Harrie,
> I'm implementing Kaspersky AV version 5.5 in AMaViS version 2.4.1.
>
> The config out-of-the-box contains:
> [...] '-p /var/run/aveserver -s {}/*', [0,3,6,8],
> qr/\b(INFECTED|SUSPICION)\b/, qr/(?:INFECTED|SUSPICION) (.+)/],
> This was meant for Kaspersky AV version 5.0, because we didn't know
> better from the man-page info of aveclient. The man-page for version 5.5
> is better now and tells us:
> When launched with the -s option, aveclient returns one of thefollow-
> ing codes (if several files to be scanned are indicated in the command
> line, the return code corresponds to the results of scanning the last
> file):
> 0 no viruses have been detected.
> 1 unable to connect to aveserver.
> 2 objects with an unknown viral code have been found.
> 3 suspicious objects have been found.
> 4 infected objects have been detected.
> 5 all infected objects have been disinfected.
> 6 scan results are unavailable: encrypted or password protected file.
> 7 system error launching the application (file not found, unable
> to read the file).
> 8 scan results are unavailable: file is corrupted or input/output error.
> 9 some of the required parameters are missing from the command line.
> So, I must remove errorcode 3 in the array: ... [0,6,8],
I don't see why you would need to remove the 3 from the list.
The [0,3,6,8] is a list of ok statuses, but the regexp for
malware: qr/\b(INFECTED|SUSPICION)\b/ takes precedence, which
means if 'SUSPICION' text if found (despite also returning
status 3), the mail will be declared infected.
If one decides that SUSPICION should not be a cause of alarm,
it suffices to change regexp to qr/\bINFECTED\b/, and the 3
will take care that the result is a 'passed'.
The reason why status codes can not be used for 'infected'
statuses, but a regexp is needed instead, is:
> the return code corresponds to the results of scanning the last file
Mark
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
