In Silvester's
http://silvester.org.uk/OSX/resources/virus_scanning/incoming_email_scan.applescript
scripts one can use either scan on incoming Mail.
Here are two excerpts from the corresponding scripts:
For Clamdscan
Code:
set commandline to "/usr/local/clamXav/bin/clamdscan --quiet --stdout
--config-file=/usr/local/clamXav/etc/clamd.conf " & POSIX path of file tmpfil
-- display dialog "Clamd command line = " & commandline
do shell script commandline
on error errMsg number exitCode
if (exitCode = 1) then
set background color of thisMessage to red
-- set currentSubject to subject of thisMessage
-- set subject of thisMessage to "[**VIRUS** - ClamAV]" &
currentSubject
move thisMessage to mailbox "_Quarantine"
for Clamscan
Code:
set commandline to "/usr/local/clamXav/bin/clamscan --quiet --stdout " & POSIX
path of file tmpfil
-- display dialog "Clamd command line = " & commandline
do shell script commandline
on error errMsg number exitCode
if (exitCode = 1) then
set background color of thisMessage to red
-- set currentSubject to subject of thisMessage
-- set subject of thisMessage to "[**VIRUS** - ClamAV]" &
currentSubject
move thisMessage to mailbox "_Quarantine"
Since I find NO "clam.conf" but I DO have a "clamd.conf", the two scan areas on
the first lines above are slightly different.
I found a Known virus file (which is zipped) .. clamscan finds it; BUT
clamdscan DOES not.
Is there a reason for this?
Since finding this difference, I now use the clamscan script even though it IS
somewhat slower....
Thanx in advance...
Jim B
======================================
Turkey Day,,,, 11-26-09
EDIT: A 2nd test: Used clamXav to update at 12:42
Code:
Thu Nov 26 12:42:19 2009 -> Database updated (659735 signatures) from
db.us.clamav.net (IP: 64.246.134.219)
Thu Nov 26 12:42:19 2009 -> Clamd successfully notified about the update.
Then saw that clamd, being notified, performed a DB update:
Code:
Thu Nov 26 12:42:19 2009 -> Reading databases from
/usr/local/clamXav/share/clamav
Thu Nov 26 12:42:22 2009 -> Database correctly reloaded (659708 signatures)
Difference of 27 entries... but not the same.
The clamav DB update source varies from an IP of 81.x.x.x to 64.x.x.x to
217.x.x.x
So I assume that they are not in sync with one another?
I NEVER get the clamav DB from IP 81.x.x.x :
Code:
Trying host db.us.clamav.net (81.173.192.234)...
Thu Nov 26 12:42:09 2009 -> nonblock_connect: connect timing out (30 secs)
Thu Nov 26 12:42:09 2009 -> Can't connect to port 80 of host db.us.clamav.net
(IP: 81.173.192.234)
Thu Nov 26 12:42:09 2009 -> Trying host db.us.clamav.net (64.246.134.219)...
Then the IP at 64.x.x.x gets the .diff failure forcing the update of the
<daily.cvd> file using the same IP 64.x.x.x address.
Can a difference of 27 entries cause clamdscan miss a virus that clamscan can
find?
Still confused...
BTW I am not certain that the file content difference are *actual* signature
entries..
Any comments?
_________________
V2.0.4+0.95.3 (with clamd)
OS 10.6.2/24" iMac/2GB/320GB/VMWare w/ W2K & WIN 7RC/Developer tools/Xcode 3.2
Last edited by Jim babcock on Thu Nov 26, 2009 1:12 pm; edited 3 times in total
========================================================
Jim Babcock Ph: 512-310-1968
Babcock Consulting Fax: 608-541-6206
1802 Gray Oak Dr mailto:[email protected]
Round Rock, Tx 78681
Visit J & B Imaging Services' Web Page at: http://www.jabis.com
Frederick Brooks: "I happily use a Macintosh. It's not been equalled
for ease of use and I want my computer to be a tool, not a challenge."
[Former IBMer Brooks is the author of 'The Mythical Man Month']
========================================================
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
