[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4688: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4690: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4691: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4692: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
Poco Forums • View topic - F-Prot Commandline Anti-Virus Scanner

F-Prot Commandline Anti-Virus Scanner

General email topics, from anti-virus and anti-spam software to webmail and ISPs

Moderators: Eric, Tomas, robin

F-Prot Commandline Anti-Virus Scanner

Postby Trapper » Thu Jan 20, 2005 2:31 pm

I have PocoMail residing on a box that also has a small mail server on it. The mail server limits my ability to use realtime virus scanning because it is probmatic to the functions of the mail server. Mail server mail is scanned with F-Prot's commandline scanner. In this case, fpcmd.exe because it's on a NTFS box.

Pocomail receives some of it's mail directly from the mail server, however, it checks other accounts on the WAN for itself and those accounts also need scanning. I cannot get F-Prot's commandline scanner to work with it. On the mail server setup a sentinel file is created by the mail server for F-Prot to scan and it's controlled via a batch file call. However, in PocoMail I have to have a file name for the scanner to scan, apparently, because F-Prot squawks for a filename and location.

Has anyone successfully set up F-Prot's DOS or NTFS commandline scanner to work in PocoMail? If so, I'd appreciate a copy of your configuration in PocoMail that gets it to work properly.

Realtime Windows scanning is not a viable option on this particular box.

TIA,
Trapper
Trapper
Drop-in Visitor
 
Posts: 11
Joined: Wed Jul 28, 2004 10:30 am

Postby Trapper » Sun Jan 23, 2005 7:02 am

I've manged to create something of my own that at least works. It's not very clean yet and and has to address situations in both F-Prot and PocoMail. It's a batch call and because I am on an NT workstation it's designed for NT 4 only. I don't like this way of doing things and it would be much simpler if I could simply direct the F-Prot executable to a known file name to scan.

I first had to set up PocoMail's encoding options to not keep attachments encoded in the email. Atleast that allows me to scan the entire Attach folder. Because I do not have an available file name to scan, I have no choice but to scan all files in the folder when scanning a newly arrived attachment. :-(

In the Checking Mail Options I directed PocoMail to a shortcut for the batch file. I did this because I could set up the shortcut to run the batch minimized.

I did not include any parameters in the Checking Mail Options. The parameters are contained within the batch.

I also instructed PocoMail to initiate the scanning upon arrival of any of the following attachment extensions: exe com bat scr cmd ade adp bas cpl crt dot hta inf ins ws isp js jse lnk mdb mde msc msp mst pcd pif reg shb shs vb vbs shs zip rar

The batch goes through all files in the Attach folder and scans each, individually, and exits upon completion. I ran into a difficulty immediately with F-Prot. In the case of archived files such as zips, rar's, etc., if F-Prot finds a virus infected or suspcious file it will report only and will take no other action against the file. I did not want to leave those files available so I when F-Prot error levels for infected or suspicious files I send the batch to a function to rename the file according to the current time and then move it a quarantine directory. I do the renaming to head off any difficulties with duplicate files. The move won't work if a file by that name already exists in the quarantine directory.

In the event of simple exe, bat, cmd, etc. attachments that are received and are found to be infected, F-Prot will delete them. I always delete them without review any more. I have scanned every inbound email on a mail server for years with F-Prot. It never misidentified even one. Over the past year or so I simply have stopped wasting my time reviewing flagged files and allow F-Prot to simply dispose of them.

Here's my prototype batch. As I have already said, it is rough and dirty and still needs some brevity and cleanup. I am not at all good with batch. I am also sure there are better ways to accomplish all this, either with bach or some other configuration in PocoMail, but
it's beyond me at this time.

This NT4 batch works for me. It's not like I'd like it to be but it does work. Comments are appreciated.

Code: Select all
::::::::::::::::::::::::::::::
::  Set Folder Variables    ::
::::::::::::::::::::::::::::::
SET CHEKIT=d:\pocomail3\Attach
SET QT=c:\quarantine
::::::::::::::::::::::::::::::::::::::::::::
:: Process all files in the Attach folder ::
::::::::::::::::::::::::::::::::::::::::::::
FOR %%A IN ("%CHEKIT%\*.*") DO CALL :PROCESSFILE %%A
GOTO :EOF
:PROCESSFILE
SET PCURRENTFILE=%1
d:\fprot\fpcmd.exe "%PCURRENTFILE%" /REPORT=c:\misc\fprpt.txt /ARCHIVE=3 /DUMB /PACKED /AUTO /DELETE
If Errorlevel 8 goto err8
If Errorlevel 3 goto err3
goto :EOF
:Err3
for /f "tokens=5-8 delims=:. " %%a in ('echo.^|time') do set thh=%%a&set tmm=%%b&set ss=%%c&set ths=%%d
REN "%PCURRENTFILE%" %thh%%tmm%%tss%%ths%.*
MOVE D:\POCOMAIL3\ATTACH\%thh%%tmm%%tss%%ths%.* "%QT%"
goto :EOF
:Err8
for /f "tokens=5-8 delims=:. " %%a in ('echo.^|time') do set thh=%%a&set tmm=%%b&set tss=%%c&set ths=%%d
REN "%PCURRENTFILE%" %thh%%tmm%%tss%%ths%.*
MOVE D:\POCOMAIL3\ATTACH\%thh%%tmm%%tss%%ths%.* "%QT%"
SET PCURRENTFILE=
set thh=
set tmm=
set tss=
set ths=
::EOF
EXIT
::::::::::::::::::::::::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::

Trapper

Edit by Robin: I've added code codes ( :? ) around the code...
Trapper
Drop-in Visitor
 
Posts: 11
Joined: Wed Jul 28, 2004 10:30 am


Return to Email Hall

Who is online

Users browsing this forum: No registered users and 1 guest

cron