It works for me. I'm using the extended error codes (one of the command
line options), to make it a bit more cautious. My config looks like:
# Defang and scan exe files
#
file_list_5_scanner = 0:20:8,16,24,28,32,36,40:/usr/local/bin/sweep -di
-archive -all -loopback -sc -eec -ss -f %FILENAME
file_list_5_policy = defang:defang:save:save
file_list_5 = (?i)\.(exe|com)$
Note that I do not pass exe or com files, without defanging them first. I
prefer people to zip up their mails.
I have a similar setup in a larger file list, except that the first policy
is to accept, so clean zips, and docs, etc will get straight through.
Also, note that I am not using a script to call sweep. I'm calling sweep
directly. This probably speeds things up (but only a little bit), but it
also has a disadvantage, in that it doesn't send administrative alerts
about the virus, it just quietly quarantines it. Then there is no log of
who that quarantined file was destined for.
ONE IMPORTANT NOTE. The way this is set up, I have it quarantining files
that it is unable to scan, due to ANY issues.
Because of that, encrypted zip files, and excrypted documents will be
quarantined, and I occasionally have to manually send them off to their
destination.
_______________________________________
/\ \
| |\ Robert C. Litman \
| | | |
\/__| |
| http://www.rlitman.com |
__| ftp://ftp.rlitman.com |
/\ | |
| | | 65567@xyz.molar.is |
| |/ /
\/_______________________________________/
|---------+---------------------------->
| | Corey Appleby |
| | <corey@aspstation|
| | .net> |
| | |
| | 11/14/2002 10:25 |
| | PM |
| | |
|---------+---------------------------->
>------------------------------------------------------------------------------------------------------------------|
| |
| To: 65476@xyz.molar.is |
| cc: |
| Subject: [anomy-list]: Sanitizer + Sophos question |
>------------------------------------------------------------------------------------------------------------------|
Hello,
I'm running the Sanitizer with Sophos' virus scanner. The scanner is
working, and the sanitizer is working, but I can't get them to work
together. Here's my setup:
My sanitizer.rc file calls a wrapper script for sweep.
sanitizer.rc:
file_list_3_scanner = 0:20:24:/usr/local/bin/sweep.sh %FILENAME
file_list_3_policy = accept:accept:drop:save
file_list_3 = (?i)\.(com)$
here's the contents of that wrapper.
sweep.sh:
#!/bin/sh
[ "$1" = "" ] && exit 21
[ -f "$1" ] || exit 22
exec /usr/local/bin/sweep -di -eec -nc -p=/var/log/sophos_sweep.log $1
2>/dev/null > /dev/null
But when I send myself a .com file, Sanitizer does whatever the default
policy is for that rule (in this case it saves it) Here's the
SANITIZER-LOG output:
Part (pos="962"):
SanitizeFile (filename="test.com", mimetype="TEXT/PLAIN"):
Match (rule="3"):
ScanFile (file="/var/spool/quarantine/SM-test.com"):
Unknown exit code: 9216
Enforced policy: save
Obviously that exit code isn't what I should be getting. Sophos sweep
should return one of the codes I have listed. Anyone have any idea why
I'm getting that code? I modeled my wrapper script on the avp.sh
script in the Sanitizer "real world configuration" example on Anomy's
website.
Any help would be greatly appriciated.
Thanks,
corey