hi i've installed the new version from avira for unix, version 3. @av_scanner snippet:
### Avira for UNIX 3.x ['Avira AntiVir', ['avscan'], '-s --batch --alert-action=none {}', [0], qr/ALERT:/, qr/ALERT: (.+)/m ], playing around i found a (maybe) misbehaviour of amavisd: if "qr/ALERT: (.+)/m " (i used a wrong one, this one works for me) doesn't match the virus description, amavisd will ignore the virus. debug shows "<path>/ parts INFECTED:" and then continues and forwards the email instead of saving to the quarantine. i'm using amavisd 2.6.3-rc1 - Thomas sample output of avscan if it found an infected file: file: /tmp/EICAR last modified on date: 2009-04-16 time: 16:36:17, size: 70 bytes ALERT: Eicar-Test-Signature ; virus ; Contains code of the Eicar-Test-Signature virus ALERT-URL: http://www.avira.com/en/threats?q=Eicar%2DTest%2DSignature no action taken ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/