I'm trying to integrate ClamAV with Declude Virus and I've run into a small
problem getting the name of the virus from the ClamAV output. When I asked
if there was a way to fix the problem (with Declude) on the Declude Virus
list, I got the following answer:
>>> There isn't. The problem is that ClamAV doesn't report the virus name
in
>>> the standard format. We are, however, looking into finding a way
>>> around this.
>>
>>There's a standard format? Can I get a copy of the standard? ClamAV is
>>open source so it might be easier to submit a fix to the source than to
work
>>around it.
>
> The standard format is to include the filename, followed by an identifier
> of some sort ("virus found", "infected", or anything that indicates that
> the E-mail isn't clean), and then the virus name.
>
> I believe the code that should be changed is in the checkfile( ) function
> in the manager.c file, where there are two references to "%s: %s FOUND\n",
> which could be changed to "%s: infected with %s\n" or "%s: FOUND
> %s\n". That would do the trick.
>
> -Scott
I can't use the ":" as the delimiter because there's a time stamp at the
begining of the -l output. Can the change Scott suggested be made to the
ClamAV source?
Does it have to have an option added because the old format is being parsed
by
other programs?
Thanks,
Brad Morgan
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
