[Avcheck] avcheck new version - patch
Piotr Klaban
makler+avcheck at man.torun.pl
Fri Apr 16 16:02:20 MSD 2004
Hi,
I enclose a patch and new avcheck.c (both gzipped)
with the following changes:
1. updated DrWeb interface (would talk to 4.31)
2. ClamAV support
3. Multi socket support
There are NOT changes for the new version of KAV (5.x).
The multi-socket change makes avcheck not backward compatible.
The -s and -t option changed.
You can test the new avcheck with the ocmmand:
./uchroot -u avpc -d / / $PWD/avcheck -a
-s DrWeb,AVP -s Sophie:
-s Clamav:/var/spool/clamav/./var/run/clamd.sock -n
-f root root < eicar.msg
The error message has the format:
[Sophie] Infected by EICAR-AV-Test,
[Clamav] Infected by Eicar-Test-Signature
'avcheck -h' output:
Usage: avcheck options -- recipient..., where options are:
-f sender - sender's envelope address (required)
-s type[:socket[,socket]] - antivirus daemon type and it's control
socket (either /chrooted/dir/./path/to/file or host:port/chrooted/dir).
Supported antivirus engines and default control sockets are:
AVP /var/spool/avp/./var/run/AvpCtl
DrWeb 127.0.0.1:3000/var/spool/drweb
Sophie /var/spool/sophie/./var/run/sophie
Clamav /var/spool/clamav/./var/run/clamd.sock
(the -s option can be specified multiple times)
-a - continous scan (default stop scan when first virus is found)
-d dir - place files to this temporary directory when
inspecting (do not include the chrooted directory) (default /tst)
-t timeout - timeout, in secounds, to wait for antivirus
answer (default is 0, i.e. no timeout)
-n - do not send (reinject) good mail back into the mail system
-S sendmail_path - /path/to/sendmail-compatible executable
(possible with args -- either using multi-word value or repeating
this option to specify additional arguments) or host:port to speak
subset of SMTP (default is port 25 on localhost)
-h hdr - prepend "X-AV-Checked: <time> hdr" to every checked
mail message
-i program - execute this program to handle infected mail
(default is `infected' in the avcheck's directory)
-w waitfile - do not attempt to contact with antivirus
if waitfile exists but exit with EX_TEMPFAIL instead
(default is to not perform this check)
-c - read message from stdin and pass it into mail system
(using sendmail_path). In this special mode, avcheck acts like
simple transparent mail injection tool (all options except
of -f (required) and -S are ignored in this mode)
For more info - read my previous mail in this thread.
Best regards,
--
Piotr Klaban
-------------- next part --------------
A non-text attachment was scrubbed...
Name: avcheck.c.gz
Type: application/x-gunzip
Size: 10896 bytes
Desc: not available
Url : http://www.corpit.ru/pipermail/avcheck/attachments/20040416/ef9866fc/avcheck.c.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: avcheck-multisocket.diff.gz
Type: application/x-gunzip
Size: 5886 bytes
Desc: not available
Url : http://www.corpit.ru/pipermail/avcheck/attachments/20040416/ef9866fc/avcheck-multisocket.diff.bin
More information about the Avcheck
mailing list