Re: [AMaViS-user] amavisd-new-2.4.3-rc1 release candidate is available

Tue, 12 Sep 2006 21:53:57 -0700 

Mark Martinec skrev:
> A release candidate for amavisd-new-2.4.3 is available at:
> 
>   http://www.ijs.si/software/amavisd/amavisd-new-2.4.3-rc1.tar.gz


I see that the Kaspersky 5.5 aveclient lists [0,3,6,8] as 'clean' 
results and a regex for infected that should catch (INFECTED|SUSPICION), 
but I can't see that it would be consistent..

 From the man page:

0  no viruses have been detected.
1  unable to connect to aveserver.
2  objects with an unknown viral code have been found.
3  suspicious objects have been found.
4  infected objects have been detected.
5  all infected objects have been disinfected.
6  scan results are unavailable: encrypted or password protected file.
7  system error launching the application (file not found, unable to 
read the file).
8  scan results are unavailable: file is corrupted or input/output error.
9  some of the required parameters are missing from the command line.


On top of that, the manual (pdf) states that there is no response 
'SUSPICION'. Again, copied from the pdf manual:

Event/Result Value:
OK The file is not infected.

CURED (only with disinfection mode enabled) The file had been infected 
and was successfully cleaned.

INFECTED The file is infected by one or more viruses. No request for 
disinfection.

CUREFAILED (only with disinfection mode enabled) The file is infected by 
one or more viruses. Request for disinfection is present, but 
disinfection of the file is impossible.

WARNING The code of the file is similar to that of a known virus.

SUSPICIOUS The file is suspected of being infected by an unknown virus.

ERROR The file cannot be checked due to an error (e.g. if a corrupted 
archive was processed)

PROTECTED The file cannot be checked because it is encrypted.

CORRUPTED The file is corrupted.

My setup for the aveclient/aveserver is this:
   ['Kaspersky Antivirus for Mail Servers',
     ['/opt/kav/5.5/kav4mailservers/bin/aveclient', 'aveclient'],
     '-p /var/run/aveserver -s {}/*', [0], [2,3,4,5],
     qr/(?:INFECTED|SUSPICIOUS) (.+)/,
   ],
-- 

Anders Norrbring
Norrbring Consulting

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Reply via email to