<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16441" name=GENERATOR></HEAD>
<BODY text=#000000 bgColor=#ffffff>
<DIV dir=ltr align=left><SPAN class=578204217-10062007><FONT face=Arial
color=#0000ff size=2>There was also an issue with the correct parsing of the
virus if IIRC and the logout line was very unfriendly to
MailWatch.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=578204217-10062007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=578204217-10062007><FONT face=Arial
color=#0000ff size=2>I added $line =~ s/^(.+)(?:\s{1,}\(.+\))$/$1/; below $line
=~ s/[\r\n]//g; to remove the new(?) (+2) junk at the end of found
lines</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=578204217-10062007><FONT face=Arial
color=#0000ff size=2>I changed my $virus = $1; to my $virus = $line; and added
$virus =~ s/^.+\s+(.+?)$/$1/; because all of my log lines showed virus to be
blank (found virus in file), and I also modifed the logout information to
</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=578204217-10062007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=578204217-10062007><FONT face=Arial
color=#0000ff size=2> my $logout = $line;<BR> $logout =~ s/\s{2,}/
/gs;<BR> $logout =~ s/:./->/;<BR> $logout =~
/^.+\/(.+?)\s{1,}(.+)\s{0,}$/;<BR> MailScanner::Log::InfoLog ("Avg: %s in
%s", $2,$1);</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=578204217-10062007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=578204217-10062007><FONT face=Arial
color=#0000ff size=2>so it would be easy for MailWatch to get the virus and file
name (seemed to be backward from the regex I think).</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=578204217-10062007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=578204217-10062007><FONT face=Arial
color=#0000ff size=2>That brings me to a question I was going to ask next week.
How about standardizing the virus found log messages? I look through the
MailWatch code and every time something is added to MailScanner they would have
to re-write the section that handles logging the virus and filename regex. If
there was a standard logout put such as</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=578204217-10062007> <FONT
face=Arial color=#0000ff size=2>Scanner::ScannerName VIRUS_NAME Found In
FILE_NAME</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=578204217-10062007><FONT face=Arial
color=#0000ff size=2>then MailWatch (and other utlities) could easily parse the
scanner, the virus name and the file.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=578204217-10062007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=578204217-10062007><FONT face=Arial
color=#0000ff size=2>The MailWatch clamd, avg and panda support all need
updated.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=578204217-10062007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=578204217-10062007><FONT face=Arial
color=#0000ff size=2>What do you think?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=578204217-10062007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=578204217-10062007><FONT face=Arial
color=#0000ff size=2>Rick</FONT></SPAN></DIV><BR>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B>
mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] <B>On Behalf Of </B>Julian
Field<BR><B>Sent:</B> Sunday, June 10, 2007 1:34 PM<BR><B>To:</B> MailScanner
discussion; MailScanner beta testers<BR><B>Subject:</B> Re: AVG Antivirus
scanner problem<BR></FONT><BR></DIV>
<DIV></DIV>How about the applied patch?<BR>It's a very simple
fix.<BR><BR><BR>Rick Cooper wrote:
<BLOCKQUOTE cite=mid:0ba901c7ab80$8ef76510$0301a8c0@SAHOMELT type="cite">
<META content="MSHTML 6.00.6000.16441" name=GENERATOR>
<STYLE>@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; }
P.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
A:link {
        COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
        COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
        COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
        COLOR: purple; TEXT-DECORATION: underline
}
SPAN.EmailStyle17 {
        COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: personal-compose
}
DIV.Section1 {
        page: Section1
}
</STYLE>
<DIV dir=ltr align=left><SPAN class=281485516-10062007><FONT face=Arial
color=#0000ff size=2>I do, there was a patch applied to the parser sometime
in the past and it no longer recognizes "identified" only "found". I plan to
release a patch to the avg scanner soon</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=281485516-10062007></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=281485516-10062007><FONT face=Arial
color=#0000ff size=2>Rick Cooper</FONT></SPAN></DIV><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: rgb(0,0,255) 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> <A class=moz-txt-link-abbreviated
href="mailto:mailscanner-bounces@lists.mailscanner.info">mailscanner-bounces@lists.mailscanner.info</A>
[<A class=moz-txt-link-freetext
href="mailto:mailscanner-bounces@lists.mailscanner.info">mailto:mailscanner-bounces@lists.mailscanner.info</A>]
<B>On Behalf Of </B>Chuck Rock<BR><B>Sent:</B> Saturday, June 09, 2007
11:54 PM<BR><B>To:</B> <A class=moz-txt-link-abbreviated
href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</A><BR><B>Subject:</B>
AVG Antivirus scanner problem<BR></FONT><BR></DIV>
<DIV class=Section1>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Is anyone using avgscan with
MailScanner? I have FreeBSD, sendmail, MailScanner and I just downloaded a
trial of AVG for Servers for FreeBSD.<O:P></O:P></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><O:P></O:P></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">It does not appear to detect
any viruses though.<O:P></O:P></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><O:P></O:P></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I ran Eicar and actual virus
E-mails through it and all pass without any hesitation. I tried running
the avgscan on the queue directory and it doesn’t find anything wrong like
that either.<O:P></O:P></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><O:P></O:P></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Does anyone have any idea why
it isn’t working? I installed F-Protect on another server like this, and
it seems to work as expected, but seems a bit pricey in
comparison.<O:P></O:P></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><O:P></O:P></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thanks,<O:P></O:P></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Chuck<O:P></O:P></SPAN></FONT></P></DIV><BR>--
<BR>This message has been scanned for viruses and <BR>dangerous content by
<A href="http://www.mailscanner.info/"
moz-do-not-send="true"></B><B>MailScanner</A>, and is <BR>believed to be
clean. </BLOCKQUOTE><BR>-- <BR>This message has been scanned for viruses and
<BR>dangerous content by <A href="http://www.mailscanner.info/"
moz-do-not-send="true"></B><B>MailScanner</A>, and is <BR>believed to be
clean. </BLOCKQUOTE><BR><PRE class=moz-signature cols="72">Jules
--
Julian Field MEng CITP
<A class=moz-txt-link-abbreviated href="http://www.MailScanner.info">www.MailScanner.info</A>
Buy the MailScanner book at <A class=moz-txt-link-abbreviated href="http://www.MailScanner.info/store">www.MailScanner.info/store</A>
MailScanner customisation, or any advanced system administration help?
Contact me at <A class=moz-txt-link-abbreviated href="mailto:Jules@Jules.FM">Jules@Jules.FM</A>
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit <A class=moz-txt-link-abbreviated href="http://www.transtec.co.uk">www.transtec.co.uk</A>
</PRE></BLOCKQUOTE></B></BODY><br />--
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br />believed to be clean.
</HTML>