Don't think that change will work for you. It looks like the word
"infected" always appears in the summary report, it just might be 0
found or not. Maybe change it to look for "Trojan horse".
Bill
>----------
>From: [EMAIL PROTECTED][SMTP:[EMAIL PROTECTED]]
>Sent: Thursday, December 13, 2001 2:36 PM
>To: [EMAIL PROTECTED]
>Subject: [xmail] Re: AV Filter for Win32 XMAIL
>
>
>Here is a solution that works for this part of the problem.
>
>Here is example of infected file report:
>
>AVG 6.0 Anti-Virus System
>Copyright GRISOFT Inc. 2001
>Program version 6.307, database version 168
>Command line: [/HEUR
>c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* /REPORT
>c:\xxmail\mailroot\avfilter\temp\rep-1008279248678.401.defiant.txt /NOMEM
>/NOHIMEM /NOBOOT]
>Testing c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* volume
>DRIVEC serial ACBD-E688
>c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\server.exe Trojan horse
>BackDoor.Subseven
>
>------------------------------------------------------------
>Test start 12/13/01 14:27:37
>Elapsed time: 0 sec.
>------------------------------------------------------------
>Scanned files : 2
>Scanned sectors : 0
>Infected files : 1
>Infected sectors : 0
>------------------------------------------------------------
>
>Here is example of non infected report:
>
>AVG 6.0 Anti-Virus System
>Copyright GRISOFT Inc. 2001
>Program version 6.307, database version 168
>Command line: [/HEUR
>c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* /REPORT
>c:\xxmail\mailroot\avfilter\temp\rep-1008279248678.401.defiant.txt /NOMEM
>/NOHIMEM /NOBOOT]
>Testing c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* volume
>DRIVEC serial ACBD-E688
>c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\server.exe Trojan horse
>BackDoor.Subseven
>
>------------------------------------------------------------
>Test start 12/13/01 14:27:37
>Elapsed time: 0 sec.
>------------------------------------------------------------
>Scanned files : 2
>Scanned sectors : 0
>Infected files : 1
>Infected sectors : 0
>------------------------------------------------------------
>
>locate line in avfilter.js:
>
> if (repfileStr.indexOf('Virus found') != -1 || repfileStr.indexOf('Virus
>identified') != -1) {
>
> Change to:
>
> if (repfileStr.indexOf('Infected') != -1 || repfileStr.indexOf('Virus
>identified') != -1) {
>
>And now the avfilter.js completes its mission when called from the command
>line with correct paramters. The emails get sent, the log gets updated.
>
>Still investigating.
>
>Tony
>
> ----- Original Message -----
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Sent: Thursday, December 13, 2001 2:07 PM
> Subject: [xmail] Re: AV Filter for Win32 XMAIL
>
>
>
> Edinilson;
>
> Here is the report created for an infected file:
>
> AVG 6.0 Anti-Virus System
> Copyright GRISOFT Inc. 2001
> Program version 6.307, database version 168
> Command line: [/HEUR
>c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* /REPORT
>c:\xxmail\mailroot\avfilter\temp\rep-1008279248678.401.defiant.txt /NOMEM
>/NOHIMEM /NOBOOT]
> Testing c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* volume
>DRIVEC serial ACBD-E688
> c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\server.exe Trojan
>horse BackDoor.Subseven
>
> ------------------------------------------------------------
> Test start 12/13/01 14:01:14
> Elapsed time: 0 sec.
> ------------------------------------------------------------
> Scanned files : 2
> Scanned sectors : 0
> Infected files : 1
> Infected sectors : 0
> ------------------------------------------------------------
>
> If I understand the script correctly, this line:
>
> if (repfileStr.indexOf('Virus found') != -1 || repfileStr.indexOf('Virus
>identified') != -1) {
>
> is looking for the phrase Virus Found or Virus Identified - neither one of
>which appears in the report. This would account for the reason no virus are
>being detected by the script. Are you using a different version of the AVG
>engine, or perhaps a slightly different version of the script than I am?
>
> Tony
>
>
> ----- Original Message -----
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Sent: Thursday, December 13, 2001 1:56 PM
> Subject: [xmail] Re: AV Filter for Win32 XMAIL
>
>
>
> Edinilson;
> Much better now. Everything in the avfilter.bat that is supposed to
>happen does!
> Now I know the problem must be in the avfilter.js, after the bat is
>called.
> The infected emails still get delivered, and no warning message gets
>sent. We are closer - any more ideas?
> Thanks in advanc!
> Tony
> ----- Original Message -----
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Sent: Thursday, December 13, 2001 12:56 PM
> Subject: [xmail] Re: AV Filter for Win32 XMAIL
>
>
>
> I had certainly checked and rechecked. Still - you were correct. The
>directory and file deletions in avfilter\temp were not being done due to a
>path problem! Also, without any more changes - the report file is now being
>created in the temp dir as expected! Closer than ever to sucess.
>
> The report file now stays in the temp dir. Still no emails being sent,
>and it seems the infected mail is still delivered. More hints please? And
>THANK YOU.
>
> Tony
>
> ----- Original Message -----
> From: Edinilson J. Santos
> To: [EMAIL PROTECTED]
> Sent: Thursday, December 13, 2001 12:41 PM
> Subject: [xmail] Re: AV Filter for Win32 XMAIL
>
>
> Are you sure that all drives and paths was replaced with your own
>path (for
> me drive is D: and xmail path is \mailroot) in avfilter.js and
>avfilter.bat
> ?
> It�s a very simple script but rely on specific paths
>
> Edinilson
> ---------------------------------------------------------
> ATINET-Afiliado UOL de Atibaia
> Rua Francisco R. Santos, 54 sala 3
> ATIBAIA/SP Cep: 12940-250
> Tel Voz: (0xx11) 4412-0876
> http://www.atinet.com.br
>
>
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, December 13, 2001 6:33 PM
> Subject: [xmail] Re: AV Filter for Win32 XMAIL
>
>
> New, more information.
>
> On more testing, the last statement in avfilter.bat that I can
>verify is
> being run sucessfully is uudecode. If I run the line which invokes
>AVG by
> hand (substituting values for %2), it runs correctly, and creates the
>report
> in the \avfilter\temp directory.
>
> Tony
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, December 13, 2001 10:17 AM
> Subject: [xmail] Re: AV Filter for Win32 XMAIL
>
>
> > Thank your Mr. Santos!
> >
> > After your recommended test, here is the results.
> >
> > The mail file was copied to the created dir in avfilter as
>expected. The
> > virus attachment was extracted, and in the same DIR. (I rem'd the
>code
> that
> > deletes this temp file and dir so I could better track the results
>of the
> > test.)
> >
> > The \avfilter\temp dir seems to have something written in to it,
>but if
> so,
> > it was deleted before I could see it there. I can only tell because
>the
> > avfilter/temp directory moved (as it does when something is written
>to it)
> > it position in the dir list.
> >
> > No emails warning of virus were sent to either address, and the
>original
> > email with the virus was delivered to the end user. :(
> >
> > Do you have any thoughts on this problem?
> >
> > Thank again
> >
> > Tony
> >
> > ----- Original Message -----
> > From: "Edinilson J. Santos" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, December 13, 2001 3:49 AM
> > Subject: [xmail] Re: AV Filter for Win32 XMAIL
> >
> >
> > > May I help you?
> > >
> > > Try to do the following:
> > > Open a command prompt window.
> > >
> > > cd\mailroot\avfilter
> > > cscript avfilter.js SOME-EMAIL-FILE [EMAIL PROTECTED]
>YOUR-EMAIL-ADDRESS
> > >
> > > And report me what happens.
> > >
> > > Edinilson
> > > ---------------------------------------------------------
> > > ATINET-Afiliado UOL de Atibaia
> > > Rua Francisco R. Santos, 54 sala 3
> > > ATIBAIA/SP Cep: 12940-250
> > > Tel Voz: (0xx11) 4412-0876
> > > http://www.atinet.com.br
> > >
> > >
> > > ----- Original Message -----
> > > From: <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Wednesday, December 12, 2001 6:08 PM
> > > Subject: [xmail] Re: AV Filter for Win32 XMAIL
> > >
> > >
> > > I do not have success with these scripts. Can anyone help? It
>seems
> the
> > > AVG engine ins't making the temp file - or something in that
>area.
> ANyone
> > > please?
> > >
> > > Tony
> > > ----- Original Message -----
> > > From: "Edinilson J. Santos" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Monday, December 10, 2001 4:13 AM
> > > Subject: [xmail] AV Filter for Win32 XMAIL
> > >
> > >
> > > > For those looking for a AV filter script that works with XMail
>for
> > Win32,
> > > > try:
> > > > http://www.atinet.com.br/xmail/avfilter.zip
> > > >
> > > > Edinilson
> > > > ---------------------------------------------------------
> > > > ATINET-Afiliado UOL de Atibaia
> > > > Rua Francisco R. Santos, 54 sala 3
> > > > ATIBAIA/SP Cep: 12940-250
> > > > Tel Voz: (0xx11) 4412-0876
> > > > http://www.atinet.com.br
> > > >
> > > >
> > > > ---
> > > > Outgoing mail is certified Virus Free.
> > > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > > Version: 6.0.306 / Virus Database: 166 - Release Date:
>04/12/2001
> > > >
> > > > -
> > > > To unsubscribe from this list: send the line "unsubscribe
>xmail" in
> > > > the body of a message to [EMAIL PROTECTED]
> > > > For general help: send the line "help" in the body of a message
>to
> > > > [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > > -
> > > To unsubscribe from this list: send the line "unsubscribe xmail"
>in
> > > the body of a message to [EMAIL PROTECTED]
> > > For general help: send the line "help" in the body of a message
>to
> > > [EMAIL PROTECTED]
> > >
> > >
> > >
> > >
> > > ---
> > > Outgoing mail is certified Virus Free.
> > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > Version: 6.0.307 / Virus Database: 168 - Release Date: 11/12/2001
> > >
> > > -
> > > To unsubscribe from this list: send the line "unsubscribe xmail"
>in
> > > the body of a message to [EMAIL PROTECTED]
> > > For general help: send the line "help" in the body of a message
>to
> > > [EMAIL PROTECTED]
> > >
> > >
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe xmail" in
> > the body of a message to [EMAIL PROTECTED]
> > For general help: send the line "help" in the body of a message to
> > [EMAIL PROTECTED]
> >
> >
>
> -
> To unsubscribe from this list: send the line "unsubscribe xmail" in
> the body of a message to [EMAIL PROTECTED]
> For general help: send the line "help" in the body of a message to
> [EMAIL PROTECTED]
>
>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.307 / Virus Database: 168 - Release Date: 11/12/2001
>
> -
> To unsubscribe from this list: send the line "unsubscribe xmail" in
> the body of a message to [EMAIL PROTECTED]
> For general help: send the line "help" in the body of a message to
> [EMAIL PROTECTED]
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe xmail" in
> the body of a message to [EMAIL PROTECTED]
> For general help: send the line "help" in the body of a message to
> [EMAIL PROTECTED]
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe xmail" in
> the body of a message to [EMAIL PROTECTED]
> For general help: send the line "help" in the body of a message to
> [EMAIL PROTECTED]
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe xmail" in
> the body of a message to [EMAIL PROTECTED]
> For general help: send the line "help" in the body of a message to
> [EMAIL PROTECTED]
>
>
>
>-
>To unsubscribe from this list: send the line "unsubscribe xmail" in
>the body of a message to [EMAIL PROTECTED]
>For general help: send the line "help" in the body of a message to
>[EMAIL PROTECTED]
>
>
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
