Re: [Exim] Exiscan and uvscan from NAI.

Inizio della pagina
Delete this message
Reply to this message
Autore: Rene Küttner
Data:  
To: Don Hayward
CC: exim-users
Oggetto: Re: [Exim] Exiscan and uvscan from NAI.
--
On Thu, Jan 23, 2003 at 09:35:54AM -0500, Don Hayward wrote:
> I'm using uvscan and get descriptions with thses:
>
> exiscan_av_scanner_options = "--allole --secure --one-file-system --atime-prese\rve --noboot --unzip --recursive |"
> exiscan_av_scanner_regexp_description = Found the (.*) virus !!!
> exiscan_av_scanner_regexp_trigger = Found


hi,

mybe, this will not work with all viruses!
uvscan uses two different messages depending on the type of virus found

maybe, this can be changed in newer versions
I've played around with uvscan but i use not an actual version (v4.0.70)

exiscan_av_scanner_regexp_description = Found[: ]
exiscan_av_scanner_regexp_trigger = Found[: ]{1,2}(.*)[\.\!]

this setup works and rejects with an message like this:

this message contains a virus or other harmful content (EICAR test file
NOT a virus)

regards

>
> ---------
>
>
> On Thu, 23 Jan 2003 Danny.Carroll@??? wrote:
>
> > Hello... I was wondering if anyone used uvscan?
> > I am not able to get the virus name properly.
> >
> > My configure settings are:
> >
> > ##Antivirus facility (AV) options:
> > exiscan_av_condition = 1
> > exiscan_av_action = redirect messages@??? <mailto:messages@dannysplace.net>
> > exiscan_av_scanner = cmdline
> > exiscan_av_scanner_path = /usr/local/bin/uvscan
> > exiscan_av_scanner_options = --secure -rv --summary --noboot |
> > exiscan_av_scanner_regexp_trigger = ound
> > #exiscan_av_scanner_regexp_description = Found[: ] (.+)$
> > exiscan_av_scanner_regexp_description = Found (.+)$
> > #exiscan_av_sophie_socket
> > #exiscan_av_kavdaemon_socket
> > #exiscan_av_openav_host
> > #exiscan_av_openav_port
> > #exiscan_av_clamav_host
> > #exiscan_av_clamav_port
> > #exiscan_av_buffer_init_chunk = 16384
> > #exiscan_av_buffer_max_chunks = 5
> >
> >
> > Messages with an eicar attachment have the following headers:
> >
> > X-Infected: exiscan_spool()
> > X-Scanner: exiscan for exim4 (<http://duncanthrax.net/exiscan/)> *18bhXt-0002GF-00*yw49ZK5sO9.*
> >
> > I've not been able to test with other virii since I do not have any...
> >
> > -D
> > -----------------------------------------------------------------
> > ATTENTION:
> > The information in this electronic mail message is private and
> > confidential, and only intended for the addressee. Should you
> > receive this message by mistake, you are hereby notified that
> > any disclosure, reproduction, distribution or use of this
> > message is strictly prohibited. Please inform the sender by
> > reply transmission and delete the message without copying or
> > opening it.
> >
> > Messages and attachments are scanned for all viruses known.
> > If this message contains password-protected attachments, the
> > files have NOT been scanned for viruses by the ING mail domain.
> > Always scan attachments before opening them.
> > -----------------------------------------------------------------
> >
> > --
> >
> > ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
> >
> >
>
> Don Hayward            don@???
> Mote Marine Laboratory        Office: 941.388.4441  Cell: 941.302.4982
> 1600 Ken Thompson Parkway    Fax: 941.388.4312
> Sarasota, FL 34236        See: http://www.mote.org
> Independent, non-profit, marine and estuarine research and education facility.
> For PGP public key do: http://www.mote.org/~don/donpgp.asc
> use "DISCLAIMER"; # We run Debian Linux
> Taxes feed the starving and clothe the naked.

>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>


--

René Küttner                     NetKom GmbH, Administration
rkuettner@???      Gewerbepark Mockritz, 04720 Döbeln


PGP Fingerprint: 548C C10B C40E 3AE4 B030 61B9 35F3 B801 8DF6 41AD
PGP Public-Key: http://in-doebeln.de/~rene/pubkey.asc

--
[ Content of type application/pgp-signature deleted ]
--