'Re: [AMaViS-user] Avast Anti Virus Config'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       amavis-user
Subject:    Re: [AMaViS-user] Avast Anti Virus Config
From:       "Bill Landry" <billl () pointshare ! com>
Date:       2006-02-21 17:51:54
Message-ID: 016e01c6370f$80b85900$43c6e2a5 () blxp
[Download RAW message or body]

----- Original Message ----- 
From: "Mark Martinec" <Mark.Martinec+amavis@ijs.si>

> Ok, a little refinement to not include a space after a virus name,
> and to match a '+' literally. Here are the latest avast entries:
>
>  ### http://www.avast.com/
>  ['avast! Antivirus daemon',
>    \&ask_daemon, # greets with 220, terminate with QUIT
>    ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'],
>    qr/\t\[\+\]/, qr/\t\[L\]\t/, qr/\t\[L\]\t([^[ \t\015\012]+)/ ],
>
>  ### http://www.avast.com/
>  ['avast! Antivirus - Client/Server Version', 'avastlite',
>    '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1],
>    qr/\t\[L\]\t([^[ \t\015\012]+)/ ],
>
>  ### http://www.avast.com/
>  ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'],
>    '-a -i -n -t=A {}', [0], [1], qr/\[infected by: ([^ \t\n\[\]]+)/ ],

Mark, the avastcmd script above does not capture the virus name in the log 
file, rather it's only showing:

Feb 21 09:42:13 mgw1.pointshare.com /usr/local/sbin/amavisd[18217]: 
(18217-01) run_av (Avast! Antivirus): INFECTED:

However, with the previous script:

### http://www.avast.com/
['Avast Anti-Virus', ['/usr/bin/avastcmd','avastcmd'],
  '-a -i -n -t=A {}', [0], [1], qr/infected by: (.+)/ ],

I was getting the virus name:

Feb 16 19:05:28 mgw1.pointshare.com /usr/local/sbin/amavisd[26635]: 
(26635-01) run_av (Avast Anti-Virus): INFECTED: Win32:Beagle-IB [Wrm]

But I could not quit seem to figure out how to strip the "[Wrm]" from the 
end of the line.

Bill 



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic