[Avcheck] some add-on

Konstantin Nikonenko Konstantin Nikonenko <kostya@dsto.a-teleport.com>
Tue, 13 Nov 2001 14:11:21 +0200 

Hello avcheck,

вот несколько diff
возможно кому-то будет полезным
я попытался более полно раскрыть те места, которые были более всего
мне непонятны

зачем отправлять отправителю вируса _всё_ письмо? достаточно дать
знать. Ведь тот же SirCam шлет себя + пару мегов бог знает чего.
# diff ../avcheck-0.5/infected.ex2.ru infected.ex2.ru
37c37
< VIRUS_ALERT=virus-alert # set to empty to skip administrator email
---
> VIRUS_ALERT=Virus-Alert # set to empty to skip administrator email
38a39
> ATTACH_inf_SENDER=n # attach infected in reply to sender
169,171c170,174
<
< Исходное письмо приводится ниже.
<
---
> "
> if [ ".$ATTACH_inf_SENDER" = .y ] ; then
>  echo "Исходное письмо приводится ниже."
> fi
> echo "
193,195c196,200
<
< Original message given below.
<
---
> "
> if [ ".$ATTACH_inf_SENDER" = .y ] ; then
>   echo "Original message given below."
> fi
> echo "
220a226
> if [ ".$ATTACH_inf_SENDER" = .y ] ; then
229a236
> fi

# diff ../avcheck-0.5/Makefile Makefile
27c27
<         $(SHELL) substlang.sh ex2/ $$l > tmp ; \
---
>         ./substlang.sh ex2/ $$l > tmp ; \

кое что об установке AVP
# diff ../avcheck-0.5/README.AVP README.AVP
105a106
>         # In new vesion this options named Names= in [Object] sections
141a143,144
> #
> # For test You can use ReportFileName=/tmp/kavscan.rpt
167a171,172
>   -Y[-] - skip all dialogs, do nothing, but can be full work in
>     new versions
170a176,177
>   -V - enable RedundantScan. In new versions kavdaemon ask for begin
>    check path. Not good for startups scripts.
175,176c182,183
<  /var/spool/avp/avcheck -n -f root -d /var/spool/avp/./tst \
<   -s avp:/var/spool/avp/ctl/AvpSocket root < eicar.msg
---
>  /var/spool/avp /avcheck -n -f root -d /tst \
>   -s avp:/ctl/AvpCtl -i /infected/infected.ex1 -c root < eicar.msg
178c185,186
< (Note that uchroot above used just like `su' command.)
---
> (Note that uchroot above used just like `su' command and
> path for some files are about root dir /var/spool/avp)
236c244,245
< (for glibc2), on BSD - ?).
---
> (for glibc2), on BSD - /usr/libexec/ld-elf.so.1). If some libs place in
> /usr/local/lib, place they in ./usr/lib

ну и конечно в самом Postfix
# diff ../avcheck-0.5/README.Postfix README.Postfix
22c22,23
< (yes, last character should be an equal sign).
---
> (yes, last character should be an equal sign). This is execute smtpd
> with empty variable content_filter= for already checked messages.
45c46
< daemon listens (set up above).
---
> daemon listens (set up above). Path for all files are full.
53,54c54,57
< Next, after you changed the `infected' script to suit your needs,
< you may add either
---
> Changed the `infected' script to suit your needs. You can add path
> and file name in options -i avcheck.
>
> Next, you may add either
58c61,62
< into main.cf file, to scan *all*, even locally-submitted, mails, or add
---
>   into main.cf file, to scan *all*, even locally-submitted, mails
> OR add
60c64
< to main smtpd's line in master.cf, to read like
---
>   to main smtpd's line in master.cf, to read like

Thanks
-- 
Best regards,
 Konstantin                          mailto:kostya@dsto.a-teleport.com