[Avcheck] Virus details
Michael Tokarev
mjt@tls.msk.ru
Fri, 10 May 2002 01:49:25 +0400
Michael Tokarev wrote:
[Avcheck reports "Infected by a virus" only, w/o virus name etc]
> Igor Goldenberg wrote:
> > Yes, after upgrading to drweb 4.28 i get the same problem. Maybe it's
> > changes in drweb api?
Ok. Confirmed. drwebd-4.28 does not want to return virus names anymore.
From the API docs and clients code I may conclude that API was NOT changed.
There are two flags (bits) defined for SCAN command:
o DRWEB_RETURN_VIRUSES, drwebd should return strings in a form
infected with EICAR Test File (NOT a Virus!)
possibly infected with COM.TSR Virus
o DRWEBD_RETURN_REPORT:
test.zip - archive PKZIP
>test.zip/test.txt - Ok
>test.zip/test.doc - Ok
Actual string returned:
[32489] /tst/tmp.4378/SEICHO-NO-IE.EXE infected with Win95.Matrix.9216
Avcheck uses the first one. But in 4.28, it does not work anymore.
Obviously, we want first one, not second (it gives far more details than
is necessary).
I hope drweb authors will either fix DRWEV_RETURN_VIRUSES option (it
always reports 0 found virus names), or update docs. For now, use 4.27.
Version 4.27[c] works with drwebase.vdb from 4.28 (this is what I use now).
Regards,
Michael.