Genius! That was it. Thanks, Russ. -- Chris Simmons [EMAIL PROTECTED]
> -----Original Message----- > From: Russ Ochsner [mailto:[EMAIL PROTECTED] > Sent: Saturday, April 24, 2004 10:58 AM > To: James Users List > Subject: Re: Praxis Antivirus matcher > > Hi Chris, > > I believe I ran into the same problem under both MacOS X and Win2k > using clamav. > > My guess is that the asterisk is not being expanded, probably because > the IsInfected matcher is not opening up the AV program in a shell that > can expand the wildcard. > > I was able to get clamav working under MacOS X by having the matcher > call a shell script (below) where I knew that the asterisk would be > expanded into all the files. Under Win2k I couldn't get the same method > to work. It turns out that you can pass a directory to clamav instead > of just files, so I just used %targetDir% instead of %targetDir%/*.tt > as the argument. > > Hope this helps. > -Russ > > > #!/bin/bash > > # Log the arguments for troubleshooting > echo $* >> /private/tmp/clam.log > > # Launch AntiVirus program > /usr/local/bin/clamscan $* > > > > On Apr 21, 2004, at 7:05 PM, Chris Simmons wrote: > > > Hello: > > > > I have been trying to get the Praxis antivirus matcher > > (it.praxis.james.matchers.IsInfected) to work. I am having an issue > > however in that the antivirus program always errors out. I am sure > > it's > > something I've overlooked, not a problem with the matcher (probably > > something with the Java language or system settings I'm missing). In > > any > > case, I'd like to pick y'all's brains anyway. Here's the setup: > > Linux (RedHat 9) > > James 3.0a1 (Did the same thing with 2.1) > > F-Prot Antivirus for Linux Workstations > > > > Here is the config.xml section I have: > > <!-- *** START SNIPPET *** --> > > <mailet match="IsInfected=/usr/local/bin/f-prot -old -archive > > -report=%reportFile% %targetDir%/*.tt, > > /usr/local/james/virus_scanner_temp, true, 3" class="ToProcessor"> > > <processor> virus </processor> > > </mailet> > > <!-- *** END SNIPPET *** --> > > > > > > Here is a sample report file when f-prot is run by the matcher: > > *** START FILE *** > > Virus scanning report - 11 April 2004 @ 22:01 > > > > F-PROT ANTIVIRUS > > Program version: 4.3.2 > > Engine version: 3.14.7 > > > > VIRUS SIGNATURE FILES > > SIGN.DEF created 8 April 2004 > > SIGN2.DEF created 8 April 2004 > > MACRO.DEF created 24 March 2004 > > > > Search: > > /usr/local/james/virus_scanner_temp/virus6422487423725853807/*.tt > > Action: Report only > > Files: Attempt to identify files > > Switches: -ARCHIVE > > -REPORT=/usr/local/james/virus_scanner_temp/virus6422487423725853807/ > > scanR > > eport.txt -OLD > > > > Error on reading > > /usr/local/james/virus_scanner_temp/virus6422487423725853807/*.tt > > > > Results of virus scanning: > > > > Files: 0 > > MBRs: 0 > > Boot sectors: 0 > > Objects scanned: 0 > > > > Time: 0:00 > > > > No viruses or suspicious files/boot sectors were found. > > *** END FILE *** > > > > The only problem being reported as: > > "Error on reading > > /usr/local/james/virus_scanner_temp/virus6422487423725853807/*.tt" > > > > To troubleshoot the problem, I recompiled the source and commented out > > the > > code to delete the attachments. I also logged the EXACT command line > > being executed by the matcher. After a mail arrived, I looked at the > > log, > > got the command line and executed it (of course, verifying the > > temporary > > file(s) were persisted instead of deleted). Manually executing the > > command line got me the following output: > > *** START FILE *** > > Virus scanning report - 11 April 2004 @ 22:19 > > > > F-PROT ANTIVIRUS > > Program version: 4.3.2 > > Engine version: 3.14.7 > > > > VIRUS SIGNATURE FILES > > SIGN.DEF created 8 April 2004 > > SIGN2.DEF created 8 April 2004 > > MACRO.DEF created 24 March 2004 > > > > Search: > > /usr/local/james/virus_scanner_temp/virus6422487423725853807/ > > content50022. > > tt > > Action: Report only > > Files: Attempt to identify files > > Switches: -ARCHIVE > > -REPORT=/usr/local/james/virus_scanner_temp/virus6422487423725853807/ > > scanR > > eport.txt -OLD > > > > > > Results of virus scanning: > > > > Files: 1 > > MBRs: 0 > > Boot sectors: 0 > > Objects scanned: 1 > > > > Time: 0:00 > > > > No viruses or suspicious files/boot sectors were found. > > *** END FILE *** > > > > So, you see, the command is valid. The next thing I thought was that > > perhaps the file(s) hadn't had a chance to be written to disk before > > the > > mailet executed the command (forgive my lack of knowledge of the Java > > system - is this even possible?). To disprove this theory, I > > hard-coded > > the same command line in the matcher so that upon a mail arrival, the > > matcher would just execute a known-good command on known-existing > > files. > > Still no luck (same report file as above). > > > > So, I'm stuck. Does anyone have any idea what I may be doing wrong? > > > > -- > > Thanks, > > Chris Simmons > > [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED]
smime.p7s
Description: S/MIME cryptographic signature
