[Avcheck] anounce: experimental versions of avcheck available

Michael Tokarev mjt@tls.msk.ru
Mon, 06 Aug 2001 02:57:07 +0400 

Michael Tokarev wrote:
> 
> I uploaded two *experimental* versions of avcheck
> (note without "p") to
>  ftp://ftp.corpit.ru/pub/avpcheck/beta/
> 
> In short:
> 
[]
>  Experimental "feature cutoff/addition": second
>  variant (avcheck2.c on ftp) will call another
>  program to handle all infected mails.  This way,
>  one can write/customize it's own handler that
>  will do what he needs exactly.  There is no
>  handler for now, I'll place an example into this
>  directory shortly.  Note that syslogging also
>  removed from this variant -- script can do it
>  just fine using e.g. `logger' program.
> 
> I need a feedback about second variant's "architecture"
> (as long as no "infected mail handler" exists,
> there is no way to really test it).  The main
> question before proper packaging: can we use
> second variant only (with external handler),
> or this handler should be added to first (current)
> variant as another option?  I personally think about
> "clean" way, where only external handler will
> be used.

I placed the file `infected' into that same ftp
directory.  It contains some useful, ready-to-run
examples on what one can do with infected mail
message.  Currently, all features of former avpcheck
are available (-m/-M, -a/-A, -l etc), and may be
turned on/off by adding/removing comments inside
this script.  And yes, it is very simple customizable
"on the fly".  If you dislike message it generates,
change it, translate it to other language, etc.
If you want to save infected message for further
inspection, do it (and add name of a file into
virus-alert mail if needed).  If you want to notify
postmaster of sending domain, collect necessary
info and send that alerts once per day etc.

Currently, I personally use pair (avcheck2 + this
script) on my server, it seems to work (it notifies
"virusmaster" with full message, original recipients
with message headers, and bounces message by exiting
with EX_UNAVAILABLE here).

To set this beast up, use avcheck2 in master.cf as
appropriate (note all infected-handling options are
removed!), and place (customized as necessary)
`infected' script to the same directory as avcheck2
(or include full path of `infected' using `-i'
avcheck2's option).  That's all.  I like this variant,
and plan to release avcheck2 as official avcheck
soon, packaged properly.  I not expect that it will
be huge package... ;)

For now, I still not tested DrWeb variant on live system --
we're awaiting for DrWeb to come to us officially.

Regards,
 Michael.