[Qmail-scanner-general]new sub_scanner module problem

Wed, 15 Jan 2003 05:58:55 -0800 

Product
qmailscanner 1.15 / ripmime

I'm working on a simple body scan module using grep.  ripmime outputs
the message in the working directory and names the message files
textfile0 - what ever number needed.  What I have done is copy the
sub_uvscan file and modify it to run a standard shell grep command on
the contents of the message directory. The output of this command is a
numeric count of the number of matches for each file
 "grep -i -c -h -f $scandir/grepfile /$scandir/$file_id"

Output of my test message shows 
15/01/2003 08:42:16:7329: --output of bodyscan was:
1
1
--

this is the code
**************************************
sub body_scanner {
  #Message Body Scanner
  &debug("bodyscan: starting scan of directory
\"$scandir/$file_id\"...");
  #my ($bodyscan_verbose)="-v" if ($DEBUG);
  my ($start_bodyscan_time)=[gettimeofday];
  my ($DD,$bodyscan_status,$stop_bodyscan_time,$bodyscan_time);

  $DD=`$bodyscan_binary  -i -c -h -f $scandir/grepfile 
$scandir/$file_id/* 2>&1`;
  $bodyscan_status=($? >> 8);
  &debug("--output of bodyscan was:\n$DD--");
  if ( $bodyscan_status > 0 ) {
    if ($DD =~ /[1-9]/) {
      $quarantine_description='Malicious Code detected in the Message
Body';
      &debug("There be a virus! ($quarantine_description)");
      ($quarantine_event=$quarantine_description)=~s/\s/_/g;
      $quarantine_event="bodyscan:".substr($quarantine_event,0,$QE_LEN);
      $description .= "\n---bodyscan results ---\n$DD";
      #    print "virus \"$virus\"\n";
    } else {
      #This implies a corrupt set of DAT files or resource problems...
      &tempfail("corrupt or unknown MacAfee scanner/resource problems -
exit status $bodyscan_status");
    }
  }
  $stop_bodyscan_time=[gettimeofday];
  $bodyscan_time = tv_interval ($start_bodyscan_time,
$stop_bodyscan_time);
  &debug("bodyscan: finished scan of dir \"$scandir/$file_id\" in
$bodyscan_time secs");
}
*******************************************

Each time the body_scanner finds the match but I can't get it to pass
back to QS the fact that is a virus and should be blocked.  Any Ideas?

Thanks for the help

-- 
Ron Culler




-------------------------------------------------------
This SF.NET email is sponsored by: Take your first step towards giving 
your online business a competitive advantage. Test-drive a Thawte SSL 
certificate - our easy online guide will show you how. Click here to get 
started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Reply via email to