[Avcheck] avcheck new version - patch

Piotr Klaban makler+avcheck at man.torun.pl
Fri Apr 16 16:02:20 MSD 2004


Hi,

I enclose a patch and new avcheck.c (both gzipped)
with the following changes:
1. updated DrWeb interface (would talk to 4.31)
2. ClamAV support
3. Multi socket support

There are NOT changes for the new version of KAV (5.x).

The multi-socket change makes avcheck not backward compatible.
The -s and -t option changed.

You can test the new avcheck with the ocmmand:
  ./uchroot -u avpc -d / / $PWD/avcheck -a
    -s DrWeb,AVP -s Sophie:
    -s Clamav:/var/spool/clamav/./var/run/clamd.sock -n
    -f root root < eicar.msg

The error message has the format:
  [Sophie] Infected by EICAR-AV-Test,
  [Clamav] Infected by Eicar-Test-Signature

'avcheck -h' output:

Usage:  avcheck options -- recipient...,  where options are:
 -f sender - sender's envelope address (required)
 -s type[:socket[,socket]] - antivirus daemon type and it's control
   socket (either /chrooted/dir/./path/to/file or host:port/chrooted/dir).
   Supported antivirus engines and default control sockets are:
        AVP     /var/spool/avp/./var/run/AvpCtl
        DrWeb   127.0.0.1:3000/var/spool/drweb
        Sophie  /var/spool/sophie/./var/run/sophie
        Clamav  /var/spool/clamav/./var/run/clamd.sock
   (the -s option can be specified multiple times)
 -a - continous scan (default stop scan when first virus is found)
 -d dir - place files to this temporary directory when
   inspecting (do not include the chrooted directory) (default /tst)
 -t timeout - timeout, in secounds, to wait for antivirus
   answer (default is 0, i.e. no timeout)
 -n - do not send (reinject) good mail back into the mail system
 -S sendmail_path - /path/to/sendmail-compatible executable
   (possible with args -- either using multi-word value or repeating
   this option to specify additional arguments) or host:port to speak
   subset of SMTP (default is port 25 on localhost)
 -h hdr - prepend "X-AV-Checked: <time> hdr" to every checked
   mail message
 -i program - execute this program to handle infected mail
   (default is `infected' in the avcheck's directory)
 -w waitfile - do not attempt to contact with antivirus
   if waitfile exists but exit with EX_TEMPFAIL instead
   (default is to not perform this check)
 -c - read message from stdin and pass it into mail system
  (using sendmail_path).  In this special mode, avcheck acts like
  simple transparent mail injection tool (all options except
  of -f (required) and -S are ignored in this mode)

For more info - read my previous mail in this thread.

Best regards,

-- 
Piotr Klaban
-------------- next part --------------
A non-text attachment was scrubbed...
Name: avcheck.c.gz
Type: application/x-gunzip
Size: 10896 bytes
Desc: not available
Url : http://www.corpit.ru/pipermail/avcheck/attachments/20040416/ef9866fc/avcheck.c.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: avcheck-multisocket.diff.gz
Type: application/x-gunzip
Size: 5886 bytes
Desc: not available
Url : http://www.corpit.ru/pipermail/avcheck/attachments/20040416/ef9866fc/avcheck-multisocket.diff.bin


More information about the Avcheck mailing list