AVG Antivirus scanner problem

Rick Cooper rcooper at dwford.com
Sun Jun 10 18:55:59 IST 2007


There was also an issue with the correct parsing of the virus if IIRC and
the logout line was very unfriendly to MailWatch.
 
I added $line =~ s/^(.+)(?:\s{1,}\(.+\))$/$1/; below $line =~ s/[\r\n]//g;
to remove the new(?) (+2) junk at the end of found lines
I changed my $virus = $1; to my $virus = $line; and added $virus =~
s/^.+\s+(.+?)$/$1/; because all of my log lines showed virus to be blank
(found virus  in file), and I also modifed the logout information to 
 
  my $logout = $line;
  $logout =~ s/\s{2,}/ /gs;
  $logout =~ s/:./->/;
  $logout =~ /^.+\/(.+?)\s{1,}(.+)\s{0,}$/;
  MailScanner::Log::InfoLog ("Avg: %s in %s", $2,$1);
 
so it would be easy for MailWatch to get the virus and file name (seemed to
be backward from the regex I think).
 
That brings me to a question I was going to ask next week. How about
standardizing the virus found log messages? I look through the MailWatch
code and every time something is added to MailScanner they would have to
re-write the section that handles logging the virus and filename regex. If
there was a standard logout put such as
    Scanner::ScannerName VIRUS_NAME Found  In FILE_NAME
then MailWatch (and other utlities) could easily parse the scanner, the
virus name and the file.
 
The MailWatch clamd, avg and panda support all need updated.
 
What do you think?
 
Rick


  _____  

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Julian
Field
Sent: Sunday, June 10, 2007 1:34 PM
To: MailScanner discussion; MailScanner beta testers
Subject: Re: AVG Antivirus scanner problem


How about the applied patch?
It's a very simple fix.


Rick Cooper wrote: 

I do, there was a patch applied to the parser sometime in the past and it no
longer recognizes "identified" only "found". I plan to release a patch to
the avg scanner soon
 
Rick Cooper


  _____  

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Chuck Rock
Sent: Saturday, June 09, 2007 11:54 PM
To: mailscanner at lists.mailscanner.info
Subject: AVG Antivirus scanner problem



Is anyone using avgscan with MailScanner? I have FreeBSD, sendmail,
MailScanner and I just downloaded a trial of AVG for Servers for FreeBSD.



It does not appear to detect any viruses though.



I ran Eicar and actual virus E-mails through it and all pass without any
hesitation. I tried running the avgscan on the queue directory and it
doesn't find anything wrong like that either.



Does anyone have any idea why it isn't working? I installed F-Protect on
another server like this, and it seems to work as expected, but seems a bit
pricey in comparison.



Thanks,

Chuck


-- 
This message has been scanned for viruses and 
dangerous content by  <http://www.mailscanner.info/> MailScanner, and is 
believed to be clean. 


-- 
This message has been scanned for viruses and 
dangerous content by  <http://www.mailscanner.info/> MailScanner, and is 
believed to be clean. 


Jules



-- 

Julian Field MEng CITP

www.MailScanner.info

Buy the MailScanner book at www.MailScanner.info/store



MailScanner customisation, or any advanced system administration help?

Contact me at Jules at Jules.FM



PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

For all your IT requirements visit www.transtec.co.uk




--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070610/b4d590b0/attachment.html


More information about the MailScanner mailing list