Re: [AMaViS-user] Bitdefender bdscan And Amavis

Wed, 02 Jan 2008 19:40:53 -0800 

On 1/2/08, mayer wrote:
> Hi!
>
> I've used google but it didn't help very much... so I'm counting on you 
> guys... :-)
>
> My problem:
> I've installed BitDefender Antivirus Scanner for Unices
> (http://www.bitdefender.com/PRODUCT-80-en--BitDefender-Antivirus-Scanner-for-Unices.html)
> successfully on a Debian Etch machine.
> Amavisd-new is installed and working, too.
>
> But Amavis doesn't recognize and use Bitdefender (bdscan).
>
> I can see where the problem is: the config file of amavis named 
> "15-av_scanners" only includes the old version of Bitdefender (the one with 
> the command bdc)
>
> So, my question (finally) is:
> What do I have to write into this "15-av_scanners" file to get bdscan working 
> with Amavis?
>
> Thanks for your help!
> Stephan
>

#####################################################
msa:~# bdscan --action=ignore --no-list eicar.com.txt
BitDefender Antivirus Scanner v7.60825 Linux-i686
Copyright (C) 1996-2006 Softwin SRL. All rights reserved.
Trial key found. 29 days remaining.

Default action upon detecting an infected file: ignore action
Default action upon detecting a suspected file: ignore action
/root/eicar.com.txt  infected: EICAR-Test-File (not a virus)


Results:
Folders           :0
Files             :1
Packed            :0
Archives          :0
Infected files    :1
Suspect files     :0
Warnings          :0
Identified viruses:1
I/O errors        :0

msa:~# echo $?
1

###########################################################
(new version scans archives by default)

Usage: bdscan [options] path
Options:
    --no-archive            - don't scan archives
    --no-mail               - don't scan mail databases
    --no-pack               - don't scan packed programs
    --no-recursive          - don't recurse into subdirectories

    --recursive-level=n     - set maximum directory depth level [default 0(all)]
    --archive-level=n       - set maximum archive depth level [default 12]

    --ext[=ext1:ext2]       - scan only these extensions
                              default: see Extensions in bdscan.conf
    --exclude-ext[=ext]     - exclude these extensions from scanning
                              default: see ExcludeExtensions in bdscan.conf

    --action=[disinfect|quarantine|delete|ignore]
                            - action to take when an infected file is detected
    --suspect-copy          - copy suspected files to quarantine
    --suspect-move          - move suspected files to quarantine
    --quarantine=path       - path to quarantine
                              [default /opt/BitDefender-scanner/var/quarantine]

    --conf-file=path        - path to configuration file
    --log[=file]            - write log file
                              [default
/opt/BitDefender-scanner/var/log/bdscan.log]
    --log-overwrite         - overwrite existing log file

    --no-list               - do not display scanned files
    --no-warnings           - do not display warnings
    --verbose               - display debug information

    --update                - update virus definitions
    --force-insecure-update - do not verify server signature file

    --virus-list            - display virus list
    --info                  - information about this product
    --version               - display version number
    --help,--?              - this help
##################################################################

Old version:
msa:/usr/local/src# bdc --help
BDC/Linux-Console v7.1 (build 2559) (i386) (Jul  6 2005 16:28:53)
Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved.

Usage: bdc path [parameters]
Parameters:
              --files          - scan files *
              --arc            - scan archives
              --mail           - scan mail databases
              --nopack         - don't scan packed programs
              --ext=ext1;ext2; - scan only this extensions
              --log[=file]     - create log file
              --list           - display all files
              --prog           - scan only program files
              --append         - append to log file
              --disinfect      - disinfect files
              --delete         - delete infected files
              --copy           - copy infected files in quarantine zone
              --copys          - move suspected files in quarantine zone
              --move           - move infected files in quarantine zone
              --moves          - move suspected files in quarantine zone
              --info           - information
              --nowarn         - do not display warnings
              --vlist          - display virus list
              --debug          - display debug information
              --nor            - do not recurse into subdirs
              --alev[=n]       - set maximum archive depth level
              --flev[=n]       - set maximum folder depth level
              --update         - update virus definitions
              --help,--?       - this help
                               * = default option
###################################################################

So, this is a somewhat quick and dirty "replace what changed", but no
doubt can be improved.

  ### http://www.bitdefender.com/
  ['BitDefender', 'bdscan',
    '--action=ignore --no-list {}', qr/^Infected files *:0+(?!\d)/,
    qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
    qr/(?:suspected|infected): (.*)(?:\033|$)/ ],
  # consider also: --no-warnings --recursive-level=15 --archive-level=15.

###################################################################

With this in place, with eicar I get:

Jan  2 20:29:14 msa amavis[16191]: (16191-02) run_command: [16502]
/usr/bin/bdscan --action=ignore --no-list
/var/lib/amavis/tmp/amavis-20080102T202614-16191/parts </dev/null 2>&1

Jan  2 20:29:19 msa amavis[16191]: (16191-02) collect_results from
[16502] (BitDefender), 571 bytes, (limit 204800)

Jan  2 20:29:19 msa amavis[16191]: (16191-02) prolong_timer run_av:
timer set to 475 s

Jan  2 20:29:19 msa amavis[16191]: (16191-02) run_av: /usr/bin/bdscan
exit 1, BitDefender Antivirus Scanner v7.60825 Linux-i686\nCopyright
(C) 1996-2006 Softwin SRL. All rights reserved.\nTrial key found. 29
days remaining.\n\nDefault action upon detecting an infected file:
ignore action\nDefault action upon detecting a suspected file: ignore
action\n/var/lib/amavis/tmp/amavis-20080102T202614-16191/parts/p001
infected: EICAR-Test-File (not a virus)\n\n\nResults:\nFolders
...:1\nFiles ...:1\nPacked ...:0\nArchives ...:0\nInfected files
:1\nSuspect files ...:0\nWarnings ...:0\nIdentified viruses:1\nI/O
errors ...:0\n

Jan  2 20:29:19 msa amavis[16191]: (16191-02) run_av (BitDefender):
INFECTED: EICAR-Test-File (not a virus)

and, without eicar:

Jan  2 20:33:21 msa amavis[16191]: (16191-03) run_av: /usr/bin/bdscan
exit 0,  BitDefender Antivirus Scanner v7.60825 Linux-i686\nCopyright
(C) 1996-2006 Softwin SRL. All rights reserved.\nTrial key found. 29
days remaining.\n\nDefault action upon detecting an infected file:
ignore action\nDefault action upon detecting a suspected file: ignore
action\n\n\nResults:\nFolders ...:1\nFiles ...:1\nPacked
...:0\nArchives ...:0\nInfected files    :0\nSuspect files
...:0\nWarnings ...:0\nI/O errors ...:0\n

Jan  2 20:33:21 msa amavis[16191]: (16191-03) run_av (BitDefender): CLEAN

On the surface it appers to function.

-- 
Gary V

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Reply via email to