Re: [AMaViS-user] New AV Scanner

Ot=E1vio,

> > It is a reasonably good place for such a piece of code, the advantage is
> > that it does not require any modifications to amavisd code. Drawback
> > is that its status returns will be interpreted along the same rules
> > as for other virus scanners (e.g. SA is not called for infected mail).
>
> Thanks Mark, but I cant find any (good) information of this ... I
> don't now what amavisd-new expect that my script should return ... do
> you have this information ?

Here is a slightly updated text (items 2a and 2b) from amavisd.conf-sample
(as will go into 2.4.5):

# @av_scanners is a list of n-tuples, where fields semantics is:
# 1. av scanner plain name, to be used in log and reports;
# 2a.scanner program name; this string will be submitted to subroutine
# find_external_programs(), which will try to find the full program path
# name during startup; if program is not found, this scanner is disable=
d.
# Besides a simple string (full program path name or just the basename
# to be looked for in PATH), this may be an array ref of alternative
# program names or full paths - the first match in the list will be use=
d;
# 2b.alternatively, this second field may be a subroutine reference,
# and the whole n-tuple entry is passed to it as args; it should return
# a triple: ($scan_status,$output,$virusnames_ref), where:
# - $scan_status is: true if a virus was found, 0 if no viruses,
# undef if scanner was unable to complete its job (failed);
# - $output is an optional result string to appear in logging and macro=
%v;
# - $virusnames_ref is a ref to a list of detected virus names (may be
# undef or a ref to an empty list);
# 3. command arguments to be given to the scanner program;
# a substring {} will be replaced by the directory name to be scanned, =
i.e.
# "$tempdir/parts", a "*" will be replaced by base file names of parts;
# 4. an array ref of av scanner exit status values, or a regexp (to be
# matched against scanner output), indicating NO VIRUSES found;
# a special case is a value undef, which does not claim file to be clean
# (i.e. it never matches, similar to []), but suppresses a failure warn=
ing;
# to be used when the result is inconclusive (useful for specialized and
# quick partial scanners such as jpeg checker);
# 5. an array ref of av scanner exit status values, or a regexp (to be
# matched against scanner output), indicating VIRUSES WERE FOUND;
# a value undef may be used and it never matches (for consistency with =
4.);
# Note: the virus match prevails over a 'not found' match, so it is safe
# even if the no. 4. matches for viruses too;
# 6. a regexp (to be matched against scanner output), returning a list
# of virus names found, or a sub ref, returning such a list when given
# scanner output as argument;
# 7. and 8.: (optional) subroutines to be executed before and after scanner
# (e.g. to set environment or current directory);
# see examples for these at KasperskyLab AVP and NAI uvscan.


> yep, I didn't remember this :-( on my case it will be a problem,
> because I'll write an script to copy all messages of my users (( and
> some of my domains doesn't have AV's enabled )), like mail auditing
> ... can I use clean_quarantine to copy this messages ?

Right, quarantining code is probably better suited to your task.
Quarantining may send messages to files, to a mailbox or even over
a pipe to another process.

Use clean_quarantine if you only want clean messages to be processed,
or use archive_quarantine if you want all messages (clean, spam,
viruses, banned) to go to a quarantine.

Archive quarantine was introduced with 2.4.3, see RELEASE_NOTES.
See also:
http://www.ijs.si/software/amavisd/a...tml#quarantine

Mark

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?p...orge&CID=3DDE=
VDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/