AVG Scanner doesn't report virus name

Ralf Hildebrandt Ralf.Hildebrandt at charite.de
Mon Jun 18 01:16:28 CEST 2012


* Ralf Hildebrandt <Ralf.Hildebrandt at charite.de>:

>  ### http://www.grisoft.com/
>   ['AVG Anti-Virus',
>    \&ask_daemon, ["SCAN {}\n", '127.0.0.1:54322'],
>    qr/^200/m, qr/^403/m, qr/^403 .*: ([^\r\n]+)/m ],
> 
> Doesn't take the "403-" (line continuation lines) into account.

Using:

 ### http://www.grisoft.com/
   ['AVG Anti-Virus',
    \&ask_daemon, ["SCAN {}\n", '127.0.0.1:54322'],
    qr/^200/m, qr/^403/m, qr/^403[- ].*: ([^\r\n]+)/m ],

results in logs like:

Jun 18 01:13:41 mail2 amavis[17181]: (17181-01) run_av (AVG Anti-Virus): /var/amavis/amavis-20120618T011341-17181-b9vCAQwB/parts INFECTED: 'Trojan horse Delf.AEJO', 'Trojan horse Delf.AEJO', 'Trojan horse Delf.AEJO', 'Trojan horse Delf.AEJO'

-- 
Ralf Hildebrandt                   Charite Universitätsmedizin Berlin
ralf.hildebrandt at charite.de        Campus Benjamin Franklin
http://www.charite.de              Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155


More information about the amavis-users mailing list