Sophos setup in amavisd.conf
Mark Martinec
Mark.Martinec+amavis at ijs.si
Tue Jul 31 01:25:23 CEST 2012
lists at sbt.net.au,
> I have a machine with Sophos, when I uncommented default Sophos entry,
> secondary worked but primary didn't, after some searching, I found a conf
> entry that seems to work with Sophos, perhaps that can be added.
>
> I didn't create this entry, not sure who is the original author
>
> ['Sophos Anti Virus (savscan)', '/opt/sophos-av/bin/savscan',
> '-nb -f -all -rec -ss -sc -archive -cab -tnef --no-reset-atime {}',
> [0,2], qr/Virus .*? found/,
> qr/^>>> Virus(?: fragment)? '?(.*?)'? found/ ],
>
> ---------------------------------------------------------------------
> [SAV-LINUX] Virus detected during on-demand scan
>
> A virus was detected during an on-demand scan. Details follow:
> 1 file scanned.
> Number of infections detected: 1
> Number of infected files detected: 1
> /var/amavis/tmp/amavis-20120730T102624-26301-n65AeCMr/parts/p001 is
> infected with EICAR-AV-Test.
Thanks! Looks like the program 'sweep' was renamed to 'savscan'.
> I didn't create this entry, not sure who is the original author
I think I found a ref to it:
http://www.freespamfilter.org/forum/viewtopic.php?f=14&t=1333
The suggested entry is missing an /m flag on both regular expressions.
Also, don't know why options -mime and -oe were omitted.
Suggesting an entry like:
### http://www.sophos.com/
['Sophos Anti Virus (savscan)', # formerly known as 'sweep'
['/opt/sophos-av/bin/savscan', 'savscan'], # 'sweep'
'-nb -f -all -rec -ss -sc -archive -cab -mime -oe -tnef '.
'--no-reset-atime {}',
[0,2], qr/Virus .*? found/m,
qr/^>>> Virus(?: fragment)? '?(.*?)'? found/m,
],
Will update the sample config file.
Mark
More information about the amavis-users
mailing list