* Mark Martinec <mark.martinec+ama...@ijs.si>: > Patrick, > > > I need to log the filename that contains a virus. Playing with $log_templ > > and $log_recip_templ I found out I can use %F get almost (see: "filename: > > /.asc,eicar.com/" in example) what I want. > > > > Nov 17 11:25:07 amavisdev amavis[25532]: (25532-01) deflt, Blocked INFECTED > > (310, Eicar-Test-Signature), filename: /.asc,eicar.com/, LOCAL > > [172.16.1.31] [172.16.1.31] <sen...@example.com> -> > > <recipi...@example.com>, quarantine: eWPPLsh4e-dk, Message-ID: > > <20101117102506.gl25...@rayamavis>, mail_id: eWPPLsh4e-dk, Hits: -, size: > > 1166, 283 ms > > > > The %F macro however consists of two informations - MIME type and filename. > > > > It there a way to retrieve the filename only? If not could it be added? >
... > A name of a file which a virus scanner considered infected may or may not be > reported by a virus scanner - depends on which one you use, and if several, > depends on which one reported the infection. > > With virus scanners which take the whole directory name as argument and > do their own traversal, amavisd is not in position to know which file > was infected, unless a virus scanner reports this in its output (which > would need to be parsed to obtain a name, individually for each scanner). How about scanners that take full paths to files in opposition to a whole directory as argument? Would amavis (!) be able to report the filename that was given to the scanner? The particular scanner I am talking about is AVIRAs SAVAPI. The documentation indicates the SCAN command "is used to invoke the engine for a specified file". Here's a test for a full path to a file: # telnet localhost 3333 100 SAVAPI:3.0 SET PRODUCT <id> 100 PRODUCT:<id> SCAN /tmp/letter.zip 310 WORM/Agent ; worm ; Contains detection pattern of the worm WORM/Agent 310 letter.doc .scr <<< WORM/Agent ; worm ; Contains detection pattern of the worm WORM/Agent 319 OK QUIT Here's a test for a full path to a file: # telnet localhost 3333 100 SAVAPI:3.0 SET PRODUCT 10225 100 PRODUCT:10225 319 OK SCAN /tmp/viren/* 350 file open error SCAN /tmp/viren/letter.zip 310 WORM/Agent ; worm ; Contains detection pattern of the worm WORM/Agent 310 letter.doc .scr <<< WORM/Agent ; worm ; Contains detection pattern of the worm WORM/Agent QUIT p...@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org