anomy-list

Re: Use of Sophos sweep not working

From: Chang Kai Cheong (17709@xyz.molar.is)
Date: Mon 13 Aug 2001 - 02:43:16 UTC

  • Next message: Bjarni R. Einarsson: "Re: Use of Sophos sweep not working"

    Hi Alex,

    Thanks for your input and your setting and script work perfectly well.
    After some trial and error, I found that if we defined file list with 3
    potential policies (as in my previous post), it would not work. If I
    added another policy such that:
    file_list_1_policy = accept:defang:save:save
    file_list_1_scanner = 0:1:2,3:/usr/local/bin/sweep.sh %FILENAME

    Any comments?

    Thanks,
    KC Chang

    On Sun, 12 Aug 2001, alex morris wrote:

    > Hi,
    >
    > I think you need to enable "extended error codes" from Sophos. I use it
    > like this, /usr/local/bin/sweepit.sh
    >
    > #!/bin/bash
    > cd /usr/local/bin
    > ./sweep -f -eec -archive -ns $1
    >
    > with Anomy sanitizer like this,
    >
    > file_list_1_scanner = 0:20:24,36:/usr/local/bin/sweepit.sh %FILENAME
    > file_list_1_policy = accept:defang:save:save
    >
    > The Sophos documentation says that exit code (errorlevel)
    >
    > 0 = clean
    > 20 = virus detected and succesfuly disinfected
    > 24 = virus detected
    > 36 = internal sophos error
    >
    > but you only get these error codes when you use sweep with the '-eec'
    > parameter.
    >
    > regards,
    >
    > alex
    >
    >
    >
    > Chang Kai Cheong wrote:
    > >
    > > Hi all,
    > >
    > > I have installed the version 1.4.0 sanitizer and passed all the testcases.
    > > However, I found problem when I set up a policy to scan the "executable
    > > files" as follows:
    > >
    > > file_list_1 = (?i)\.(com|exe|cmd|bat|lnk|pif)$
    > > file_list_1_policy = accept:save:save
    > > file_list_1_scanner = 0:2,3:/usr/local/bin/sweep.sh %FILENAME
    > >
    > > where the /usr/local/bin/sweep.sh (enclosed below) is a script calling the
    > > sophos virus scanner "sweep". It turned out that the a test mail message
    > > attaching a sample virus pattern file "EICAR.COM" was not caught by sweep
    > > and got sending (accept). However, the script worked just fine when
    > > running on a command line with EICAR.COM as the argument (i.e., return 3
    > > on exit). I wondered what I have missed.
    > >
    > > Thanks,
    > > KC Chang Tel: +852 2859 7972
    > > Computer Officer Fax: +852 2559 7904
    > > Computer Centre, HKU Email: 17709@xyz.molar.is
    > >
    > > == sweep.sh ==
    > > #!/bin/ksh
    > > [ "$1" = "" ] && exit 21
    > > [ -f "$1" ] || exit 20
    > > exec /usr/local/bin/sweep -nb -f -all -rec -ss -sc -archive $1 2>&1 >/dev/null
    > >
    >



    hosted by molar.is