[Exim] exiscan...need help with regexp for cmdline antivirus…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Peter Santiago
Date:  
À: exim-users
Sujet: [Exim] exiscan...need help with regexp for cmdline antivirus.
I'm trying to use Trend Micro's vscan program for use with
exiscan.. exiscan is working fine now.... and to test virus detection, I
sent eicar test virus through my email system.... It wasn't detected....

$scannerex="/etc/iscan/vscan";

   %scannerflags = (
                       'mcafee'     => '--noboot --unzip -r <DIRECTORY>',
                       'sophos'     => '-all -archive -ss <DIRECTORY>',
                       'nod32'      => '-heursafe
-basedir=/usr/local/nod32/nod32 -all <DIRECTORY>',
                       'rav'        => '-all -listall -mail -smart -unzip
<DIRECTORY>',
                       'antivir'    => '-v -z -allfiles -noboot -s -tmp
<DIRECTORY>',
                       'custom'     => '-a -c1 -c2 -nl -r -s -u -y20 -sd -r
<DIRECTORY>'
                   );


scannerregexp = (
                       'mcafee'     => 'Found',
                       'sophos'     => 'found',
                       'nod32'      => ' - ',
                       'rav'        => 'Infected: [1-9]',
                       'antivir'    => 'VIRUS',
                       'custom'     => '\*\*\* Found virus'
                    );


[peter@localhost peter]# /etc/iscan/vscan /home/shared/eicar.com
Virus Scanner v3.1, VSAPI v5.600-1011
Trend Micro Inc. 1996,1997
         Pattern version 327
         Pattern number 46759
         /home/shared/eicar.com
*** Found virus Eicar_test_file in file /home/shared/eicar.com  <= How do I
make use of this for exiscan to know that a virus has
been
detected?


==============================
Directory:
         Searched : 0
File:
         Searched : 1
             Scan : 1
         Infected : 1
         Infected : 1(Include files been compressed)
Time:
         Start : 7/27/02 19:13:25
          Stop : 7/27/02 19:13:25
          Used : 00:00