[Qmail-scanner-general]AVP 5, partialy

Tue, 27 Jan 2004 00:25:46 -0800 

Hi,
I get also new AVP 5 , vith kavscaner its working
I also try make it work  with aveclient/server
first of all, scanning with daemon version is about 5 time faster on
single email
second I make it work but I have lack of knowledge of perl ;((
so, I can get it through scanner, get back message that virus found,
but dont know how parse avp status report, on reply message I get only
-------------------------------
The virus was reported to be:

suspicioAAus
-----------------
dont know which virii it was
output of status in log is on last line (if are there more that one virii)

LINFECTED I-Worm.Avron.b        Worm.Win32.Opasoft.e
--

can pliz someone make better crunching of exit output, parsing lines
.... ?

so here it is: (ugly version)

my avpbinary=aveclient
...
sub avp_scanner {
  &debug("kasp: starting scan of directory \"$ENV{'TMPDIR'}\"...");
  my ($start_avp_time)=[gettimeofday];
  my ($avp_verbose,$DD,$avp_status,$stop_avp_time,$avp_time);
  $avp_verbose="" if ($DEBUG);

# here is change 1.
&debug("run $avp_binary -p /var/run/aveserver -s $scandir/tmp/$file_id/* 2>&1");
$DD=`$avp_binary -p /var/run/aveserver -s $scandir/tmp/$file_id/* 2>&1`;
  $avp_status=($? >> 8);
  &debug("--output of avp was:\n$DD--");
  if ( $avp_status > 0 ) {

# change 2. here i must add |4| it wont work without it
      if ($avp_status =~ /^(0|4|5|20|21|25|8)$/) {
            #This covers the potential viruses
        $quarantine_description="suspicious";
          if ($DD =~ /\n[\s|] (LINFECTED) (.*)\n/) {
     $quarantine_description=$3;
  } elsif ($DD =~ /\n[\s|](.*) (suspicion): (.*)\n/) {
  #This covers the specific  
 $destring='Suspicious file:';
     $quarantine_description=$3;
   }
   &debug("There be a $destring! ($quarantine_description)");
    ($quarantine_event=$quarantine_description)=~s/\s/_/g;
$quarantine_event="AVP:".substr($quarantine_event,0,$QE_LEN);
    } else {
 &error_condition("corrupt or unknown Kaspersky scanner error or   
  memory/resource/perms problems - exit status $avp_status");
  }
  }
  $stop_avp_time=[gettimeofday];
  $avp_time = tv_interval ($start_avp_time, $stop_avp_time);
  &debug("\n kasp: finished scan of dir \"$ENV{'TMPDIR'}\" in $avp_time   
  secs");
  } 

thnx in advance
Miki

  



+-------V-------+ |   Peter Mikeska      |    [EMAIL PROTECTED]     |
| A L C A T E L | |  System Engineer     |  phone:   +421 44 5206316 |
+---------------+ | IT Services MadaCom  |  fax:     +421 44 5206356 |



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Reply via email to