[Qmail-scanner-general]New scanning sub for F-Secure Anti-Virus 4.50

Thu, 28 Aug 2003 12:34:07 +0000 

Hi again!

Starting from version 4.50, F-Secure Anti-Virus gives out different (and
more informative :) return codes than the earlier versions. Below is my
suggestion for a scanning sub for FSAV 4.50. I've done very little
programming with Perl but this seems to work at least on my own servers.
=)

- Jyri

sub fsecure45_scanner {
  #F-Secure 4.5 scanner
    &debug("fsecure45: starting scan of directory \"$scandir/$file_id\"...");
    my ($fsecure45_verbose)="--list" if ($DEBUG);
    my ($start_fsecure45_time)=[gettimeofday];
    my ($DD,$fsecure45_status,$stop_fsecure45_time,$fsecure45_time);
    &debug("run $fsecure45_binary  $fsecure45_verbose --archive --auto --dumb  
$scandir/$file_id 2>&1");
    $DD=`$fsecure45_binary  $fsecure45_verbose --archive --auto --dumb  
$scandir/$file_id  2>&1`;
    $fsecure45_status=($? >> 8);
    &debug("--output of fsecure45 was:\n$DD--");

    FSECURE45: {

        # If FSAV gives return codes 1, 7 or 130, then something is wrong.
        # Otherwise we can assume scanning went ok. (Code 9 means
        # scanning of at least one file failed. This can happen for
        # example when scanning a corrupted or encrypted ZIP file.)
    
        if ( $fsecure45_status == 1 or $fsecure45_status == 7 or $fsecure45_status == 
130 ) {
            # 1 = Abnormal termination; unrecoverable error. (Usually a missing or 
corrupted file.)
            # 7 = Out of memory.
            # 130 = Program was terminated by pressing Ctrl-C, or by a sigterm or 
suspend event.
            &tempfail("corrupt or unknown F-Secure 4.5 scanner/resource problems - 
exit status $fsecure45_status");
            last FSECURE45;
        }

        if ($DD =~ /Infected:(.*)\n/) {
            $quarantine_description=$1;
            &debug("There be a virus! ($quarantine_description)");
            ($quarantine_event=$quarantine_description)=~s/\s/_/g;
            $quarantine_event="FSEC45:".substr($quarantine_event,0,$QE_LEN);
            $description .= "\n---fsecure45 results ---\n$DD";
            last FSECURE45;
        }

        if ($DD =~ /Suspected:(.*)\n/) {
            $quarantine_description=$1;
            &debug("There be a virus! ($quarantine_description)");
            ($quarantine_event=$quarantine_description)=~s/\s/_/g;
            $quarantine_event="FSEC45:".substr($quarantine_event,0,$QE_LEN);
            $description .= "\n---fsecure45 results ---\n$DD";
            last FSECURE45;
        }

    }
    $stop_fsecure45_time=[gettimeofday];
    $fsecure45_time = tv_interval ($start_fsecure45_time, $stop_fsecure45_time);
    &debug("fsecure45: finished scan of dir \"$scandir/$file_id\" in $fsecure45_time 
secs");
}



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Reply via email to