anomy-list

Re: clamav (was: Re: more sanitizer questions)

From: Paolo (129399@xyz.molar.is)
Date: Fri 18 Jun 2004 - 09:15:18 GMT

  • Next message: Peter Mueller: "RE: clamav (was: Re: more sanitizer questions)"

    correction...

    -- 
     paolo
     
     GPG/PGP id:0x21426690 kfp:EDFB 0103 A8D8 4180 8AB5  D59E 9771 0F28 2142 6690
    

    On Wed, Jun 16, 2004 at 09:18:46AM +0200, Paolo wrote: > don't know where Peter's scripts are - have checked archive list but could > not find any - perhaps his stuff may be more complete. > Anyway, here's mine - very rough, I'm not interested in doing anything fancy > with suspect email. > One note reg. clamav, it may be tricky to run clam[d]scan from anomy script > as in some distro (eg Debian) clam*scan runs as user clamav, hence is unable > to read anomy's tempfiles that should be mode 600 - that's why I'm feeding > clamdscan from stdin. > > 8<---[.sanitizer.cfg]----- > ... > msg_file_drop += X-Anomy|Eventuale codice maligno rilevato: %VIRUSNAME.\n > ... > file_list_3 = (?i)\.(doc|dot|xls|xlw|sxi|sdc|sdw|sxw > file_list_3 += |zip + file_list_3 += |htm.? > file_list_3 += |[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas)$ -> file_list_3_policy = unknown:drop:drop:drop + file_list_3_policy = unknown:drop:save:save > file_list_3_scanner = 0:1:2:/usr/share/sanitizer/filters/filtro_av.sh %FILENAME > ... > 8<---[/.sanitizer.cfg]---- > > 8<---[/usr/share/sanitizer/filters/filtro_av.sh]----- > #!/bin/sh > # need anomy with VIRUSNAME patch > #exit 0 > VN= > [ -x /usr/bin/clamdscan ] && { > AVR=`cat $1 | /usr/bin/clamdscan - 2>&1` > R=$? > VN=`echo $AVR | grep ": .* FOUND" | sed "s/.*: \([^ ]*\) FOUND.*/\1/"` > # something went bad > [ "$VN" ] || [ $R = 0 ] || \ > echo -e "$0:\nR=$R\nAVR=$AVR" | mail -s"clamdscan, errore: $R" root > } > [ "$VN" ] && { > echo Anomy-FileScan-VirusName: $VN -> exit 1 + exit $R > } -> exit 0 + exit $R > 8<---[//usr/share/sanitizer/filters/filtro_av.sh]----



    hosted by molar.is