Here is a solution that works for this part of the problem.
Here is example of infected file report:
AVG 6.0 Anti-Virus System
Copyright GRISOFT Inc. 2001
Program version 6.307, database version 168
Command line: [/HEUR c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* /REPORT
c:\xxmail\mailroot\avfilter\temp\rep-1008279248678.401.defiant.txt /NOMEM /NOHIMEM
/NOBOOT]
Testing c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* volume DRIVEC serial
ACBD-E688
c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\server.exe Trojan horse
BackDoor.Subseven
------------------------------------------------------------
Test start 12/13/01 14:27:37
Elapsed time: 0 sec.
------------------------------------------------------------
Scanned files : 2
Scanned sectors : 0
Infected files : 1
Infected sectors : 0
------------------------------------------------------------
Here is example of non infected report:
AVG 6.0 Anti-Virus System
Copyright GRISOFT Inc. 2001
Program version 6.307, database version 168
Command line: [/HEUR c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* /REPORT
c:\xxmail\mailroot\avfilter\temp\rep-1008279248678.401.defiant.txt /NOMEM /NOHIMEM
/NOBOOT]
Testing c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* volume DRIVEC serial
ACBD-E688
c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\server.exe Trojan horse
BackDoor.Subseven
------------------------------------------------------------
Test start 12/13/01 14:27:37
Elapsed time: 0 sec.
------------------------------------------------------------
Scanned files : 2
Scanned sectors : 0
Infected files : 1
Infected sectors : 0
------------------------------------------------------------
locate line in avfilter.js:
if (repfileStr.indexOf('Virus found') != -1 || repfileStr.indexOf('Virus identified')
!= -1) {
Change to:
if (repfileStr.indexOf('Infected') != -1 || repfileStr.indexOf('Virus identified') !=
-1) {
And now the avfilter.js completes its mission when called from the command line with
correct paramters. The emails get sent, the log gets updated.
Still investigating.
Tony
----- Original Message -----
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, December 13, 2001 2:07 PM
Subject: [xmail] Re: AV Filter for Win32 XMAIL
Edinilson;
Here is the report created for an infected file:
AVG 6.0 Anti-Virus System
Copyright GRISOFT Inc. 2001
Program version 6.307, database version 168
Command line: [/HEUR c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.*
/REPORT c:\xxmail\mailroot\avfilter\temp\rep-1008279248678.401.defiant.txt /NOMEM
/NOHIMEM /NOBOOT]
Testing c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* volume DRIVEC
serial ACBD-E688
c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\server.exe Trojan horse
BackDoor.Subseven
------------------------------------------------------------
Test start 12/13/01 14:01:14
Elapsed time: 0 sec.
------------------------------------------------------------
Scanned files : 2
Scanned sectors : 0
Infected files : 1
Infected sectors : 0
------------------------------------------------------------
If I understand the script correctly, this line:
if (repfileStr.indexOf('Virus found') != -1 || repfileStr.indexOf('Virus
identified') != -1) {
is looking for the phrase Virus Found or Virus Identified - neither one of which
appears in the report. This would account for the reason no virus are being detected
by the script. Are you using a different version of the AVG engine, or perhaps a
slightly different version of the script than I am?
Tony
----- Original Message -----
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, December 13, 2001 1:56 PM
Subject: [xmail] Re: AV Filter for Win32 XMAIL
Edinilson;
Much better now. Everything in the avfilter.bat that is supposed to happen does!
Now I know the problem must be in the avfilter.js, after the bat is called.
The infected emails still get delivered, and no warning message gets sent. We are
closer - any more ideas?
Thanks in advanc!
Tony
----- Original Message -----
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, December 13, 2001 12:56 PM
Subject: [xmail] Re: AV Filter for Win32 XMAIL
I had certainly checked and rechecked. Still - you were correct. The directory
and file deletions in avfilter\temp were not being done due to a path problem! Also,
without any more changes - the report file is now being created in the temp dir as
expected! Closer than ever to sucess.
The report file now stays in the temp dir. Still no emails being sent, and it
seems the infected mail is still delivered. More hints please? And THANK YOU.
Tony
----- Original Message -----
From: Edinilson J. Santos
To: [EMAIL PROTECTED]
Sent: Thursday, December 13, 2001 12:41 PM
Subject: [xmail] Re: AV Filter for Win32 XMAIL
Are you sure that all drives and paths was replaced with your own path (for
me drive is D: and xmail path is \mailroot) in avfilter.js and avfilter.bat
?
Itīs a very simple script but rely on specific paths
Edinilson
---------------------------------------------------------
ATINET-Afiliado UOL de Atibaia
Rua Francisco R. Santos, 54 sala 3
ATIBAIA/SP Cep: 12940-250
Tel Voz: (0xx11) 4412-0876
http://www.atinet.com.br
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, December 13, 2001 6:33 PM
Subject: [xmail] Re: AV Filter for Win32 XMAIL
New, more information.
On more testing, the last statement in avfilter.bat that I can verify is
being run sucessfully is uudecode. If I run the line which invokes AVG by
hand (substituting values for %2), it runs correctly, and creates the report
in the \avfilter\temp directory.
Tony
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, December 13, 2001 10:17 AM
Subject: [xmail] Re: AV Filter for Win32 XMAIL
> Thank your Mr. Santos!
>
> After your recommended test, here is the results.
>
> The mail file was copied to the created dir in avfilter as expected. The
> virus attachment was extracted, and in the same DIR. (I rem'd the code
that
> deletes this temp file and dir so I could better track the results of the
> test.)
>
> The \avfilter\temp dir seems to have something written in to it, but if
so,
> it was deleted before I could see it there. I can only tell because the
> avfilter/temp directory moved (as it does when something is written to it)
> it position in the dir list.
>
> No emails warning of virus were sent to either address, and the original
> email with the virus was delivered to the end user. :(
>
> Do you have any thoughts on this problem?
>
> Thank again
>
> Tony
>
> ----- Original Message -----
> From: "Edinilson J. Santos" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, December 13, 2001 3:49 AM
> Subject: [xmail] Re: AV Filter for Win32 XMAIL
>
>
> > May I help you?
> >
> > Try to do the following:
> > Open a command prompt window.
> >
> > cd\mailroot\avfilter
> > cscript avfilter.js SOME-EMAIL-FILE [EMAIL PROTECTED] YOUR-EMAIL-ADDRESS
> >
> > And report me what happens.
> >
> > Edinilson
> > ---------------------------------------------------------
> > ATINET-Afiliado UOL de Atibaia
> > Rua Francisco R. Santos, 54 sala 3
> > ATIBAIA/SP Cep: 12940-250
> > Tel Voz: (0xx11) 4412-0876
> > http://www.atinet.com.br
> >
> >
> > ----- Original Message -----
> > From: <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, December 12, 2001 6:08 PM
> > Subject: [xmail] Re: AV Filter for Win32 XMAIL
> >
> >
> > I do not have success with these scripts. Can anyone help? It seems
the
> > AVG engine ins't making the temp file - or something in that area.
ANyone
> > please?
> >
> > Tony
> > ----- Original Message -----
> > From: "Edinilson J. Santos" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Monday, December 10, 2001 4:13 AM
> > Subject: [xmail] AV Filter for Win32 XMAIL
> >
> >
> > > For those looking for a AV filter script that works with XMail for
> Win32,
> > > try:
> > > http://www.atinet.com.br/xmail/avfilter.zip
> > >
> > > Edinilson
> > > ---------------------------------------------------------
> > > ATINET-Afiliado UOL de Atibaia
> > > Rua Francisco R. Santos, 54 sala 3
> > > ATIBAIA/SP Cep: 12940-250
> > > Tel Voz: (0xx11) 4412-0876
> > > http://www.atinet.com.br
> > >
> > >
> > > ---
> > > Outgoing mail is certified Virus Free.
> > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > Version: 6.0.306 / Virus Database: 166 - Release Date: 04/12/2001
> > >
> > > -
> > > To unsubscribe from this list: send the line "unsubscribe xmail" in
> > > the body of a message to [EMAIL PROTECTED]
> > > For general help: send the line "help" in the body of a message to
> > > [EMAIL PROTECTED]
> > >
> > >
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe xmail" in
> > the body of a message to [EMAIL PROTECTED]
> > For general help: send the line "help" in the body of a message to
> > [EMAIL PROTECTED]
> >
> >
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.307 / Virus Database: 168 - Release Date: 11/12/2001
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe xmail" in
> > the body of a message to [EMAIL PROTECTED]
> > For general help: send the line "help" in the body of a message to
> > [EMAIL PROTECTED]
> >
> >
>
> -
> To unsubscribe from this list: send the line "unsubscribe xmail" in
> the body of a message to [EMAIL PROTECTED]
> For general help: send the line "help" in the body of a message to
> [EMAIL PROTECTED]
>
>
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.307 / Virus Database: 168 - Release Date: 11/12/2001
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
