I recently got caught my McAfee when they changed the return string. Not a
problem once I figured out what was going on ;-) I thought I'd share my
modified script with readers as I got the original off here ages ago.....
(excuse the line wraps)
Cheers
Kevin
#!/bin/sh
RET=0
if test $RET -eq 0; then
if test -x /usr/local/uvscan/uvscan; then
/usr/local/uvscan/uvscan --noboot --unzip --secure --allole --mime "$1"
2>/dev/null >/dev/null
if test $? -eq 13; then
INFO=`/usr/local/uvscan/uvscan --noboot --unzip --secure --allole --mime
"$1" 2>/dev/null | grep -iE "Found.*virus" | sed -e 's/.*Found the \(.*\)/\1/i'
-e 's/^[ ]*//g' -e 's/[ ]*$//g' -e 's/ virus !!!$//g'`
if test "$INFO" == ""; then
INFO=`/usr/local/uvscan/uvscan --noboot --unzip --secure --allole
--mime "$1" 2>/dev/null | grep -iE "Found.*trojan" | sed -e 's/.*Found the
\(.*\)/\1/i' -e 's/^[ ]*//g' -e 's/[ ]*$//g' -e 's/ trojan !!!$//g'`
fi
if test "$INFO" == ""; then
INFO=`/usr/local/uvscan/uvscan --noboot --unzip --secure --allole
--mime "$1" 2>/dev/null`
/usr/bin/mail -s "McAfee - Unknown virus $INFO" [EMAIL PROTECTED]
</dev/null 2>/dev/null
INFO=UNKNOWN
fi
echo "VIRUS $INFO"
RET=3
fi
fi
fi
if test $RET -eq 0; then
if test -x /usr/bin/clamdscan; then
/usr/bin/clamdscan --disable-summary "$1" 2>/dev/null >/dev/null
if test $? -eq 1; then
INFO=`/usr/bin/clamdscan --disable-summary --stdout "$1" | grep FOUND |
sed -e 's/.*: //' -e 's/ FOUND//'`
echo "VIRUS $INFO"
RET=3
else
echo "CLEAN:OK"
fi
else
echo "ERROR"
RET=2
fi
fi
exit $RET
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
