Hi,
The following attachment works for me with kavdaemon.
Regards,
Rick
----- Original Message -----
From: "Bill Arlofski" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, February 06, 2003 10:02 AM
Subject: Re: [Qmail-scanner-general]Kaspersky Antivirus
Hi Ryan. I'd be interested as well.
Currently, I am using qmail-scanner w/KAV and spamassassin. You are right
though, Kaspersky's "qmail-queue" replacement does not work (properly), and
I ended up implementing it without the daemon process. BUT this is obviously
not the best method as the kavscanner program needs to start up, load all
the virus lists etc, for each inbound message! Thanks to the RBLs I use,
the number of actual inbound messages that need to be dealt with is limited.
---
Bill Arlofski
Unix/Novell Systems Administrator
The Hotchkiss School
[EMAIL PROTECTED]
860-435-3140
>>> Ryan Finnie <[EMAIL PROTECTED]> 2/6/2003 3:27:20 AM >>>
Hey all. How many people out there use qmail-scanner with KAV? I'm
asking because qmail-scanner's support for KAV seems to be less than par.
As the FAQ indicates, yes, AVPlinux is VERY slow for just scanning a few
files per run, and the AVPdaemon implementation in qmail-scanner just
doesn't work. However, I've been playing with it, and I think I have hit
gold. I have written a subroutine that is a 100% perl AVPdaemon client
(AVPdaemon uses a named file pipe for communication with a cryptic command
format, but I decyphered it from a C example in the KAV tarball). Once
you start up AVPdaemon, scans are VERY quick. I just need to finish up a
little bit of code, and then will release the patch to you guys.
Ryan
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld =omething 2 See!
http://www.vasoftware.com
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
sub avp_scanner {
#Kaspersky AVPLinux scanner
&debug("kasp: starting scan of directory \"$scandir/$file_id\"...");
my ($avp_verbose)="" if ($DEBUG);
my ($start_avp_time)=[gettimeofday];
my ($DD,$avp_status,$stop_avp_time,$avp_time);
&debug("run $avp_binary $avp_verbose $scandir/$file_id/* 2>&1");
$DD=`$avp_binary $avp_verbose $scandir/$file_id/* 2>&1`;
$avp_status=($? >> 8);
&debug("--output of avp was:\n$DD--");
if ( $avp_status > 0 ) {
# if ($DD =~ /\n\s(.*) infected: (.*)\n/) {
if ($DD =~ /\n(.*)infected: (.*)\n/) {
$quarantine_description=$2;
&debug("There be a virus! ($quarantine_description)");
($quarantine_event=$quarantine_description)=~s/\s/_/g;
$quarantine_event="AVP:".substr($quarantine_event,0,$QE_LEN);
} else {
# if ($DD =~ /\n\s.*:\\(.*) suspicion: (.*)\n/) {
if ($DD =~ /\n\s.*:(.*) suspicion: (.*)\n/) {
$quarantine_description="$1 $2";
&debug("There be a suspect! ($quarantine_description)");
$quarantine_event=$quarantine_description;
$destring="Suspicious file:";
} else {
# &tempfail("corrupt or unknown Kaspersky scanner/resource problems - exit
status $avp_status");
&debug("corrupt or unknown Kaspersky scanner/resource problems - exit st
atus $avp_status");
}
}
}
$stop_avp_time=[gettimeofday];
$avp_time = tv_interval ($start_avp_time, $stop_avp_time);
&debug("kasp: finished scan of dir \"$scandir/$file_id\" in $avp_time secs");
}
