[Avcheck] Virus details
Juan Enrique Gómez
juanen@metropoli2000.com
10 May 2002 08:27:06 +0200
El jue, 09-05-2002 a las 23:49, Michael Tokarev escribió:
Hi!
I was talking about AVX :-)
Thanks!
> Michael Tokarev wrote:
>
> [Avcheck reports "Infected by a virus" only, w/o virus name etc]
>
> > Igor Goldenberg wrote:
> > > Yes, after upgrading to drweb 4.28 i get the same problem. Maybe it's
> > > changes in drweb api?
>
> Ok. Confirmed. drwebd-4.28 does not want to return virus names anymore.
> >From the API docs and clients code I may conclude that API was NOT chang=
ed.
>
> There are two flags (bits) defined for SCAN command:
>
> o DRWEB_RETURN_VIRUSES, drwebd should return strings in a form
> infected with EICAR Test File (NOT a Virus!)
> possibly infected with COM.TSR Virus
>
> o DRWEBD_RETURN_REPORT:
> test.zip - archive PKZIP
> >test.zip/test.txt - Ok
> >test.zip/test.doc - Ok
> Actual string returned:
> [32489] /tst/tmp.4378/SEICHO-NO-IE.EXE infected with Win95.Matrix.9216
>
> Avcheck uses the first one. But in 4.28, it does not work anymore.
> Obviously, we want first one, not second (it gives far more details than
> is necessary).
>
> I hope drweb authors will either fix DRWEV_RETURN_VIRUSES option (it
> always reports 0 found virus names), or update docs. For now, use 4.27.
> Version 4.27[c] works with drwebase.vdb from 4.28 (this is what I use now=
).
>
> Regards,
> Michael.
> _______________________________________________
> Avcheck mailing list
> Avcheck@list.corpit.ru
> http://www.corpit.ru/mailman/listinfo/avcheck
>
--
---------------------------------------------------
|Juan Enrique Gómez Pérez
|CEO & D.Financiero & Sistemas
|Metropoli2000 Networks, S.L.
|http://www.metropoliglobal.com
|Phone: +34 914250023
|Fax: +34 914250136
|email: juan.enrique.gomez@metropoli2000.com
--------------------------------------------------