anomy-list

Re: Use of Sophos sweep not working

From: alex morris (17484@xyz.molar.is)
Date: Sun 12 Aug 2001 - 16:31:51 UTC

  • Next message: Paul D. Leif: "Will purchase equipment coming off lease"

    Hi,

    I think you need to enable "extended error codes" from Sophos. I use it
    like this, /usr/local/bin/sweepit.sh

    #!/bin/bash
    cd /usr/local/bin
    ./sweep -f -eec -archive -ns $1

    with Anomy sanitizer like this,

    file_list_1_scanner = 0:20:24,36:/usr/local/bin/sweepit.sh %FILENAME
    file_list_1_policy = accept:defang:save:save

    The Sophos documentation says that exit code (errorlevel)

    0 = clean
    20 = virus detected and succesfuly disinfected
    24 = virus detected
    36 = internal sophos error

    but you only get these error codes when you use sweep with the '-eec'
    parameter.

    regards,

    alex

    Chang Kai Cheong wrote:
    >
    > Hi all,
    >
    > I have installed the version 1.4.0 sanitizer and passed all the testcases.
    > However, I found problem when I set up a policy to scan the "executable
    > files" as follows:
    >
    > file_list_1 = (?i)\.(com|exe|cmd|bat|lnk|pif)$
    > file_list_1_policy = accept:save:save
    > file_list_1_scanner = 0:2,3:/usr/local/bin/sweep.sh %FILENAME
    >
    > where the /usr/local/bin/sweep.sh (enclosed below) is a script calling the
    > sophos virus scanner "sweep". It turned out that the a test mail message
    > attaching a sample virus pattern file "EICAR.COM" was not caught by sweep
    > and got sending (accept). However, the script worked just fine when
    > running on a command line with EICAR.COM as the argument (i.e., return 3
    > on exit). I wondered what I have missed.
    >
    > Thanks,
    > KC Chang Tel: +852 2859 7972
    > Computer Officer Fax: +852 2559 7904
    > Computer Centre, HKU Email: 17523@xyz.molar.is
    >
    > == sweep.sh ==
    > #!/bin/ksh
    > [ "$1" = "" ] && exit 21
    > [ -f "$1" ] || exit 20
    > exec /usr/local/bin/sweep -nb -f -all -rec -ss -sc -archive $1 2>&1 >/dev/null
    >



    hosted by molar.is