 unless $line =~ /\[infected by: (.+?)\]$/i;
>>   my $virus = $1;
>>   # Remove Archived and/or BasDir from the line
>>   $line =~ s/^.*?$BaseDir\///;
>>
>>   # Now remove the virus found string since we have the virus name already
>>   $line =~ s/^(.*?)\s.+$/$1/;
>>   MailScanner::Log::DebugLog("%s", "AVAST : Remove BaseDir $BaseDir/\n");
>>
>>   # Now create the standard log line of ID/filename
>>   my $logout = $line;
>>   MailScanner::Log::DebugLog("%s", "AVAST : Changed Output to $line\n");
>>   # Remove redundant whitespace from log line
>>   $logout =~ s/\s{2,}/ /g;
>>   MailScanner::Log::InfoLog("%s", $logout);
>>
>>   # The format would now be:
>>   # single file infection ID/filename
>>   # Archive file with infection ID/ArchiveName/FileName
>>   # Get the ID, the file to remove and the infected file name if an archive
>>   my ($id,$part,$file) = split(/\//,$line);
>>
>>
>>   MailScanner::Log::DebugLog("%s", "AVAST : id:$id:part = $part: File = $file\n");
>>   $infections->{$id}{$part} .= $Name . ': ' if $Name;
>>
>>   # Avast checks the archived file before the archive it's self so
>>   # we skip the archive if we have already recorded it with the filename
>>   # so the user report only displays archivefile => filename but the
>>   # postmaster message will still show both.
>>
>>   unless (defined $infections->{$id}{$file}) {
>> 	  $infections->{$id}{$part} .= "Found virus ($virus) in file $part\n" if $file eq '';
>> 	  $infections->{$id}{$part} .= "Found virus ($virus) in Archive $part => $file\n" if $file ne '';
>>   	  $types->{$id}{$part}      .= "v"; # so we know what to tell sender
>>   }
>>   return 1;
>> }
>>
>> IF YOU ARE USING MAILWATCH FOR MAILSCANNER NEED TO ADD (ABOVE default:)
>>
>>   case 'avast':
>>    define(VIRUS_REGEX, '/\[infected by: (.+?)\]$/i');
>>    break;
>>
>>    TO THE if(!defined(VIRUS_REGEX) || !DISTRIBUTED_SETUP) { SECTION
>>
>>     

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)
Charset: ISO-8859-1

wj8DBQFGNPkkEfZZRxQVtlQRAm6kAKDR7N1RHn/1g4sSbOSAC1vVpa2S5ACg5VLo
P7Xy7igo2qM22bgs++a99AQ=
=cXF2
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

More information about the MailScanner mailing list