Hi Andy we will certainly look at this, although to be clear, it is very presumptions to say that adding this will only be 2 min work. Please be careful when making statements like this because it raises a false expectation for others. You have no idea about the complexity of the code, other items being worked on, priorities, resource allocation, support, issues, costs or time available.
Thanks David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax <mailto:dbar...@declude.com> dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Thursday, February 05, 2009 12:44 PM To: declude.virus@declude.com Subject: [Declude.Virus] Parsing of Report.txt Sensitivity: Personal Hi, With the ability of ClamD to run at lightning speed as a native Windows service (e.g., http://oss.netfarm.it/clamav, without CygWin), offering frequent updates during the day (quite contrary to the internal scanner that often lags days behind) and has acceptable licensing terms - it certainly is a highly attractive external scanner that should be fully supported by Declude after ClamAV has been around for all these years. Sadly, since Declude hasn't seen any feature updates in ages, the virus.cfg parameter "REPORT" still can't parse the virus reports generated by ClamDScan. Consequently, the Declude virus log files and virus notification emails are missing file and virus name info. I took 2 minutes and created a small .JS script that parses the ClamDScan report file and then outputs a "McAfee" lookalike just to make Declude happy. But that means that yet another batch process is now chewing up Windows' limited resources. To justify THIS year's maintenance renewal money, can PLEASE have someone spend the same 2 minutes in the Declude source code to correctly parse the ClamDScan output: -------------------------------------- c:\maintenance\eicar.com: Eicar-Test-Signature FOUND Thanks in advance. Best Regards, Andy Schmidt www.Anamera.com // RunClam.js // Launches ClamD and reformats output to compensate // for Decludes inability to correctly parse the report // (Declude is no longer actively maintained.) // Application Constants var strClamAV = "C:\\Program Files\\ClamAV\\ClamDScan.exe"; // Get Command Line Parameter if ( WScript.Arguments.Count() == 0 ) // nothing to scan WScript.Quit( 2 ); var strPath = WScript.Arguments(0); // Run ClamAV var objShell = new ActiveXObject("WScript.Shell"); var objExec = objShell.Exec( strClamAV + " " + strPath ); var strLine; var nSeperator, nFound; var bHaveFound = false; while ( !objExec.StdOut.AtEndOfStream ) { // Process ClamAV Output strLine = objExec.StdOut.ReadLine(); if ( bHaveFound ) continue; nFound = strLine.indexOf( " FOUND" ); if ( nFound > 0 ) { nSeperator = strLine.indexOf( ": " ); if ( nSeperator < 1 ) continue; // Appears to be a possible virus report bHaveFound = true; var objFS = new ActiveXObject("Scripting.FileSystemObject"); objTS = objFS.CreateTextFile( "Report.txt" ); // Create Declude Report File objTS.WriteLine( strLine.substring( 0, nSeperator ) + " FOUND " + strLine.substring( nSeperator + 2, nFound ) ); objTS.Close(); } } // Wait for completion to be able to obtain exit code while ( objExec.Status != 1 ) WScript.Sleep(100); WScript.Quit( objExec.ExitCode ); --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
