Hi! OM> Maybe there is something missing in the install procedure? This OM> file is nearly empty: OM> -rw------- 1 qmailq root 2 Aug 27 21:56 qmail-scanner-queue-version.txt OM> in the past it contained the antivirus version...
Starting from FSAV version 4.50 reporting of scanning engines and database versions has changed radically. Also the output when virus is found has changed, and return codes too. Check out http://www.f-secure.com/products/anti-virus/linux/fsav.shtml for details. In my opinion it would be good to have a separate scanning sub for FSAV 4.50 and newer. I'll attach my (very) poorly presented suggestion of how it could be done at the end of this mail. - Jyri ---------------------------------------------------------------------- Older versions: -bash-2.05b# fsav --version F-Secure Anti-Virus for i386-linux Release 4.14 build 4062 Frisk Software International F-PROT engine version 3.10 build 701 sign.def version 2003-08-27 sign2.def version 2002-12-17 Warning: The sign2.def file is rather old and does not contain information on a substantial number of new viruses. To update your copy of F-Secure Anti-Virus, connect to the Internet and run the fsavupdate utility. fsmacro.def version 2003-08-26 ---------------------------------------------------------------------- 4.50 and newer: -bash-2.05b# fsav --version F-Secure Anti-Virus for Linux version 4.50 build 2111 Copyright (c) 1999-2003 F-Secure Corporation. All Rights Reserved. F-Secure Anti-Virus Copyright (c) 1993-2003, F-Secure Corp. Portions: Copyright (c) 1991-2003 Kaspersky Labs, Ltd., Copyright (c) 1989-2003 Frisk Software Intl. F-Secure Anti-Virus Command line client version: F-Secure Anti-Virus for Linux version 4.50 build 2111 F-Secure Anti-Virus Daemon version: F-Secure Anti-Virus for Linux version 4.50 build 2111 Scanner Engine versions: Frisk Software International F-PROT engine version 3.12 build 412 Frisk Software International F-PROT database version 2003-08-27 Kaspersky Labs. AVP FPI Engine engine version 4.0 build 164 Kaspersky Labs. AVP FPI Engine database version 2003-08-27 ---------------------------------------------------------------------- This is what 4.50 says when it finds a virus: -bash-2.05b# fsav --archive --auto --dumb /tmp/eicar.com F-Secure Anti-Virus for Linux version 4.50 build 2111 Copyright (c) 1999-2003 F-Secure Corporation. All Rights Reserved. /tmp/eicar.com: Infected: EICAR_Test_File [F-Prot] /tmp/eicar.com: Infected: EICAR-Test-File [AVP] 1 file scanned 1 file infected ---------------------------------------------------------------------- A (very) poor example of how to make Qmail-Scanner 1.20 RC1 understand FSAV 4.50: ... #Array of virus scanners used must point to subroutines my @scanner_array=("fsecure45_scanner"); ... #Full paths to binaries used within this script follow - small performance #improvement :-) my $fsecure45_binary='/usr/local/fsav/bin/fsav'; ... Add to sub scan_queue: } elsif ($scanner eq "fsecure45") { open(FS,"$fsecure45_binary --version|")||die "failed to call $fsecure45_binary --version - $!"; while (<FS>) { chomp; if (/^F-Secure Anti-Virus for Linux version ([0-9\.]+) build ([0-9]+)/) { $SCANINFO .="fsecure45: version $1 build $2 / "; } elsif (/F-PROT database version ([0-9\.]+-[0-9\.]+-[0-9\.]+)/) { $SCANINFO .= "f-prot database $1 / "; } elsif (/AVP FPI Engine database version ([0-9\.]+-[0-9\.]+-[0-9\.]+)/) { $SCANINFO .= "avp fpi database $1. "; } } close(FS); ... sub fsecure45_scanner { #F-Secure 4.5 scanner &debug("fsecure45: starting scan of directory \"$scandir/$file_id\"..."); my ($fsecure45_verbose)="--list" if ($DEBUG); my ($start_fsecure45_time)=[gettimeofday]; my ($DD,$fsecure45_status,$stop_fsecure45_time,$fsecure45_time); &debug("run $fsecure45_binary $fsecure45_verbose --archive --auto --dumb $scandir/$file_id 2>&1"); $DD=`$fsecure45_binary $fsecure45_verbose --archive --auto --dumb $scandir/$file_id 2>&1`; $fsecure45_status=($? >> 8); &debug("--output of fsecure45 was:\n$DD--"); if ( $fsecure45_status > 0 ) { if ($DD =~ /Infected:(.*)\n/) { $quarantine_description=$1; &debug("There be a virus! ($quarantine_description)"); ($quarantine_event=$quarantine_description)=~s/\s/_/g; $quarantine_event="FSEC45:".substr($quarantine_event,0,$QE_LEN); $description .= "\n---fsecure45 results ---\n$DD"; } elsif ($DD =~ /Suspected:(.*)\n/) { $quarantine_description=$1; &debug("There be a virus! ($quarantine_description)"); ($quarantine_event=$quarantine_description)=~s/\s/_/g; $quarantine_event="FSEC45:".substr($quarantine_event,0,$QE_LEN); $description .= "\n---fsecure45 results ---\n$DD"; } else { #This implies a corrupt set of DAT files or resource problems... &tempfail("corrupt or unknown F-Secure 4.5 scanner/resource problems - exit status $fsecure45_status"); } } $stop_fsecure45_time=[gettimeofday]; $fsecure45_time = tv_interval ($start_fsecure45_time, $stop_fsecure45_time); &debug("fsecure45: finished scan of dir \"$scandir/$file_id\" in $fsecure45_time secs"); } ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
