[Avcheck] Bug in v.0.9
Piotr Klaban
makler@man.torun.pl
Thu, 3 Oct 2002 08:29:59 +0200
On Thu, Oct 03, 2002 at 12:35:11AM +0400, Michael Tokarev wrote:
> It seems the format has been changed somehow. Can you
> please post actual data KAV is sending back? (This can
> be obtained from their command-line scanner too - if memory
> serves me right). I can't just apply your patch because
If it can be helpful, this is a snipped from the /var/log/avpscan.log
<snip>
Kaspersky Anti-Virus for Solaris started 02.10.2002 09:50:04
Version 4.0.2.2
Last update: 29.09.2002, 58683 records.
Command line: -dl -f=/ctl /tst
Profile (from 02.10.2002 09:49:55) /defUnix.prf
^M
Query for the tests: <0>Oct 2 11:50:27:/tst/18560.tmp
02.10.2002 09:50:31 /tst/18560.tmp archive: Mail
02.10.2002 09:50:31 /tst/18560.tmp/[From: jsnujl <jsnujl@eio.e>]/html ok.
02.10.2002 09:50:34 /tst/18560.tmp/[From: jsnujl <jsnujl@eio.e>]/ppyxt.pif infected: I-Worm.Klez.h
</snip>
There IS a <tab> before string 'infected:' (also vefore 'archive:' and 'ok.')
This is version 4.0.2.2 for sparc/Solaris, tested yesterday.
It is different than version for Linux because it has i386 CPU emulation etc.
The only problem I have encountered is that kavdaemon child
dies in that '386CPU emulation' code and ... I had to revert back
to version '3.0 build 136', which is very stable.
--
Piotr Klaban