Ahh much better. But maybe even better would be to replace the
conditions with
repfileStr.indexOf('No viruses found') = -1
Better to only pass messages you are sure aren't infected, instead of
looking for not finding a message that says they are.
>The way it is now says if you don't find "Infected" and you don't find
"'Virus identified' then pass it. Why not just look for "No viruses
found" and then you are sure!
Bill
>----------
>From: [EMAIL PROTECTED][SMTP:[EMAIL PROTECTED]]
>Sent: Thursday, December 13, 2001 2:49 PM
>To: [EMAIL PROTECTED]
>Subject: [xmail] Re: AV Filter for Win32 XMAIL
>
>
>No! I messed up when I pasted the example before. Here is a correct report
>for uninfected file:
>AVG 6.0 Anti-Virus System
>Copyright GRISOFT Inc. 2001
>Program version 6.307, database version 168
>Command line: [/HEUR
>c:\xxmail\mailroot\avfilter\1008283673831.422.defiant\*.* /REPORT
>c:\xxmail\mailroot\avfilter\temp\rep-1008283673831.422.defiant.txt /NOMEM
>/NOHIMEM /NOBOOT]
>Testing c:\xxmail\mailroot\avfilter\1008283673831.422.defiant\*.* volume
>DRIVEC serial ACBD-E688
>
>------------------------------------------------------------
>Test start 12/13/01 14:47:54
>Elapsed time: 0 sec.
>------------------------------------------------------------
>Scanned files : 2
>Scanned sectors : 0
>No viruses found.
>------------------------------------------------------------
>
>
>Soorry to confuse those that would try and help me!!!
>
>Tony
> ----- Original Message -----
> From: Bill Healy
> To: '[EMAIL PROTECTED]'
> Sent: Thursday, December 13, 2001 2:44 PM
> Subject: [xmail] Re: AV Filter for Win32 XMAIL
>
>
> Don't think that change will work for you. It looks like the word
> "infected" always appears in the summary report, it just might be 0
> found or not. Maybe change it to look for "Trojan horse".
>
> Bill
>
> >----------
> >From: [EMAIL PROTECTED][SMTP:[EMAIL PROTECTED]]
> >Sent: Thursday, December 13, 2001 2:36 PM
> >To: [EMAIL PROTECTED]
> >Subject: [xmail] Re: AV Filter for Win32 XMAIL
> >
> >
> >Here is a solution that works for this part of the problem.
> >
> >Here is example of infected file report:
> >
> >AVG 6.0 Anti-Virus System
> >Copyright GRISOFT Inc. 2001
> >Program version 6.307, database version 168
> >Command line: [/HEUR
> >c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* /REPORT
> >c:\xxmail\mailroot\avfilter\temp\rep-1008279248678.401.defiant.txt /NOMEM
> >/NOHIMEM /NOBOOT]
> >Testing c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* volume
> >DRIVEC serial ACBD-E688
> >c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\server.exe Trojan
>horse
> >BackDoor.Subseven
> >
> >------------------------------------------------------------
> >Test start 12/13/01 14:27:37
> >Elapsed time: 0 sec.
> >------------------------------------------------------------
> >Scanned files : 2
> >Scanned sectors : 0
> >Infected files : 1
> >Infected sectors : 0
> >------------------------------------------------------------
> >
> >Here is example of non infected report:
> >
> >AVG 6.0 Anti-Virus System
> >Copyright GRISOFT Inc. 2001
> >Program version 6.307, database version 168
> >Command line: [/HEUR
> >c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* /REPORT
> >c:\xxmail\mailroot\avfilter\temp\rep-1008279248678.401.defiant.txt /NOMEM
> >/NOHIMEM /NOBOOT]
> >Testing c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* volume
> >DRIVEC serial ACBD-E688
> >c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\server.exe Trojan
>horse
> >BackDoor.Subseven
> >
> >------------------------------------------------------------
> >Test start 12/13/01 14:27:37
> >Elapsed time: 0 sec.
> >------------------------------------------------------------
> >Scanned files : 2
> >Scanned sectors : 0
> >Infected files : 1
> >Infected sectors : 0
> >------------------------------------------------------------
> >
> >locate line in avfilter.js:
> >
> > if (repfileStr.indexOf('Virus found') != -1 || repfileStr.indexOf('Virus
> >identified') != -1) {
> >
> > Change to:
> >
> > if (repfileStr.indexOf('Infected') != -1 || repfileStr.indexOf('Virus
> >identified') != -1) {
> >
> >And now the avfilter.js completes its mission when called from the command
> >line with correct paramters. The emails get sent, the log gets updated.
> >
> >Still investigating.
> >
> >Tony
> >
> > ----- Original Message -----
> > From: [EMAIL PROTECTED]
> > To: [EMAIL PROTECTED]
> > Sent: Thursday, December 13, 2001 2:07 PM
> > Subject: [xmail] Re: AV Filter for Win32 XMAIL
> >
> >
> >
> > Edinilson;
> >
> > Here is the report created for an infected file:
> >
> > AVG 6.0 Anti-Virus System
> > Copyright GRISOFT Inc. 2001
> > Program version 6.307, database version 168
> > Command line: [/HEUR
> >c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* /REPORT
> >c:\xxmail\mailroot\avfilter\temp\rep-1008279248678.401.defiant.txt /NOMEM
> >/NOHIMEM /NOBOOT]
> > Testing c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* volume
> >DRIVEC serial ACBD-E688
> > c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\server.exe Trojan
> >horse BackDoor.Subseven
> >
> > ------------------------------------------------------------
> > Test start 12/13/01 14:01:14
> > Elapsed time: 0 sec.
> > ------------------------------------------------------------
> > Scanned files : 2
> > Scanned sectors : 0
> > Infected files : 1
> > Infected sectors : 0
> > ------------------------------------------------------------
> >
> > If I understand the script correctly, this line:
> >
> > if (repfileStr.indexOf('Virus found') != -1 ||
>repfileStr.indexOf('Virus
> >identified') != -1) {
> >
> > is looking for the phrase Virus Found or Virus Identified - neither one
>of
> >which appears in the report. This would account for the reason no virus
>are
> >being detected by the script. Are you using a different version of the
>AVG
> >engine, or perhaps a slightly different version of the script than I am?
> >
> > Tony
> >
> >
> > ----- Original Message -----
> > From: [EMAIL PROTECTED]
> > To: [EMAIL PROTECTED]
> > Sent: Thursday, December 13, 2001 1:56 PM
> > Subject: [xmail] Re: AV Filter for Win32 XMAIL
> >
> >
> >
> > Edinilson;
> > Much better now. Everything in the avfilter.bat that is supposed to
> >happen does!
> > Now I know the problem must be in the avfilter.js, after the bat is
> >called.
> > The infected emails still get delivered, and no warning message gets
> >sent. We are closer - any more ideas?
> > Thanks in advanc!
> > Tony
> > ----- Original Message -----
> > From: [EMAIL PROTECTED]
> > To: [EMAIL PROTECTED]
> > Sent: Thursday, December 13, 2001 12:56 PM
> > Subject: [xmail] Re: AV Filter for Win32 XMAIL
> >
> >
> >
> > I had certainly checked and rechecked. Still - you were correct.
>The
> >directory and file deletions in avfilter\temp were not being done due to a
> >path problem! Also, without any more changes - the report file is now
>being
> >created in the temp dir as expected! Closer than ever to sucess.
> >
> > The report file now stays in the temp dir. Still no emails being
>sent,
> >and it seems the infected mail is still delivered. More hints please?
>And
> >THANK YOU.
> >
> > Tony
> >
> > ----- Original Message -----
> > From: Edinilson J. Santos
> > To: [EMAIL PROTECTED]
> > Sent: Thursday, December 13, 2001 12:41 PM
> > Subject: [xmail] Re: AV Filter for Win32 XMAIL
> >
> >
> > Are you sure that all drives and paths was replaced with your own
> >path (for
> > me drive is D: and xmail path is \mailroot) in avfilter.js and
> >avfilter.bat
> > ?
> > It�s a very simple script but rely on specific paths
> >
> > Edinilson
> > ---------------------------------------------------------
> > ATINET-Afiliado UOL de Atibaia
> > Rua Francisco R. Santos, 54 sala 3
> > ATIBAIA/SP Cep: 12940-250
> > Tel Voz: (0xx11) 4412-0876
> > http://www.atinet.com.br
> >
> >
> > ----- Original Message -----
> > From: <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, December 13, 2001 6:33 PM
> > Subject: [xmail] Re: AV Filter for Win32 XMAIL
> >
> >
> > New, more information.
> >
> > On more testing, the last statement in avfilter.bat that I can
> >verify is
> > being run sucessfully is uudecode. If I run the line which
>invokes
> >AVG by
> > hand (substituting values for %2), it runs correctly, and creates
>the
> >report
> > in the \avfilter\temp directory.
> >
> > Tony
> > ----- Original Message -----
> > From: <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, December 13, 2001 10:17 AM
> > Subject: [xmail] Re: AV Filter for Win32 XMAIL
> >
> >
> > > Thank your Mr. Santos!
> > >
> > > After your recommended test, here is the results.
> > >
> > > The mail file was copied to the created dir in avfilter as
> >expected. The
> > > virus attachment was extracted, and in the same DIR. (I rem'd
>the
> >code
> > that
> > > deletes this temp file and dir so I could better track the
>results
> >of the
> > > test.)
> > >
> > > The \avfilter\temp dir seems to have something written in to it,
> >but if
> > so,
> > > it was deleted before I could see it there. I can only tell
>because
> >the
> > > avfilter/temp directory moved (as it does when something is
>written
> >to it)
> > > it position in the dir list.
> > >
> > > No emails warning of virus were sent to either address, and the
> >original
> > > email with the virus was delivered to the end user. :(
> > >
> > > Do you have any thoughts on this problem?
> > >
> > > Thank again
> > >
> > > Tony
> > >
> > > ----- Original Message -----
> > > From: "Edinilson J. Santos" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Thursday, December 13, 2001 3:49 AM
> > > Subject: [xmail] Re: AV Filter for Win32 XMAIL
> > >
> > >
> > > > May I help you?
> > > >
> > > > Try to do the following:
> > > > Open a command prompt window.
> > > >
> > > > cd\mailroot\avfilter
> > > > cscript avfilter.js SOME-EMAIL-FILE [EMAIL PROTECTED]
> >YOUR-EMAIL-ADDRESS
> > > >
> > > > And report me what happens.
> > > >
> > > > Edinilson
> > > > ---------------------------------------------------------
> > > > ATINET-Afiliado UOL de Atibaia
> > > > Rua Francisco R. Santos, 54 sala 3
> > > > ATIBAIA/SP Cep: 12940-250
> > > > Tel Voz: (0xx11) 4412-0876
> > > > http://www.atinet.com.br
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Wednesday, December 12, 2001 6:08 PM
> > > > Subject: [xmail] Re: AV Filter for Win32 XMAIL
> > > >
> > > >
> > > > I do not have success with these scripts. Can anyone help?
>It
> >seems
> > the
> > > > AVG engine ins't making the temp file - or something in that
> >area.
> > ANyone
> > > > please?
> > > >
> > > > Tony
> > > > ----- Original Message -----
> > > > From: "Edinilson J. Santos" <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Monday, December 10, 2001 4:13 AM
> > > > Subject: [xmail] AV Filter for Win32 XMAIL
> > > >
> > > >
> > > > > For those looking for a AV filter script that works with
>XMail
> >for
> > > Win32,
> > > > > try:
> > > > > http://www.atinet.com.br/xmail/avfilter.zip
> > > > >
> > > > > Edinilson
> > > > > ---------------------------------------------------------
> > > > > ATINET-Afiliado UOL de Atibaia
> > > > > Rua Francisco R. Santos, 54 sala 3
> > > > > ATIBAIA/SP Cep: 12940-250
> > > > > Tel Voz: (0xx11) 4412-0876
> > > > > http://www.atinet.com.br
> > > > >
> > > > >
> > > > > ---
> > > > > Outgoing mail is certified Virus Free.
> > > > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > > > Version: 6.0.306 / Virus Database: 166 - Release Date:
> >04/12/2001
> > > > >
> > > > > -
> > > > > To unsubscribe from this list: send the line "unsubscribe
> >xmail" in
> > > > > the body of a message to [EMAIL PROTECTED]
> > > > > For general help: send the line "help" in the body of a
>message
> >to
> > > > > [EMAIL PROTECTED]
> > > > >
> > > > >
> > > >
> > > > -
> > > > To unsubscribe from this list: send the line "unsubscribe
>xmail"
> >in
> > > > the body of a message to [EMAIL PROTECTED]
> > > > For general help: send the line "help" in the body of a
>message
> >to
> > > > [EMAIL PROTECTED]
> > > >
> > > >
> > > >
> > > >
> > > > ---
> > > > Outgoing mail is certified Virus Free.
> > > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > > Version: 6.0.307 / Virus Database: 168 - Release Date:
>11/12/2001
> > > >
> > > > -
> > > > To unsubscribe from this list: send the line "unsubscribe
>xmail"
> >in
> > > > the body of a message to [EMAIL PROTECTED]
> > > > For general help: send the line "help" in the body of a
>message
> >to
> > > > [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > > -
> > > To unsubscribe from this list: send the line "unsubscribe xmail"
>in
> > > the body of a message to [EMAIL PROTECTED]
> > > For general help: send the line "help" in the body of a message
>to
> > > [EMAIL PROTECTED]
> > >
> > >
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe xmail"
>in
> > the body of a message to [EMAIL PROTECTED]
> > For general help: send the line "help" in the body of a message to
> > [EMAIL PROTECTED]
> >
> >
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.307 / Virus Database: 168 - Release Date: 11/12/2001
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe xmail"
>in
> > the body of a message to [EMAIL PROTECTED]
> > For general help: send the line "help" in the body of a message to
> > [EMAIL PROTECTED]
> >
> >
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe xmail" in
> > the body of a message to [EMAIL PROTECTED]
> > For general help: send the line "help" in the body of a message to
> > [EMAIL PROTECTED]
> >
> >
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe xmail" in
> > the body of a message to [EMAIL PROTECTED]
> > For general help: send the line "help" in the body of a message to
> > [EMAIL PROTECTED]
> >
> >
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe xmail" in
> > the body of a message to [EMAIL PROTECTED]
> > For general help: send the line "help" in the body of a message to
> > [EMAIL PROTECTED]
> >
> >
> >
> >-
> >To unsubscribe from this list: send the line "unsubscribe xmail" in
> >the body of a message to [EMAIL PROTECTED]
> >For general help: send the line "help" in the body of a message to
> >[EMAIL PROTECTED]
> >
> >
> -
> To unsubscribe from this list: send the line "unsubscribe xmail" in
> the body of a message to [EMAIL PROTECTED]
> For general help: send the line "help" in the body of a message to
> [EMAIL PROTECTED]
>
>
>
>-
>To unsubscribe from this list: send the line "unsubscribe xmail" in
>the body of a message to [EMAIL PROTECTED]
>For general help: send the line "help" in the body of a message to
>[EMAIL PROTECTED]
>
>
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
