Re: [Declude.Virus] F-Prot missing viruses and is slow (renamed)

[Matt]

Ok, follow-up time.  It appears that Declude is detecting this with VIRUSCODE 8 and I was just merely confused by the logs.  I set things to Debug and found the following: 04/29/2005 00:06:48.652 QB2D6AB7001342A79 [6224] Virus Scanner Started: C:\Progra~1\FSI\F-Prot\fpcmd.exe -SILENT -NOBOOT -NOMEM -ARCHIVE=5 -PACKED -SERVER -DUMB -REPORT=report.txt F:\DB2D6A~1.VIR\ 04/29/2005 00:06:53.667 QB2D6AB7001342A79 [6224] Scanning Time: 4812ms [kernel=78 user=4734] 04/29/2005 00:06:53.667 QB2D6AB7001342A79 [6224] Virus scanner 1 reports exit code of 8 04/29/2005 00:06:53.667 QB2D6AB7001342A79 [6224] F:\DB2D6AB7001342A79.vir\ 04/29/2005 00:06:53.667 QB2D6AB7001342A79 [6224] F:\DB2D6AB7001342A79.vir\report.txt 04/29/2005 00:06:53.667 QB2D6AB7001342A79 [6224] report.txt len=722 rflen=35 cs=0 04/29/2005 00:06:53 QB2D6AB7001342A79 Could not find parse string Infection:  in report.txt So I would assume that on other log levels and with other scanners detecting the viruses, there just isn't a clear indication of the virus being found with F-Prot, but it is in fact being detected.  Maybe Declude should change the logging to indicate the exit code in other log levels when it matches a VIRUSCODE value. That leaves two real issues; 1) Time/CPU utilization with F-Prot, and 2) F-Prot continuing to report viruses with an exit code of 8. Matt Matt wrote: Colbeck, Andrew wrote: F-Prot is indeed returning an errorlevel of 8 on this, and it's definitely way out of line with the scanning time on this file. Your script no doubt shows that F-Prot returns an error level of 8 when run on this file, however there is one big issue here...I have declude now set for VIRUSCODE 8 and it isn't detecting it.  I just tested this by sending it to myself and it still didn't detect it as a virus.  Here's my config: SCANFILE1    C:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOBOOT /NOMEM /ARCHIVE=5 /PACKED /DUMB /REPORT=report.txt VIRUSCODE1    3 VIRUSCODE1    6 VIRUSCODE1    8 REPORT1        Infection: I used this same command line with your script, making obvious edits for the path and it returned an 8.  I'm confused why either Declude isn't picking this up, or why F-Prot isn't somehow reporting it to Declude properly... The time issue is also a big deal of course, but probably not as big as Declude with F-Prot missing it.  Can anyone confirm with this sample file whether or not Declude with F-Prot and VIRUSCODE 8 is catching this? I did get a reply on my previous report to them (after 6 days); they brought my request to the attention of the developers, but then reminded me that any non-zero return code is "undesirable".  The request was to re-classify Mitglieder from "suspicious" to "virus" so that I could get the correct return code and thus the correct handling in my Declude Virus. I got what was probably the exact same response after a similar amount of time.  The person that replied didn't understand the question or used something that was canned.  I replied back again nevertheless.  I haven't sent anything concerning this issue, although it seems related, but there also seems to be a different bug here with at least F-Prot but possibly also Declude. Matt -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================