----- Original Message ----- From: "Dan Spangenberg" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 03, 2001 4:16 PM Subject: RE: [Declude.Virus] errors in log file
> Scott and/or Jerry; > > I could use some help from you or possibly Jerry on getting the batch file > right. I am only a basic hacker when it comes to batch files. I'm not > sure how to handle the errorlevels for dr solomon > :DRSOLOMON > echo - > DRSOLOMON ------------------------------------------------------------------ > --- > d:\progra~1\common~1\networ~1\viruss~1\4.0.xx\scan.exe /ALL /NOBEEP /NOMEM > /UNZIP /NODDA /REPORT report.txt > if errorlevel 1000 goto FPROT > if errorlevel 8 goto virusfound > if errorlevel 3 goto virusfound > Dr. Solomon is the same as McAfee to the best of my knowledge, so my Mcafee settings are probably OK. But you probably need to confirm this. The above are the F-Prot error codes. > :FPROT > echo - > FPROT --------------------------------------------------------------------- > %VscanRoot%\fprot\f-prot /AR /NOBO /DU /NOME /P /C /AU /DE /SI > /REPORT=.\report.txt %1 > if errorlevel 1000 goto END > if errorlevel 8 goto virusfound > if errorlevel 3 goto virusfound > If your not going to handle the F-Prot insufficient memory exit code(7), you might as well drop the "if errorlevel 8" line. Errorlevels evaluate as "true" if the exit code is greater than or equal to the errorlevel given. "If errorlevel 3" will fire for exit codes of 3,4,5,6,7,8...etc. That's why you see errorlevel checks done in descending order. The "1000" line for F-prot is an undocumented error I saw if the command line length exceeds DOS limit. This is unlikely to happen unless your spool directory is deeply nested, or your not using parameter abbreviations. The actual error was somthing over 10,000, but "1000" will catch it. I think it's actually the Causeway DOS extender returning the error. > echo FOUND IT!!!!>>.\report.txt You might want to remove this line. It could confuse the REPORT declude config directive. The REPORT declude config directive should be set to recognize your "first" scanner, under the assumption that 99+% percent of the time it will be the one to find the virus. Declude's notifications won't be able to identify the virus for the other scanners, but this should be rare enough to be only a minor issue. Also, there may be no need to generate a report.txt for your 2nd scanner unless you plan on keeping the report around. I keep all the report output for a couple of days as a debugging aid. If you want to keep the output for all scanners, make sure the command line for you second scanner is set to append to report.txt and not create a new one. > How does one know what errorlevel the scanner is putting out? Read the documentation for the scanner. > Also how is the reporting.txt handled? > If you mean report.txt, see above. > And last, what is a good way to check the batch file to see if both scanners > are being called right and the file is passing through both? > Look at the generated report.txt files. HTH, Jerry This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
