Re: [AMaViS-user] Bitdefender bdscan And Amavis

On 1/2/08, mayer wrote:
> Hi!
>
> I've used google but it didn't help very much... so I'm counting on you guys... :-)
>
> My problem:
> I've installed BitDefender Antivirus Scanner for Unices
> (http://www.bitdefender.com/PRODUCT-8...or-Unices.html)
> successfully on a Debian Etch machine.
> Amavisd-new is installed and working, too.
>
> But Amavis doesn't recognize and use Bitdefender (bdscan).
>
> I can see where the problem is: the config file of amavis named "15-av_scanners" only includes the old version of Bitdefender (the one with the command bdc)
>
> So, my question (finally) is:
> What do I have to write into this "15-av_scanners" file to get bdscan working with Amavis?
>
> Thanks for your help!
> Stephan
>

################################################## ###
msa:~# bdscan --action=ignore --no-list eicar.com.txt
BitDefender Antivirus Scanner v7.60825 Linux-i686
Copyright (C) 1996-2006 Softwin SRL. All rights reserved.
Trial key found. 29 days remaining.

Default action upon detecting an infected file: ignore action
Default action upon detecting a suspected file: ignore action
/root/eicar.com.txt infected: EICAR-Test-File (not a virus)


Results:
Folders :0
Files :1
Packed :0
Archives :0
Infected files :1
Suspect files :0
Warnings :0
Identified viruses:1
I/O errors :0

msa:~# echo $?
1

################################################## #########
(new version scans archives by default)

Usage: bdscan [options] path
Options:
--no-archive - don't scan archives
--no-mail - don't scan mail databases
--no-pack - don't scan packed programs
--no-recursive - don't recurse into subdirectories

--recursive-level=n - set maximum directory depth level [default 0(all)]
--archive-level=n - set maximum archive depth level [default 12]

--ext[=ext1:ext2] - scan only these extensions
default: see Extensions in bdscan.conf
--exclude-ext[=ext] - exclude these extensions from scanning
default: see ExcludeExtensions in bdscan.conf

--action=[disinfect|quarantine|delete|ignore]
- action to take when an infected file is detected
--suspect-copy - copy suspected files to quarantine
--suspect-move - move suspected files to quarantine
--quarantine=path - path to quarantine
[default /opt/BitDefender-scanner/var/quarantine]

--conf-file=path - path to configuration file
--log[=file] - write log file
[default
/opt/BitDefender-scanner/var/log/bdscan.log]
--log-overwrite - overwrite existing log file

--no-list - do not display scanned files
--no-warnings - do not display warnings
--verbose - display debug information

--update - update virus definitions
--force-insecure-update - do not verify server signature file

--virus-list - display virus list
--info - information about this product
--version - display version number
--help,--? - this help
################################################## ################

Old version:
msa:/usr/local/src# bdc --help
BDC/Linux-Console v7.1 (build 2559) (i386) (Jul 6 2005 16:28:53)
Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved.

Usage: bdc path [parameters]
Parameters:
--files - scan files *
--arc - scan archives
--mail - scan mail databases
--nopack - don't scan packed programs
--ext=ext1;ext2; - scan only this extensions
--log[=file] - create log file
--list - display all files
--prog - scan only program files
--append - append to log file
--disinfect - disinfect files
--delete - delete infected files
--copy - copy infected files in quarantine zone
--copys - move suspected files in quarantine zone
--move - move infected files in quarantine zone
--moves - move suspected files in quarantine zone
--info - information
--nowarn - do not display warnings
--vlist - display virus list
--debug - display debug information
--nor - do not recurse into subdirs
--alev[=n] - set maximum archive depth level
--flev[=n] - set maximum folder depth level
--update - update virus definitions
--help,--? - this help
* = default option
################################################## #################

So, this is a somewhat quick and dirty "replace what changed", but no
doubt can be improved.

### http://www.bitdefender.com/
['BitDefender', 'bdscan',
'--action=ignore --no-list {}', qr/^Infected files *:0+(?!\d)/,
qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
qr/(?:suspected|infected): (.*)(?:\033|$)/ ],
# consider also: --no-warnings --recursive-level=15 --archive-level=15.

################################################## #################

With this in place, with eicar I get:

Jan 2 20:29:14 msa amavis[16191]: (16191-02) run_command: [16502]
/usr/bin/bdscan --action=ignore --no-list
/var/lib/amavis/tmp/amavis-20080102T202614-16191/parts </dev/null 2>&1

Jan 2 20:29:19 msa amavis[16191]: (16191-02) collect_results from
[16502] (BitDefender), 571 bytes, (limit 204800)

Jan 2 20:29:19 msa amavis[16191]: (16191-02) prolong_timer run_av:
timer set to 475 s

Jan 2 20:29:19 msa amavis[16191]: (16191-02) run_av: /usr/bin/bdscan
exit 1, BitDefender Antivirus Scanner v7.60825 Linux-i686\nCopyright
(C) 1996-2006 Softwin SRL. All rights reserved.\nTrial key found. 29
days remaining.\n\nDefault action upon detecting an infected file:
ignore action\nDefault action upon detecting a suspected file: ignore
action\n/var/lib/amavis/tmp/amavis-20080102T202614-16191/parts/p001
infected: EICAR-Test-File (not a virus)\n\n\nResults:\nFolders
....:1\nFiles ...:1\nPacked ...:0\nArchives ...:0\nInfected files
:1\nSuspect files ...:0\nWarnings ...:0\nIdentified viruses:1\nI/O
errors ...:0\n

Jan 2 20:29:19 msa amavis[16191]: (16191-02) run_av (BitDefender):
INFECTED: EICAR-Test-File (not a virus)

and, without eicar:

Jan 2 20:33:21 msa amavis[16191]: (16191-03) run_av: /usr/bin/bdscan
exit 0, BitDefender Antivirus Scanner v7.60825 Linux-i686\nCopyright
(C) 1996-2006 Softwin SRL. All rights reserved.\nTrial key found. 29
days remaining.\n\nDefault action upon detecting an infected file:
ignore action\nDefault action upon detecting a suspected file: ignore
action\n\n\nResults:\nFolders ...:1\nFiles ...:1\nPacked
....:0\nArchives ...:0\nInfected files :0\nSuspect files
....:0\nWarnings ...:0\nI/O errors ...:0\n

Jan 2 20:33:21 msa amavis[16191]: (16191-03) run_av (BitDefender): CLEAN

On the surface it appers to function.

--
Gary V

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/