Tuesday 11 March 2003 00.30 skrev Buchan Milne:
> On Mon, 10 Mar 2003, Oden Eriksson wrote:
> > > > I've gotten to a point where the kav module builds,
> > >
> > > Cool!
> >
> > Yihaa! Now it built ok. Attached is a spec file patch.
>
> I don't see a point in updating for 9.1, but I will try and get it into
> samba cvs for 2.2.8, and cooker later.
Ok. I will probably roll this out, plus my changes to qmail-scanner later on
where I share office with others. This is pretty cool! If this was M$ it
would probably cost $$$$($$?)?
> > But..., right now I cannot test if the module actually works..., or I
> > don't know how to test it without accessing it from windoze. I can test
> > it later tonight or tomorrow.
>
> smbclient //localhost/$USER
> smbclient>get aletterforyou.txt
>
> You should get access denied on any infected file, plus an error in syslog
> telling you which file is infected.
Ahh, yes, of course (i'm sleepy). It works!. Too bad the virus name is not
reported to syslog:
Mar 11 01:10:19 foo smbd_vscan_kavp[6412]: samba-vscan (vscan-kavp 0.3.2a)
loaded (Samba >=2.2.4), (c) by Rainer Link, OpenAntiVirus.org
Mar 11 01:10:19 foo smbd_vscan_kavp[6412]: INFO: connect to service oden by
user oden
Mar 11 01:10:26 foo smbd_vscan_kavp[6412]: ALERT - Scan result:
'/home/oden/love-letter-for-you.txt' infected with virus 'UNKNOWN', client:
'192.168.100.10'
Mar 11 01:10:26 foo smbd_vscan_kavp[6412]: INFO: quarantining file
'/home/oden/love-letter-for-you.txt' to '/var/tmp/vir-XMv7gE' was successful
Mar 11 01:10:43 foo smbd_vscan_kavp[6412]: ALERT - Scan result:
'/home/oden/eicar.com' infected with virus 'UNKNOWN', client:
'192.168.100.10'
Mar 11 01:10:44 foo smbd_vscan_kavp[6412]: INFO: quarantining file
'/home/oden/eicar.com' to '/var/tmp/vir-moubka' was successful
But then it's logged to /var/log/kavscan.rpt:
Query for the tests: <0>Mar 11 01:10:26:/home/oden/love-letter-for-you.txt
11.03.2003 01:10:26 /home/oden/love-letter-for-you.txt infected:
I-Worm.LoveLetter
Current object: <0>Mar 11 01:10:26:/home/oden/love-letter-for-you.txt
Sector Objects : 0 Known viruses : 1
Files : 1 Virus bodies : 1
Folders : 0 Disinfected : 0
Archives : 0 Deleted : 0
Packed : 0 Warnings : 0
Suspicious : 0
Speed (Kb/sec) : 0 Corrupted : 0
Scan time : 00:00:01 I/O Errors : 0
Query for the tests: <0>Mar 11 01:10:43:/home/oden/eicar.com
11.03.2003 01:10:43 /home/oden/eicar.com infected: EICAR-Test-File
Current object: <0>Mar 11 01:10:43:/home/oden/eicar.com
Sector Objects : 0 Known viruses : 1
Files : 1 Virus bodies : 1
Folders : 0 Disinfected : 0
Archives : 0 Deleted : 0
Packed : 0 Warnings : 0
Suspicious : 0
Speed (Kb/sec) : 0 Corrupted : 0
Scan time : 00:00:01 I/O Errors : 0
Thanks for your help Buchan!
Chears.
--
Regards // Oden Eriksson, Deserve-IT.com
