[Qmail-scanner-general]QS and AVP Avevclient parse error

Sun, 25 Jul 2004 04:40:57 -0700 

Dobry den, 

  Hi,
  I found interesting behaviour ;)
  I have q.s + aveclient (much faster than kavscanner) but when I send
  email which contains virus file it detected, OK . but when I send
  few files from which only 1 is infected , qs just skipp it. problem
  is that on last line of output. Does any one know how to correct
  this ? pliiz.

only one file >
--output of avp was:
/var/spool/qmailscan/tmp/xeon.alcatel.sk109075282347011392/1090752823.11394-0.xeon.alcatel.sk
 OK
/var/spool/qmailscan/tmp/xeon.alcatel.sk109075282347011392/ADialer.exevirusos INFECTED
LINFECTED I-Worm.Avron.b
--
Sun, 25 Jul 2004 12:53:43 +0200:11392: There be a virus! (I-Worm.Avron.b)
Sun, 25 Jul 2004 12:53:43 +0200:11392: kasp: finished scan of dir "/var/spool/

but more files >

--output of avp was:
/var/spool/qmailscan/tmp/xeon.alcatel.sk109075293647011629/1090752936.11631-0.xeon.alcatel.sk
 OK
/var/spool/qmailscan/tmp/xeon.alcatel.sk109075293647011629/AvrilLavigne.exevir INFECTED
LINFECTED I-Worm.Avron.b
/var/spool/qmailscan/tmp/xeon.alcatel.sk109075293647011629/DELLSUPPORT.ICO OK
/var/spool/qmailscan/tmp/xeon.alcatel.sk109075293647011629/E-wtrmrk.gif OK
/var/spool/qmailscan/tmp/xeon.alcatel.sk109075293647011629/dellbutn.htm OK
/var/spool/qmailscan/tmp/xeon.alcatel.sk109075293647011629/sol_cent.jpg OK
--
Sun, 25 Jul 2004 12:55:36 +0200:11629: kasp: finished scan of dir 
"/var/spool/qmailscan/tmp/xeon.alcatel.sk10907
Sun, 25 Jul 2004 12:55:36 +0200:11629: scanloop: scanner=spamassassin,plain_text_msg=0

and nothing happen

here is sub_avp

sub avp_scanner {
&debug("kasp: starting scan of directory \"$ENV{'TMPDIR'}\"...");
my ($start_avp_time)=[gettimeofday];
my ($avp_verbose,$DD,$avp_status,$stop_avp_time,$avp_time);
 $avp_verbose="-O" if ($DEBUG);
&debug("run aveclient -p  /var/run/aveserver -s $ENV{'TMPDIR'}/*  2>&1");
  $DD=`/opt/kav/bin/aveclient -p /var/run/aveserver -s $ENV{'TMPDIR'}/* 2>&1`;
    $avp_status=($? >> 8);
  &debug("--output of avp was:\n$DD--");
    if ( $avp_status > 0 && $avp_status != 6 && $avp_status != 7) {
    if ($avp_status =~ /^(2|3|4)$/) {
  #This covers the potential viruses 
$quarantine_description="suspicious";
# First try needs to be testet by someone
############# here I think, must be somehow changed ;)
  if ($DD =~ /(LINFECTED) (.*)\n/) {
      $quarantine_description="$2";
    } elsif ($DD =~ /\n[\s|](.*) (suspicion): (.*)[\s]\n/) {
#This covers the specific 
$destring='Suspicious file:';
$quarantine_description="$1 $2 $3";
      }
&debug("There be a $destring! ($quarantine_description)");
  ($quarantine_event=$quarantine_description)=~s/\s/_/g;
$quarantine_event="AVP:".substr($quarantine_event,0,$QE_LEN);
    } else {
 &error_condition("corrupt or unknown Kaspersky scanner error or memory/resource/perms 
  problems - exit status $avp_status");
      }
    }
 $stop_avp_time=[gettimeofday];
$avp_time = tv_interval ($start_avp_time, $stop_avp_time);
 &debug("kasp: finished scan of dir \"$ENV{'TMPDIR'}\" in $avp_time secs");
  }



+-------V-------+ |   Peter Mikeska      |    [EMAIL PROTECTED]     |
| A L C A T E L | |  System Engineer     |  phone:   +421 44 5206316 |
+---------------+ | IT Services MadaCom  |  fax:     +421 44 5206356 |

               -* "Clones are people two." *-



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Reply via email to