Re[2]: [Avcheck] Патч для работы с drweb 4.31
Sergey Akhapkin
asv at drweb.ru
Tue Feb 24 14:17:54 MSK 2004
Hello Michael,
Tuesday, February 24, 2004, 1:38:07 PM, you wrote:
MT> Wartan Hachaturow wrote:
MT> []
>> +#define DERR_SPAM_MESSAGE 0x00020000
>> +#define DERR_ARCHIVE_LEVEL 0x00040000
MT> Hmm... What is this?
{drwebdc}/src/dwc_scan.h:
#define DERR_FILTER_REJECT (1<<17) /*= 0x00020000 */
#define DERR_ARCHIVE_LEVEL (1<<18) /*= 0x00040000 */
MT> "SPAM_MESSAGE" is understandable, drwebd has it's
MT> own regexp-based "antispam engine". It may be a
MT> good idea to recognize this bit in avcheck and
MT> handle it the same way as done with infected emails -
MT> i.e, pass it to `infected' script with appropriate
MT> message.
We'vent antispam engine - just rule based filter for MIME-headers.
Examples:
RejectCondition Subject = "money" OR ( Content-Type = "text/html" AND Subject = "8bit" )
RejectPartCondition FileName = "exe$"
MissingHeader "To", "From"
MT> But how about DERR_ARCHIVE_LEVEL? What does it mean
MT> at all? Is it something similar to DERR_ARCHIVE_LEVEL?
MT> That is, should this bit be treated as indicator to
MT> reject the message, or should it be ignored?
It mean that message contains archive with nesting level more that
MaxArchiveLevel from drweb32.ini
Best regards,
Sergey Akhapkin <asv at drweb.ru>
Software Developer
Daniloff's Labs <http://www.drweb.ru>
More information about the Avcheck
mailing list