[Avcheck] Virus details

[Juan Enrique Gómez]

El jue, 09-05-2002 a las 23:49, Michael Tokarev escribió:

Hi!

I was talking about AVX :-)

Thanks!

> Michael Tokarev wrote:
> 
> [Avcheck reports "Infected by a virus" only, w/o virus name etc]
> 
> > Igor Goldenberg wrote:
> > > Yes, after upgrading to drweb 4.28 i get the same problem. Maybe it's
> > > changes in drweb api?
> 
> Ok.  Confirmed.  drwebd-4.28 does not want to return virus names anymore.
> >From the API docs and clients code I may conclude that API was NOT chang=
ed.
> 
> There are two flags (bits) defined for SCAN command:
> 
> o DRWEB_RETURN_VIRUSES, drwebd should return strings in a form
>   infected with EICAR Test File (NOT a Virus!)
>   possibly infected with COM.TSR Virus
> 
> o DRWEBD_RETURN_REPORT:
>   test.zip - archive PKZIP
>   >test.zip/test.txt - Ok
>   >test.zip/test.doc - Ok
>  Actual string returned:
>   [32489] /tst/tmp.4378/SEICHO-NO-IE.EXE infected with Win95.Matrix.9216
> 
> Avcheck uses the first one.  But in 4.28, it does not work anymore.
> Obviously, we want first one, not second (it gives far more details than
> is necessary).
> 
> I hope drweb authors will either fix DRWEV_RETURN_VIRUSES option (it
> always reports 0 found virus names), or update docs.  For now, use 4.27.
> Version 4.27[c] works with drwebase.vdb from 4.28 (this is what I use now=
).
> 
> Regards,
>  Michael.
> _______________________________________________
> Avcheck mailing list
> Avcheck@list.corpit.ru
> http://www.corpit.ru/mailman/listinfo/avcheck
> 
-- 
---------------------------------------------------
|Juan Enrique Gómez Pérez
|CEO & D.Financiero & Sistemas
|Metropoli2000 Networks, S.L.
|http://www.metropoliglobal.com
|Phone: +34 914250023
|Fax: +34 914250136
|email: juan.enrique.gomez@metropoli2000.com
--------------------------------------------------