Lars On Friday, January 25, 2002 1:19 PM you wrote: L> The only problem I see is in the communication between TB! and the AV L> program. How to tell TB! that a virus was found? Via a return code?
We use a program for our IMAIL mail server that does this very thing. It is called Declude by Scott Perry at Computerized Horizons. Basically we use it with both f-prot and Network Associates or McaFfee. Normally f-prot catches everything. It is very rare that a virus makes it to McAffee. Imail has a hook that allows this to work. The hook is set so that a message is presented to the program pointed to by the hook instead of the Queue. Then Declude grabs the message, parses it, and presents the file to whatever command line scanner you've configured. Declude waits on the response from the scanner and places the message back in the queue if no virus is found. If a virus is found then the message is quarantined. Emails can be generated to various sources then depending upon configuration. In my declude configuration for f-prot for instance I have a line like this: SCANFILE C:\F-Prot\F-Prot.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOFLOPPY /NOBOOT /DUMB /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 REPORT Infection The first and 2nd line above tells the declude program which scan engine to call and what cmd line switches to use. The viruscode lines tell declude the code response to expect from the scanner on finding a virus. The REPORT line tells declude what string to look for in report.txt to identify the virus name. People are using this product with various cmd line scanners with great success. It might not hurt for TB! programmers to contact Scott Perry since this would be a similar application as I see it. Terry Fritts the Bat! 1.54 Beta/31 Windows NT 5.0 Build 2195 -- _________________________________________________________ Archives : http://tbbeta.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] Wish List : http://wish.thebat.dutaint.com BugTraq : https://bt.ritlabs.com/
