small bug in 4.66.5

Greg Matthews gmatt at nerc.ac.uk
Mon Feb 25 15:39:13 GMT 2008 

hmmm....

looks like this may have been in 4.62 as well as I found what looked 
like my own modifications in SweepViruses.pm in that version too.

It looks like $Name is not getting populated in sub 
ProcessClamAVModOutput. The following patch corrects the log entry but 
doesnt address the underlying cause:

--- /tmp/SweepViruses.pm        2008-02-25 15:35:28.000000000 +0000
+++ ./SweepViruses.pm   2008-02-25 15:23:30.000000000 +0000
@@ -1444,7 +1444,8 @@
    ($keyword, $virusname, $filename) = split(/:: /, $line, 3);

    if ($keyword =~ /^error/i && $logout !~ /rar module failure/i) {
-    MailScanner::Log::InfoLog("%s::%s", $Name, $logout);
+    #MailScanner::Log::InfoLog("%s::%s", $Name, $logout);
+    MailScanner::Log::InfoLog("ClamAVModule::%s", $logout);
      return 1;
    } elsif ($keyword =~ /^info/i || $logout =~ /rar module failure/i) {
      return 0;
@@ -1452,7 +1453,8 @@
      return 0;
    } else {
      # Must be an infection reports
-    MailScanner::Log::InfoLog("%s::%s", $Name, $logout);
+    #MailScanner::Log::InfoLog("%s::%s", $Name, $logout);
+    MailScanner::Log::InfoLog("ClamAVModule::%s", $logout);

      ($dot, $id, $part, @rest) = split(/\//, $filename);
      $report = $Name . ': ' if $Name;

Not sure if I'll have time to look at this further - hopefully Julian 
can cast some light.

GREG

Greg Matthews wrote:
> infection reporting for ClamAVModule seems to have changed in 4.66.5 
> (just upgraded from 4.62.9-2):
> 
> Feb 25 10:03:58 mailr-w MailScanner[9708]: ClamAVModule::INFECTED:: 
> Email.Spam.Sanesecurity.Url_1331:: ./m1PA3YS5011217/
> Feb 25 11:17:49 mailr-w MailScanner[11304]: ::INFECTED:: 
> Email.Hdr.Sanesecurity.07111002:: ./m1PBHY8C011316/
> 
> not good for log scrapers.
> 
> will have a quick look at the code
> 
> GREG


-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

More information about the MailScanner mailing list