Re: [Exim] exiscan and AntiVir Command Line Scanner H+BEDV

Pàgina inicial
Delete this message
Reply to this message
Autor: Anand Buddhdev
Data:  
A: Tommi Maekitalo
CC: exim-users
Assumpte: Re: [Exim] exiscan and AntiVir Command Line Scanner H+BEDV
On Mon, May 24, 2004 at 12:19:22PM +0200, Tommi Maekitalo wrote:

> Hi,
>
> I try to set up a commandline scanner with exiscan. My setup detects viruses,
> but don't identify them. I think, there is something wrong with my regex.
> Here is my setup:
>
> av_scanner = cmdline:\
>         /usr/bin/antivir --allfiles -noboot -nombr -rs -s -z %s : \
>         ALERT:: : \[.*\]


The third option is missing one pair of braces, as required by
exiscan. Refer to the documentation. Your regex needs to look like
this:

ALERT:: [(.*)]

The stuff captured by the () will be used as the name of the malware.
Note that there's no need to escape the [].

> The output of the scanner is here:
>
> AntiVir / Linux Version 2.1.0-26
> Copyright (c) 1994-2004 by H+BEDV Datentechnik GmbH.
> All rights reserved.
>
> Loading /usr/lib/AntiVir/antivir.vdf ...
>
> VDF version: 6.25.0.73 created 19 May 2004
>
> AntiVir license: xxxxxxxx
>
> checking drive/path (list): .
> ALERT: [Worm/Sober.G worm] ./stuff_1412.zip <<< Contains signature of the worm
> Worm/Sober.G
>
>
> ----- scan results -----
>  directories:        1
>        files:        1
>       alerts:        1
>   suspicious:        0
>     repaired:        0
>      deleted:        0
>      renamed:        0
>    scan time: 00:00:01
> ------------------------
> Thank you for using AntiVir.

>
> #>
>
>
> It looks like the text "ALERT:" is found, but not this [.*]-stuff.
>
> Tommi
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>


--
Anand Buddhdev
Celtel International