Trying to add a new AV engine

Diego Palacios diego at rosanegra.org
Sat Feb 19 09:59:03 CET 2022 

Hi.

I am trying to add a new AV engine to 15-av_scanners but I am really lost
at the moment configuring the output. Could you help me?

First of all, this is the output with a clean email:

root at correo:~# drweb-ctl checkmail clean_email
/root/clean_email - Ok
Scanned objects: 1, scan errors: 0, threats found: 0, threats neutralized:
0.

And then, with infected one:

root at correo:~# drweb-ctl checkmail infected-mail
/root/infected-mail - Reject
/root/infected-mail//1/Webex.xls (application/vnd.ms-excel): infected with
Exploit.Siggen3.28448
Scanned objects: 1, scan errors: 0, threats found: 1, threats neutralized:
0.
Scanned 194.62 KB in 0.03 s with speed 7208.22 KB/s.

I am trying to configure with:

### http://www.drweb.com/
['Dr. Web Security Space ',
'drweb-ctl', 'checkmail {}',
qr/^Reject/m,,
qr/^(?:infected with:\s+(.+)/m ],

But there is an error with this output:

Feb 18 17:52:39 correo amavis[26120]: (26120-01) (!)run_av (Dr. Web
Security Space ) FAILED - unexpected exit 0,
output="/var/lib/amavis/tmp/amavis-20220218T175237-26120-rpZ1yjkd/parts/p003
- Ok\n/var/lib/amavis/tmp/amavis-20220218T175237-26120-rpZ1yjkd/parts/p004
- Reject: infected with
Exploit.Siggen3.28448\n/var/lib/amavis/tmp/amavis-20220218T175237-26120-rpZ1yjkd/parts/p005
- Ok\n/var/lib/amavis/tmp/amavis-20220218T175237-26120-rpZ1yjkd/parts/p002
- Ok\n/var/lib/amavis/tmp/amavis-20220218T175237-26120-rpZ1yjkd/parts/p001
- Ok\nScanned objects: 5, scan errors: 0, threats found: 1, threats
neutralized: 0.\nScanned 144.75 KB in 1.28 s with speed 113.44 KB/s."
Feb 18 17:52:39 correo amavis[26120]: (26120-01) (!)Dr. Web Security Space
 av-scanner FAILED: /usr/bin/drweb-ctl unexpected exit 0,
output="/var/lib/amavis/tmp/amavis-20220218T175237-26120-rpZ1yjkd/parts/p003
- Ok\n/var/lib/amavis/tmp/amavis-20220218T175237-26120-rpZ1yjkd/parts/p004
- Reject: infected with
Exploit.Siggen3.28448\n/var/lib/amavis/tmp/amavis-20220218T175237-26120-rpZ1yjkd/parts/p005
- Ok\n/var/lib/amavis/tmp/amavis-20220218T175237-26120-rpZ1yjkd/parts/p002
- Ok\n/var/lib/amavis/tmp/amavis-20220218T175237-26120-rpZ1yjkd/parts/p001
- Ok\nScanned objects: 5, scan errors: 0, threats found: 1, threats
neutralized: 0.\nScanned 144.75 KB in 1.28 s with speed 113.44 KB/s." at
(eval 110) line 950.
Feb 18 17:52:39 correo amavis[26120]: (26120-01) (!)WARN: all primary virus
scanners failed, considering backups


Could you help me with the output configuration? Thanks in advance.

Diego
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.amavis.org/pipermail/amavis-users/attachments/20220219/2b1ad023/attachment.htm>

More information about the amavis-users mailing list