Re: uvscan with anmomy

From: Geoff Seeley (
Date: Wed 17 Jul 2002 - 20:20:17 UTC

  • Next message: "Re: uvscan with anmomy"

    ----- Original Message -----
    From: "Ron 'The InSaNe OnE' Rosson" <>
    To: <>
    Sent: Wednesday, July 17, 2002 11:36 AM
    Subject: [anomy-list]: uvscan with anmomy

    > file_list_4_scanner = 0:5:3,4:/usr/local/bin/uvscan -c %FILENAME
    > file_list_4_policy = unknown:save:save:save
    > file_list_4 = (?i)\.(xls|d(at|oc)|p(pt|l)|rtf|[sp]?html?
    > file_list_4 += |class|upd|wp\d?|m?db
    > file_list_4 += |z(ip|oo)|ar[cj]|lha|[tr]ar|rpm|deb|slp|tgz
    > file_list_4 += )(\.g?z|\.bz\d?)*$
    > Everything so in the first three rules apears to work. It is
    > the 4th one that is supposed to kick off the virus scanner.
    > I have the klez worm that I have tested uvscan with and it
    > detects it fine. so when I attach the file to an email and
    > send it locally thru the unix server anomy never detects the
    > file is a virus. ( I do not think it is starting the virus
    > scanner)
    > Anyone have any ideas what I am doing wrong.

    I think it is your exit codes. When I set up my configuration file, I found the
    exit codes listed in the man page for uvscan and based my configuration on this.
    Here are the relevant parts:

    # McAfee VirusScan exit codes mapped to policies
    # "accept" if the file is clean (exit status 0)
    # "mangle" if the file was dirty, but is now clean (19)
    # "drop!" if the file is still dirty (12 or 13)
    # "save" if the virscan utility returns some other exit code
    # or an error occurs.
    # Scan Word,Excel,WordPerfect,Project,Corel Quattropro
    # SQL, Visio, PDF, Powerpoint
    # attachments.

    file_list_3 = (?i)\.(do[tc]|xl[sw]|p[po]t|rtf|wpd|mpp|wb3|sql|vsd|p(df|cx)|pps)$
    file_list_3_policy = accept:mangle:drop!:save
    file_list_3_scanner = 0:19:12,13:/opt/uvscan/uvscan --clean %FILENAME


    hosted by