[exim] Virus scanner - changed return string

Top Page
Delete this message
Reply to this message
Author: Sartorelli, Kevin
Date:  
To: exim-users
Subject: [exim] Virus scanner - changed return string
I recently got caught my McAfee when they changed the return string. Not a problem once I figured out what was going on ;-) I thought I'd share my modified script with readers as I got the original off here ages ago..... (excuse the line wraps)

Cheers
Kevin

#!/bin/sh
RET=0

if test $RET -eq 0; then
  if test -x /usr/local/uvscan/uvscan; then
    /usr/local/uvscan/uvscan --noboot --unzip --secure --allole --mime "$1" 2>/dev/null >/dev/null
    if test $? -eq 13; then
      INFO=`/usr/local/uvscan/uvscan --noboot --unzip --secure --allole --mime "$1" 2>/dev/null | grep -iE "Found.*virus" | sed -e 's/.*Found the \(.*\)/\1/i' -e 's/^[ ]*//g' -e 's/[ ]*$//g' -e 's/ virus !!!$//g'`
      if test "$INFO" == ""; then
        INFO=`/usr/local/uvscan/uvscan --noboot --unzip --secure --allole --mime "$1" 2>/dev/null | grep -iE "Found.*trojan" | sed -e 's/.*Found the \(.*\)/\1/i' -e 's/^[ ]*//g' -e 's/[ ]*$//g' -e 's/ trojan !!!$//g'`
      fi
      if test "$INFO" == ""; then
        INFO=`/usr/local/uvscan/uvscan --noboot --unzip --secure --allole --mime "$1" 2>/dev/null`
        /usr/bin/mail -s "McAfee - Unknown virus $INFO" postmaster@??? </dev/null 2>/dev/null
        INFO=UNKNOWN
      fi
      echo "VIRUS $INFO"
      RET=3
    fi
  fi
fi


if test $RET -eq 0; then
  if test -x /usr/bin/clamdscan; then
    /usr/bin/clamdscan --disable-summary "$1" 2>/dev/null >/dev/null
    if test $? -eq 1; then
      INFO=`/usr/bin/clamdscan --disable-summary --stdout "$1" | grep FOUND | sed -e 's/.*: //' -e 's/ FOUND//'`
      echo "VIRUS $INFO"
      RET=3
    else
      echo "CLEAN:OK"
    fi
  else
    echo "ERROR"
    RET=2
  fi
fi
exit $RET