How to integrate a new (ICAP) AV scanner into amavis?

julio covolato julio at psi.com.br
Fri Jun 19 23:00:20 CEST 2020


Em 19/06/2020 13:59, Stefan Bauer escreveu:
> I would start by just having a basic script in place that 
> prints/outputs/logs the command line parameters. (print/echo $1...). 
> then you see what is passed to the script.
>
> Stefan

And use EICAR test file to change the line :

# qr/^Infected: (.+)/m,

----------------------------------
     _    Engº Julio Cesar Covolato
    0v0   <julio at psi.com.br>
   /(_)\  F: 55-11-99175-9260
    ^ ^   PSI INTERNET
----------------------------------

>
> Am Freitag, 19. Juni 2020 schrieb <Benjamin.Greve at gmx.net 
> <mailto:Benjamin.Greve at gmx.net>>:
>
>     Hi,
>
>     could someone please explaint to me or point me to the
>     documentation of the syntax in the  amavis 15-av_scanners?
>
>     What I´m trying is to make use of the c-icap-client. So I would
>     like to pass the email via the ICAP Client to an external ICAP
>     Server for scanning.
>
>     My ICAP Example
>
>     #  ['MY AV ICAP Server',
>     #  '/usr/bin/c-icap-client','-s response -i 192.168.17.215 -f {}',
>     #  [0], [2],
>     #  qr/^Infected: (.+)/m,
>     #  ],
>
>     It´s not working this way. Although when I execute the
>     c-icap-client manually it works fine:
>
>     c-icap-client -s response -i 192.168.1.1 -f sample.pdf
>
>     So what I do not understand is:
>
>     Line 1: that´s just a name , OK.
>
>     Line 2: includes the path to the binary and parameters I want to
>     pass, but what is {} ??? Is this where the file will be passed to
>     the external application?
>
>     Line 3: What is [0], [2] doing? Should I change it? to what?
>
>     Line 4: And what should I put into the line with "infected" Is
>     this the parsing for the output of the icap result?
>
>     I would also like to write my own script or binary, that will get
>     emails from amavis to be scanned.
>
>     But I do not know, how the syntax in 15-av_scanners should be, so
>     that my script or binary will be executed in the right way.
>
>     Best regards,
>
>      Benjamin
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.amavis.org/pipermail/amavis-users/attachments/20200619/08829978/attachment.htm>


More information about the amavis-users mailing list