hi
i've installed the new version from avira for unix, version 3. @av_scanner
snippet:
### Avira for UNIX 3.x
['Avira AntiVir', ['avscan'],
'-s --batch --alert-action=none {}', [0], qr/ALERT:/,
qr/ALERT: (.+)/m ],
playing around i found a (maybe) misbehaviour of amavisd:
if "qr/ALERT: (.+)/m " (i used a wrong one, this one works for me) doesn't
match
the virus description, amavisd will ignore the virus. debug shows "<path>/
parts INFECTED:" and then continues and forwards the email instead of
saving to the quarantine.
i'm using amavisd 2.6.3-rc1
- Thomas
sample output of avscan if it found an infected file:
file: /tmp/EICAR
last modified on date: 2009-04-16 time: 16:36:17, size: 70 bytes
ALERT: Eicar-Test-Signature ; virus ; Contains code of the
Eicar-Test-Signature virus
ALERT-URL: http://www.avira.com/en/threats?q=Eicar%2DTest%2DSignature
no action taken
------------------------------------------------------------------------------
Stay on top of everything new and different, both inside and
around Java (TM) technology - register by April 22, and save
$200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
300 plus technical and hands-on sessions. Register today.
Use priority code J9JMT32. http://p.sf.net/sfu/p
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
