>1) Does ASSP decode mim and place mime parts in the filescan directory
yes - if the ASSP_AFC plugin is used
no - without the ASSP_AFC plugin - in this case it is not possible to
decode any thing, because the number of bytes is restricted to MaxBytes
>2) Does ASSP call the filescan command for each mime part or just once
and expects that the scanner will scan all files in the dir/subdir?
the ASSP_AFC plugin scannes every part after each other
without the plugin - assp writes MaxBytes to a single file
>3) I am confused about the "good" and "bad" and how that relates to a)
scoring and the SuspiciousVirus variable
FileScanRespRe defines what should be used from the returned string to
determine the virusname
SuspiciousVirus defines which result is suspicious
good and bad are use like described in the GUI
>4) Since my AV returns 1, 0 or UNKNOWN there appears ... What can I do to
differentiate?
nothing - or use another AV if you need to detect suspicious results
I can't believe that there is an AV product, that is not writing the virus
name to STDOUT or STDERR - both are used as result string by ASSP
Thomas
Von: TR Shaw <ts...@oitc.com>
An: ASSP development mailing list <assp-test@lists.sourceforge.net>,
Datum: 03.11.2012 23:37
Betreff: [Assp-test] More questions on filescan
1) Does ASSP decode mim and place mime parts in the filescan directory
2) Does ASSP call the filescan command for each mime part or just once and
expects that the scanner will scan all files in the dir/subdir?
3) I am confused about the "good" and "bad" and how that relates to a)
scoring and the SuspiciousVirus variable
4) Since my AV returns 1, 0 or UNKNOWN there appears to be an inability to
use the SuspiciousVirus regex to score since there is no distinction
between clamav sigs and filescan responses. What can I do to
differentiate?
TIA,
Tom
------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
