I recently got caught my McAfee when they changed the return string. Not a problem once I figured out what was going on ;-) I thought I'd share my modified script with readers as I got the original off here ages ago..... (excuse the line wraps)
Cheers
Kevin
#!/bin/sh
RET=0
if test $RET -eq 0; then
if test -x /usr/local/uvscan/uvscan; then
/usr/local/uvscan/uvscan --noboot --unzip --secure --allole --mime "$1" 2>/dev/null >/dev/null
if test $? -eq 13; then
INFO=`/usr/local/uvscan/uvscan --noboot --unzip --secure --allole --mime "$1" 2>/dev/null | grep -iE "Found.*virus" | sed -e 's/.*Found the \(.*\)/\1/i' -e 's/^[ ]*//g' -e 's/[ ]*$//g' -e 's/ virus !!!$//g'`
if test "$INFO" == ""; then
INFO=`/usr/local/uvscan/uvscan --noboot --unzip --secure --allole --mime "$1" 2>/dev/null | grep -iE "Found.*trojan" | sed -e 's/.*Found the \(.*\)/\1/i' -e 's/^[ ]*//g' -e 's/[ ]*$//g' -e 's/ trojan !!!$//g'`
fi
if test "$INFO" == ""; then
INFO=`/usr/local/uvscan/uvscan --noboot --unzip --secure --allole --mime "$1" 2>/dev/null`
/usr/bin/mail -s "McAfee - Unknown virus $INFO" postmaster@??? </dev/null 2>/dev/null
INFO=UNKNOWN
fi
echo "VIRUS $INFO"
RET=3
fi
fi
fi
if test $RET -eq 0; then
if test -x /usr/bin/clamdscan; then
/usr/bin/clamdscan --disable-summary "$1" 2>/dev/null >/dev/null
if test $? -eq 1; then
INFO=`/usr/bin/clamdscan --disable-summary --stdout "$1" | grep FOUND | sed -e 's/.*: //' -e 's/ FOUND//'`
echo "VIRUS $INFO"
RET=3
else
echo "CLEAN:OK"
fi
else
echo "ERROR"
RET=2
fi
fi
exit $RET
