On Wed, 2004-03-03 at 03:27, Eduardo wrote: > mar, 02 mar 2004 15:03:11 +0100:18635: run /usr/local/bin/sweep -f -all -eec -sc > -nc -ss -nb -archive /var/spool/qmailscan/tmp/host107823619146118635 2>&1 > mar, 02 mar 2004 15:03:11 +0100:18635: --output of sophos sweep was: > >>> Virus 'W32/Netsky-B' encontrado en el archivo > >>> /var/spool/qmailscan/tmp/host107823619146118635/textfile.zip/textfile.pif > >>> Virus 'W32/Netsky-B' encontrado en el archivo > >>> /var/spool/qmailscan/tmp/host107823619146118635/textfile.zip > -- > 02/03/2004 15:03:11:18635: error_condition: X-Qmail-Scanner-1.20: corrupt or unknown > Sophos scanner error or memory/resource/perms problem - exit status 24
Language issue I'm afraid. The sub-sweep looks for: /Virus\s+'(.*)'\s+found|Virus\s+fragment\s+'(.*)'\s+found/m And of course your install of Sophos isn't English. A "proper" solution would be to rely exclusively on the exit codes to tell if a virus has been found. Unfortunately the problem Q-S faces is that the vendors have a habit of changes exit codes all the time... Not only that, but we want to get the name of the virus out of the output - so we need to know what to look for... Is it a localized version of Sophos, or a "native"? i.e. If you set "export LANG=C" then run "sweep" from the command line, is the output in English or not? Maybe Q-S should set the localization information to English so that any localized AV systems go back into English-mode - so that it can catch the correct output. It would have to be done in such a way as to not alter the language of Alert messages of course... Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
