'Re: [Openantivirus-developer] patch - Scan error when filter find'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openantivirus-developer
Subject:    Re: [Openantivirus-developer] patch - Scan error when filter find
From:       Kurt Huwig <kurt () iku-netz ! de>
Date:       2002-05-14 8:55:46
[Download RAW message or body]

Rémi Cohen-Scali schrieb:
> Hello

Hello Rémi!

You've got a famous lastname!

> I tried your soft OpenAntiVirus and found it really usefull. While I was 
> deploying it I made a test  during which I scanned a directory.
> The scanner daemon raised an error when it tried to scan a socket and 
> terminate scan immediatly.
> To avoid this behavior I'd like to propose this patch.
> 
> ===cut here===
> --- RecursiveFileFilter.java~    Sun Feb 24 17:15:10 2002
> +++ RecursiveFileFilter.java    Mon May 13 17:26:19 2002
> @@ -56,7 +56,7 @@
>             for (int i = 0; i < afFiles.length; i++) {
>                 filter(afFiles[ i ]);
>             }
> -        } else {
> +        } else if (f.isFile()) {
>             long lStart = System.currentTimeMillis();
>             try {
>                 fireScanning(f);
> ===cut here===
> 
> With this modification, the filter only select the "normal" (according 
> to the java api doc) files.
> The error is then not triggered and the directory scan terminate smoothly.

The patch looks good; I included it in the current version (at another 
place - RecursiveFileFilter will be removed soon).

> Request for Enhancements:
> ====================
> 
> I also would like to propose an enhancement request. When a directory is 
> scanned, it would be usefull to have results 'FOUND' displayed for each 
> file in which they are triggered.
> Example,
> instead to have:
> 
> [rcoscali@xfiles rcoscali]$ telnet localhost 8127
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> SCAN /tmp
> FOUND: W95/Hybris.PI.003
> Connection closed by foreign host.
> 
> The result could be something like:
> 
> [rcoscali@xfiles rcoscali]$ telnet localhost 8127
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> SCAN /tmp
> Several viruses found. List follows ...
> FOUND in /tmp/nsmail.tmp: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-2.tmp: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-3.tmp: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-4.tmp: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-6.tmp: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-5.tmp: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-7.tmp: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-8.tmp: W95/Hybris.PI.003
> FOUND in /tmp/msgtest.eml.dir/branca_de_neve.scr: W95/Hybris.PI.003
> FOUND in /tmp/mes1.eml.dir/creaturoides: Worm/Klez.H
> FOUND in /tmp/mes.eml.dir/branca_de_neve.scr: W95/Hybris.PI.003
> FOUND in /tmp/mes.eml.dir/branca_de_neve-1.scr: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-9.tmp: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-11.tmp: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-10.tmp.dir/msg-7588-1.txt: W95/Hybris.PI.003
> FOUND in /tmp/FCACuve.xls.pif: Sircam
> FOUND in /tmp/nsmail-10.tmp: Sircam
> FOUND in /tmp/branca_de_neve.scr: W95/Hybris.PI.003
> FOUND in /tmp/nsmail-12.tmp: Sircam
> FOUND in /tmp/msg-2002-05-12-18.17.04-001.eml: Worm/Klez.H
> 
> Connection closed by foreign host.

This is done in the VirusHammer. The primary intension for the fail fast 
were mail scanners. You just want to know if there is any virus in there 
and then you stop the mail. VirusHammer behaves like you want it to. I 
think a better approach would be to add another scan command or options 
to it, so that the use can decide if the scanner should stop or not; the 
same to the detection of several viruses in one file, although I do not 
see particular importance in this.

> The last request I would like to make is to be able to give a parameter 
> `logfile' to the ScannerDaemon in order to send logs to a unique file.

I would like to use the logfile mechanism of Java 1.4 or log4j. In a 
mixed environment ScannerDaemon might be used to scan email and 
squid-proxy-traffic, so you need several logfiles.

> I incorporate all these patches in one patchfile attached to this mail.
> Thanks for considering it ....

I had a quick look at them yesterday and will have a deeper one this 
evening. I assume you read the FAQ about copyright on the SF page.

Thanks for the contribution!

Kurt
-- 
Kurt Huwig         iKu Netzwerklösungen   http://www.iku-netz.de/
Gesellschafter     Am Römerkastell 4      Telefon 0681/96751-0
kurt@iku-netz.de   66121 Saarbrücken      Telefax 0681/96751-66
GnuPG  64B1 0C5B 82BC E16E 8940  EB6D 4C32 F908 99DD 9468


_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth@sourceforge.net
_______________________________________________
Openantivirus-developer mailing list
Openantivirus-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openantivirus-developer
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic