|

»

Virus Event ?

View: New views

8 Messages — Rating Filter: Alert me

	Virus Event ? by Nathan Gibbs :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Besides the Virus Name %v Are there any other details from the running scanner that can be exported to a VirusEvent Script? Thanks -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml signature.asc (202 bytes) Download Attachment
	Re: Virus Event ? by David Vo-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Please take me off this list. On Thu, Nov 5, 2009 at 2:14 PM, Nathan Gibbs <nathan@...> wrote: > Besides the Virus Name %v > > Are there any other details from the running scanner that can be > exported to a VirusEvent Script? > > Thanks > > -- > Sincerely, > > Nathan Gibbs > > Systems Administrator > Christ Media > http://www.cmpublishers.com > > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
	Re: Virus Event ? by Dennis Peterson :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message David Vo wrote: > Please take me off this list. The instructions to do this are in the headers of each message you've ever received from this list server but which I include here: Reply-To: ClamAV users ML <clamav-users@...> List-Id: ClamAV users ML <clamav-users.lists.clamav.net> List-Unsubscribe: <http://lists.clamav.net/cgi-bin/mailman/options/clamav-users>, <mailto:clamav-users-request@...?subject=unsubscribe> List-Post: <mailto:clamav-users@...> List-Help: <mailto:clamav-users-request@...?subject=help> List-Subscribe: <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>, <mailto:clamav-users-request@...?subject=subscribe> dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
	Re: Virus Event ? by Tomasz Kojm :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Thu, 05 Nov 2009 15:14:19 -0500 Nathan Gibbs <nathan@...> wrote: > Besides the Virus Name %v > > Are there any other details from the running scanner that can be > exported to a VirusEvent Script? Inside the script itself you can access $CLAM_VIRUSEVENT_VIRUSNAME (== %v) and $CLAM_VIRUSEVENT_FILENAME (not directly available in the config file) HTH, -- oo ..... Tomasz Kojm <tkojm@...> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Nov 5 22:55:54 CET 2009 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
	Re: Virus Event ? by Nathan Gibbs :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message * Tomasz Kojm wrote: > On Thu, 05 Nov 2009 15:14:19 -0500 > Nathan Gibbs <nathan@...> wrote: > >> Besides the Virus Name %v >> >> Are there any other details from the running scanner that can be >> exported to a VirusEvent Script? > > Inside the script itself you can access $CLAM_VIRUSEVENT_VIRUSNAME > (== %v) and $CLAM_VIRUSEVENT_FILENAME (not directly available in > the config file) > I can see why $CLAM_VIRUSEVENT_FILENAME isn't available through config. Under clamscan the file returned is stream. Under clamdscan/clamd, one process returns the correct filename the other returns stream. Is that a bug or a feature? Also, is there anything available to the script in the On* events from freshclam.conf? Thanks. -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml signature.asc (202 bytes) Download Attachment
	Re: Virus Event ? by Nathan Gibbs :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message * Nathan Gibbs wrote: > * Tomasz Kojm wrote: >> On Thu, 05 Nov 2009 15:14:19 -0500 >> Nathan Gibbs <nathan@...> wrote: >> >>> Besides the Virus Name %v >>> >>> Are there any other details from the running scanner that can be >>> exported to a VirusEvent Script? >> Inside the script itself you can access $CLAM_VIRUSEVENT_VIRUSNAME >> (== %v) and $CLAM_VIRUSEVENT_FILENAME (not directly available in >> the config file) >> > I can see why > > $CLAM_VIRUSEVENT_FILENAME > > isn't available through config. > > Under clamscan the file returned is stream. > Under clamdscan/clamd, one process returns the correct filename the > other returns stream. > > Is that a bug or a feature? > > My bad. clamscan doesn't return anything. clamdscan returns the filename if it can or stream. Our internal monitor system was bouncing a test signature off the clamd's & sabotaging my testing. :-) -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml signature.asc (202 bytes) Download Attachment
	Re: Virus Event ? by Tomasz Kojm :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Thu, 05 Nov 2009 17:39:35 -0500 Nathan Gibbs <nathan@...> wrote: > I can see why > > $CLAM_VIRUSEVENT_FILENAME > > isn't available through config. > > Under clamscan the file returned is stream. > Under clamdscan/clamd, one process returns the correct filename the > other returns stream. > > Is that a bug or a feature? That's due to the way you're calling clamdscan. In the stream mode it only sends the file data to clamd so the daemon doesn't know the real file name. > Also, is there anything available to the script in the On* events from > freshclam.conf? As mentioned in freshclam.conf(5), one can pass %v to OnOutdatedExecute to get the version number of the latest ClamAV release Regards, -- oo ..... Tomasz Kojm <tkojm@...> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Nov 6 09:44:51 CET 2009 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
	Re: Virus Event ? by Nathan Gibbs :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message * Tomasz Kojm wrote: > On Thu, 05 Nov 2009 17:39:35 -0500 > Nathan Gibbs <nathan@...> wrote: > >> Is that a bug or a feature? > > That's due to the way you're calling clamdscan. In the stream mode > it only sends the file data to clamd so the daemon doesn't know the > real file name. > Yeah, I figured that out eventually. :-) Our internal monitor system was bouncing a test signature off the clamd's & sabotaging my test runs. :-) Its usually funny when I'm the source of my own confusion. :-) >> Also, is there anything available to the script in the On* events from >> freshclam.conf? > > As mentioned in freshclam.conf(5), one can pass %v to OnOutdatedExecute > to get the version number of the latest ClamAV release Sorry, I should have been more clear. I knew about that one. I was trolling for anything else. Please, seriously consider Bug#1754. Adding that functionality would improve Clamav. -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml signature.asc (202 bytes) Download Attachment