Re: BAV plug-ins
Hi Sergey, On Friday, January 25, 2002 at 19:45:18 [GMT +], you wrote: SU This is *exactly* what I mean. Many AV checkers have command-line SU interface (CMI), why not use it? CMI is described in AV manuals and SU can be easy imlemented by most of users themselves. I agree with you on that one. RIT could provide a standard plugin for use with scanners without separate plugin via a command line. (Stefan?) ;-) But I'm not sure if I would drop the transparent scanning of NAV 2002 of incoming and outgoing messages for this one. :-) -- Regards, Lars The Bat! 1.54 Beta/31 on Windows NT 5.1 Build 2600 |Lars Geiger | mailto:[EMAIL PROTECTED]| -- _ Archives : http://tbbeta.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] Wish List : http://wish.thebat.dutaint.com BugTraq: https://bt.ritlabs.com/
Re: BAV plug-ins
Hi Terry, On Friday, January 25, 2002 at 13:09:49 [GMT -0600], you wrote: TLF Seems to me though that you'd have to parse the message and look in TLF the mime-segments for anything and everything that could carry a TLF virus, then present the parsed segment(s) as file(s) to the command TLF line scanner, then you'd have to know what the scanner(s) would do, TLF await a response(s), and then take appropriate action(s). The MUA has to parse the mail anyway to extract all the parts of the message, don't you think? :-) The only problem I see is in the communication between TB! and the AV program. How to tell TB! that a virus was found? Via a return code? -- Regards, Lars The Bat! 1.54 Beta/31 on Windows NT 5.1 Build 2600 |Lars Geiger | mailto:[EMAIL PROTECTED]| -- _ Archives : http://tbbeta.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] Wish List : http://wish.thebat.dutaint.com BugTraq: https://bt.ritlabs.com/
Re: BAV plug-ins
Lars On Friday, January 25, 2002 1:19 PM you wrote: L The only problem I see is in the communication between TB! and the AV L program. How to tell TB! that a virus was found? Via a return code? We use a program for our IMAIL mail server that does this very thing. It is called Declude by Scott Perry at Computerized Horizons. Basically we use it with both f-prot and Network Associates or McaFfee. Normally f-prot catches everything. It is very rare that a virus makes it to McAffee. Imail has a hook that allows this to work. The hook is set so that a message is presented to the program pointed to by the hook instead of the Queue. Then Declude grabs the message, parses it, and presents the file to whatever command line scanner you've configured. Declude waits on the response from the scanner and places the message back in the queue if no virus is found. If a virus is found then the message is quarantined. Emails can be generated to various sources then depending upon configuration. In my declude configuration for f-prot for instance I have a line like this: SCANFILE C:\F-Prot\F-Prot.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOFLOPPY /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 REPORT Infection The first and 2nd line above tells the declude program which scan engine to call and what cmd line switches to use. The viruscode lines tell declude the code response to expect from the scanner on finding a virus. The REPORT line tells declude what string to look for in report.txt to identify the virus name. People are using this product with various cmd line scanners with great success. It might not hurt for TB! programmers to contact Scott Perry since this would be a similar application as I see it. Terry Fritts the Bat! 1.54 Beta/31 Windows NT 5.0 Build 2195 -- _ Archives : http://tbbeta.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] Wish List : http://wish.thebat.dutaint.com BugTraq: https://bt.ritlabs.com/
Re: BAV plug-ins
On 25 January 2002 at 09:11 Den wrote: Hello. GMM I have tested many AVP releases with the bat. For me it only worked with GMM AVP 3.5.1.3 Platinum (although it may works with Gold or Std) What file is necessary for connection AVP to The BAT! ? We may find out eventually ;) From what I understand the author(s) of each virus checker will have to write an plugin to TB! via an interface which is not currently freely available. Awkward question: even when it does become available, do the authors and users of TB! collectively have enough clout to get the plugins written? (I shall be on the email to F-Prot, but one swallow does not make a summer :) I can see the point of the plugin (the virus is caught even before the window containing the attachment icon is drawn, thus not giving the user a chance to click on it and ignore all the warnings) but am worried about the mechanics of implementing it to any extent. Alastair -- Alastair Scott (London, United Kingdom) Using Windows XP and The Bat! 1.54 Beta/31 -- _ Archives : http://tbbeta.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] Wish List : http://wish.thebat.dutaint.com BugTraq: https://bt.ritlabs.com/
