[prev in list] [next in list] [prev in thread] [next in thread]
List: openantivirus-developer
Subject: Re: [Openantivirus-developer] patch - Scan error when filter find
From: Kurt Huwig <kurt () iku-netz ! de>
Date: 2002-05-14 8:55:46
[Download RAW message or body]
Rémi Cohen-Scali schrieb:
> Hello
Hello Rémi!
You've got a famous lastname!
> I tried your soft OpenAntiVirus and found it really usefull. While I was
> deploying it I made a test during which I scanned a directory.
> The scanner daemon raised an error when it tried to scan a socket and
> terminate scan immediatly.
> To avoid this behavior I'd like to propose this patch.
>
> ===cut here===
> --- RecursiveFileFilter.java~ Sun Feb 24 17:15:10 2002
> +++ RecursiveFileFilter.java Mon May 13 17:26:19 2002
> @@ -56,7 +56,7 @@
> for (int i = 0; i < afFiles.length; i++) {
> filter(afFiles[ i ]);
> }
> - } else {
> + } else if (f.isFile()) {
> long lStart = System.currentTimeMillis();
> try {
> fireScanning(f);
> ===cut here===
>
> With this modification, the filter only select the "normal" (according
> to the java api doc) files.
> The error is then not triggered and the directory scan terminate smoothly.
The patch looks good; I included it in the current version (at another
place - RecursiveFileFilter will be removed soon).
> Request for Enhancements:
> ====================
>
> I also would like to propose an enhancement request. When a directory is
> scanned, it would be usefull to have results 'FOUND' displayed for each
> file in which they are triggered.
> Example,
> instead to have:
>
> [rcoscali@xfiles rcoscali]$ telnet localhost 8127
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> SCAN /tmp
> FOUND: W95/Hybris.PI.003
> Connection closed by foreign host.
>
> The result could be something like:
>
> [rcoscali@xfiles rcoscali]$ telnet localhost 8127
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> SCAN /tmp
> Several viruses found. List follows ...
> FOUND in /tmp/nsmail.tmp: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-2.tmp: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-3.tmp: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-4.tmp: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-6.tmp: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-5.tmp: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-7.tmp: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-8.tmp: W95/Hybris.PI.003
> FOUND in /tmp/msgtest.eml.dir/branca_de_neve.scr: W95/Hybris.PI.003
> FOUND in /tmp/mes1.eml.dir/creaturoides: Worm/Klez.H
> FOUND in /tmp/mes.eml.dir/branca_de_neve.scr: W95/Hybris.PI.003
> FOUND in /tmp/mes.eml.dir/branca_de_neve-1.scr: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-9.tmp: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-11.tmp: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-10.tmp.dir/msg-7588-1.txt: W95/Hybris.PI.003
> FOUND in /tmp/FCACuve.xls.pif: Sircam
> FOUND in /tmp/nsmail-10.tmp: Sircam
> FOUND in /tmp/branca_de_neve.scr: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-12.tmp: Sircam
> FOUND in /tmp/msg-2002-05-12-18.17.04-001.eml: Worm/Klez.H
>
> Connection closed by foreign host.
This is done in the VirusHammer. The primary intension for the fail fast
were mail scanners. You just want to know if there is any virus in there
and then you stop the mail. VirusHammer behaves like you want it to. I
think a better approach would be to add another scan command or options
to it, so that the use can decide if the scanner should stop or not; the
same to the detection of several viruses in one file, although I do not
see particular importance in this.
> The last request I would like to make is to be able to give a parameter
> `logfile' to the ScannerDaemon in order to send logs to a unique file.
I would like to use the logfile mechanism of Java 1.4 or log4j. In a
mixed environment ScannerDaemon might be used to scan email and
squid-proxy-traffic, so you need several logfiles.
> I incorporate all these patches in one patchfile attached to this mail.
> Thanks for considering it ....
I had a quick look at them yesterday and will have a deeper one this
evening. I assume you read the FAQ about copyright on the SF page.
Thanks for the contribution!
Kurt
--
Kurt Huwig iKu Netzwerklösungen http://www.iku-netz.de/
Gesellschafter Am Römerkastell 4 Telefon 0681/96751-0
kurt@iku-netz.de 66121 Saarbrücken Telefax 0681/96751-66
GnuPG 64B1 0C5B 82BC E16E 8940 EB6D 4C32 F908 99DD 9468
_______________________________________________________________
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth@sourceforge.net
_______________________________________________
Openantivirus-developer mailing list
Openantivirus-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openantivirus-developer
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic