On Wednesday 09 March 2005 10:00 am, Calin A. Culianu wrote: > On Wed, 9 Mar 2005, Tomasz Kojm wrote: > >> In particular, I am thinking of supporting at least: > >> > >> %f - infected filename > > > > It was already supported but has been removed due to security issues. > > Why is this a security issue? > > The sysadmin specifies in the configuration file that he _wants_ %f, > therefore that means he knows the implications of it. If he thinks it's a > security risk, he can just not include %f in his VirusEvent string. > > Could %f support be resurrected? The reason I think %f is important is > that if one wants to use clamuko for on-access scanning, it is useful to > know immediately which file was blocked because it was infected. This > involves using VirusEvent to run a program, telling that program which > file was infected. > > Another approach involves parsing the log file which is not as clean or > elegant, in my opinion. It would be nice to just rely on VirusEvent > without too much polling of log files.
well, I know they'll probably tell you that the %f flag won't be resurrected..
but it might be kinda nice to add the filename to an environment variable
that the script can use...
-Jeremy
--
Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc.
[EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l
kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail
GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED]
pgpjBpWTT62pD.pgp
Description: PGP signature
_______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
