Hi,
I think you need to enable "extended error codes" from Sophos. I use it
like this, /usr/local/bin/sweepit.sh
#!/bin/bash
cd /usr/local/bin
./sweep -f -eec -archive -ns $1
with Anomy sanitizer like this,
file_list_1_scanner = 0:20:24,36:/usr/local/bin/sweepit.sh %FILENAME
file_list_1_policy = accept:defang:save:save
The Sophos documentation says that exit code (errorlevel)
0 = clean
20 = virus detected and succesfuly disinfected
24 = virus detected
36 = internal sophos error
but you only get these error codes when you use sweep with the '-eec'
parameter.
regards,
alex
Chang Kai Cheong wrote:
>
> Hi all,
>
> I have installed the version 1.4.0 sanitizer and passed all the testcases.
> However, I found problem when I set up a policy to scan the "executable
> files" as follows:
>
> file_list_1 = (?i)\.(com|exe|cmd|bat|lnk|pif)$
> file_list_1_policy = accept:save:save
> file_list_1_scanner = 0:2,3:/usr/local/bin/sweep.sh %FILENAME
>
> where the /usr/local/bin/sweep.sh (enclosed below) is a script calling the
> sophos virus scanner "sweep". It turned out that the a test mail message
> attaching a sample virus pattern file "EICAR.COM" was not caught by sweep
> and got sending (accept). However, the script worked just fine when
> running on a command line with EICAR.COM as the argument (i.e., return 3
> on exit). I wondered what I have missed.
>
> Thanks,
> KC Chang Tel: +852 2859 7972
> Computer Officer Fax: +852 2559 7904
> Computer Centre, HKU Email: 17523@xyz.molar.is
>
> == sweep.sh ==
> #!/bin/ksh
> [ "$1" = "" ] && exit 21
> [ -f "$1" ] || exit 20
> exec /usr/local/bin/sweep -nb -f -all -rec -ss -sc -archive $1 2>&1 >/dev/null
>