For those who are writing Anti-Virus matchers, here is some information provided by Martin Kraemer (bcc'd), with permission.
Not included, but worth noting, would be the spamd protocol. We have one submission for that already, which I'll try to get into CVS. > The german computer magazine c't (http://www.heise.de/ct/) > reviewed a couple of Linux virus scanners (free and commercial) > in its latest copy, with not-so-good results for the OSS scanners... > Most of the commercial scanners received positive results. > I don't have the copy here, but I could supply its info > tomorrow if you want. Yes, please. That might be helpful. > I know of 3 commercial AV-Filters which run (in part under the Linux > emulation) on FreeBSD, and which can be tied into the normal mail transfer > and delivery process by using, e.g., amavis: > > ============================================================================ > * Trend Micro (http://www.trendmicro.com/) -- my company bought a > company-wide license for that one: > > # /etc/iscan/vscan > > +----------------------------------------------------+ > | VSCAN for Linux Ver 1.31 | > | | > | Copyright (c) 1990 - 2001 Trend Micro Inc. | > | | > | Rewrite by Sunsa Lue for VSAPI Engine Testing | > +----------------------------------------------------+ > > VSCANLINUX usage: > vscan [/|-option] Drive:[path[filename|@script]] [Drive:[path[filename]] ...] > > option: -S - Scan all files in specified dir and all > subdirs. > option: -C - Clean virus-infected files without any prompting. > option: -D - Delete virus-infected files without any prompting. > option: -B - Scan boot/partition area only. > option: -P - Scan hard disk partition only. > option: -NM - Do not scan memory. > option: -NB - Do not scan boot sector/partition area of disk. > option: -NC - Scan only, do not take any action on virus files. > option: -BK[+|-] - Clean virus infected files backup switch. > option: -L[=file] - Write the scan results to a file. > option: -P=path - Specifiy virus pattern path. > option: -P=file[;file...] - Specifiy virus pattern file(s). > > ============================================================================ > * F-PROT Antivirus for Linux (http://www.f-prot.com/) > http://www.frisk.is/ > > # f-prot -h > Usage: f-prot [drive, file or directory] [options] > > -ai Enable neural-network virus detection. > -append Append to existing report file. > -archive Scan inside .ZIP and .ARJ files. > -auto Automatic virus removal. > -collect Scan a virus collection. > -delete Delete infected files. > -disinf Disinfect whenever possible. > -dumb Do a "dumb" scan of all files. > -ext Scan only files with default extensions. > -follow Follow symbolic links. > -help Display this list. > -list List all files checked. > -nobreak Do not abort scan if ESC is pressed. > -noheur Disable heuristics. > -nosub Do not scan subdirectories. > -old Do not complain when using outdated DEF files. > -onlyheur Only use heuristics, not "normal" scanning. > -packed Unpack compressed executables. > -page Pause after each page. > -rename Rename infected COM/EXE files to VOM/VXE. > -report= Send the output to a file. > -silent Do not generate any screen output. > -type Select files by type. (default) > -virlist List the known viruses. > -virno Count the known viruses. > -wrap Wrap text so the report fits in 78 columns. > Special macro virus options: > -nomacro Do not scan for macro viruses. > -onlymacro Only scan for macro viruses. > -removeall Remove all macros from all documents. > -removenew Remove new variants of macro viruses by > removing all macros from infected documents. > -saferemove Remove all macros from documents, if a known > virus is found. > > ============================================================================ > * NAI McAfee uvscan (http://www.networkassociates.com/us/downloads/) > > Available for FreeBSD native, but I have to LD_PRELOAD libc.so > to satisfy the symbol __stderrp: without the preload, I get > /usr/libexec/ld-elf.so.1: /usr/lib/libm.so.2: Undefined symbol "__stderrp") > > # uvscan --version > Virus Scan for BSD v4.24.0 > Copyright (c) 1992-2003 Networks Associates Technology Inc. All rights reserved. > (408) 988-3832 EVALUATION COPY - Jan 27 2003 > > Scan engine v4.2.40 for BSD. > Virus data file v4284 created Aug 11 2003 > Scanning for 77928 viruses, trojans and variants. > > Usage: > uvscan [--allole] [--analyse | --analyze] > [-c | --clean] [--cleandocall] [--config file] > [--dam] [-d | --dat | --data-directory] [--delete] > [--exclude file] [-e | --exit-on-error] [--extlist] > [--extensions EXT1[,EXT2...]] [--extra file] > [--fam] [-f | --file file] [--floppya] [--floppyb] > [-h | --help] [--ignore-compressed] [--ignore-links] [--load file] > [--manalyse | --manalyze | --macro-heuristics] > [--maxfilesize XXX] [--mime] [--mailbox] [-m | --move directory] > [--noboot] [--nocomp] [--nodecrypt] [--nodoc] [--noexpire] > [--norename] [--one-file-system] > [--panalyse | --panalyze] [-p | --atime-preserve | --plad] > [--program] [-r | --recursive | --sub] > [--secure] [-s | --selected] [--summary] > [-u | --unzip] [-v | --verbose] [--version] [--virus-list] > [-] {file / directory} > > ============================================================================ > The CPU consumption of these virus filters (in combination with > avavisd-new and avavisd-milter on FreeBSD) varies, but is considerable. > Also, the quality of virus detection varies. We might think of evaluating > one or the other and ask the vendors for a free "for dot Org" copy... > > Martin --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
