Avast interface not fully functional

Hugo van der Kooij hvdkooij at vanderkooij.org
Mon Jan 19 07:07:37 GMT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Julian Field wrote:
> For starters, are you using Avast or Avastd?
> Secondly, please can you post the exact output of the Avast/Avastd scanner?
> If you are using Avastd, then this is a possible problem. Case 3
> shouldn't be a problem but case 2 might be.
> I need to see the exact output, preferably redirect the output to a file
> and post that file (gzipped so nothing can play with it).

I wrote a parser on the output that might help you a bit. It parses the
output of over 100k of infected files. It contains bits that are not
relevant to your application but see if it works for you.

If you need sample files of sorts to test with avast detection I am sure
we can work something out offlist.

   if ($line =~ /infected by:/) {
      chomp($line);
      $error = 0;
      $line =~ s/^Archived //;
      $line =~ s/\[inf/inf/;
      $line =~ s/\]$//;
      $line =~ s/\/var\/virus\/collection\///;
      @fields = split(/\tinfected by: /,$line);
      @fields[0] =~ s/([0-9A-F]{32}\.[0-9]+\..*?)\/.*/$1/;
      $filename = @fields[0];
      $virusname = quotemeta(@fields[1]);
      @file = split(/\./,$filename);
      $md5 = @file[0];
      $md5 =~ s/^..\/..\///;
      $size = @file[1];
      $type = @file[2];

      $virusfile = "/var/virus/collection/". at fields[0];
      if ($error == 1) {
         $command = "mv -f $virusfile $errors";
         print "$command\n";
         system($command);
         next;
         }
      if (-e $virusfile) {
         print "$filename => $virusname => ";
      } else {
         print "*MISSING* $filename => $virusname\n";
         next;
      }


Hugo

- --
hvdkooij at vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

Nid wyf yn y swyddfa ar hyn o bryd. Anfonwch unrhyw waith i'w gyfieithu.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkl0JrcACgkQBvzDRVjxmYGuNwCfZtvaPlx5iz29Bg9McJNdS5iu
PRoAnA5955c/HFM9HW2taR+K8fz8LiAn
=ae9F
-----END PGP SIGNATURE-----


More information about the MailScanner mailing list