Hi,
I have released Softlabs AntiVirus 0.5 today. As always, it is
available at
http://antivirus.softlabs.info/
Comes with a load of enhancements, including the automatic maintenance
of a viruses.log file. That file logs details about each extracted
virus, including:
(1) Username of the user the infected mail has been tried to send to
(2) Date of the infected mail's arrival
(3) Virus type (one of 18 possible types)
(4) The virus' file size (in bytes)
(5) The original virus' file name
(6) The virus' file type
(7) Message-ID of the infected mail
Everybody can view my current real-life viruses.log file, updated in
real-time, on the project homepage, or directly at the following
address:
http://antivirus.softlabs.info/viruses.log
Here is a little cut of it:
roal: 20040315 EXE.scr 25353 posting_letter.scr MS-DOS
executable (EXE), OS/2 or MS Windows
200403150627(_dot_)BAA25870(_at_)anet(_dot_)at
roal: 20040315 EZIP.exe 12420 TextFile.zip Zip archive
data, at least v1.0 to extract uysmlujbrcjwpcpgdhp(_at_)anet(_dot_)at
roal: 20040315 EXE.pif 17424 your_bill.pif MS-DOS
executable (EXE), OS/2 or MS Windows
200403150643(_dot_)BAA25943(_at_)anet(_dot_)at
roal: 20040315 ZIP.com 22150 creditcard.zip Zip archive
data, at least v1.0 to extract
200403150712(_dot_)CAA26056(_at_)anet(_dot_)at
roal: 20040315 EXE.pif 17424 your_file.pif MS-DOS
executable (EXE), OS/2 or MS Windows
200403150714(_dot_)CAA26089(_at_)anet(_dot_)at
roal: 20040315 EXE.exe 22016 dinner.doc.exe MS Windows PE
Intel 80386 GUI executable not relocatable
200403150750(_dot_)CAA26218(_at_)anet(_dot_)at
roal: 20040315 EXE.pif 17424 your_website.pif MS-DOS
executable (EXE), OS/2 or MS Windows
200403150800(_dot_)DAA26282(_at_)anet(_dot_)at
roal: 20040315 EXE.pif 17424 your_document.pif MS-DOS
executable (EXE), OS/2 or MS Windows
200403150800(_dot_)DAA26305(_at_)anet(_dot_)at
roal: 20040315 EXE.pif 17424 document_4351.pif MS-DOS
executable (EXE), OS/2 or MS Windows
200403150817(_dot_)DAA26385(_at_)anet(_dot_)at
roal: 20040315 EXE.exe 22016 final.rtf.exe MS Windows PE
Intel 80386 GUI executable not relocatable
200403150827(_dot_)DAA26442(_at_)anet(_dot_)at
roal: 20040315 EXE.pif 17424 my_details.pif MS-DOS
executable (EXE), OS/2 or MS Windows
200403150948(_dot_)EAA27054(_at_)anet(_dot_)at
roal: 20040315 EXE.pif 17424 your_file.pif MS-DOS
executable (EXE), OS/2 or MS Windows
200403151000(_dot_)FAA27183(_at_)anet(_dot_)at
roal: 20040315 EXE.pif 17424 application.pif MS-DOS
executable (EXE), OS/2 or MS Windows
200403151009(_dot_)FAA27245(_at_)anet(_dot_)at
roal: 20040315 EXE.pif 17424 message_details.pif MS-DOS
executable (EXE), OS/2 or MS Windows
200403151105(_dot_)GAA27651(_at_)anet(_dot_)at
roal: 20040315 EXE.pif 22016 document_word.pif MS-DOS
executable (EXE), OS/2 or MS Windows
200403151119(_dot_)GAA27775(_at_)anet(_dot_)at
roal: 20040315 EXE.pif 17424 your_archive.pif MS-DOS
executable (EXE), OS/2 or MS Windows
200403151123(_dot_)GAA27818(_at_)anet(_dot_)at
roal: 20040315 EXE.pif 17424 your_document.pif MS-DOS
executable (EXE), OS/2 or MS Windows
200403151135(_dot_)GAA27944(_at_)anet(_dot_)at
roal: 20040315 EXE.scr 24576 Första bild.ppt.scr MS-DOS
executable (EXE), OS/2 or MS Windows
20040315125825(_dot_)JJAC10244(_dot_)fep05-svc(_dot_)swip(_dot_)net(_at_)oemcomputer
roal: 20040315 EXE.pif 17424 application.pif MS-DOS
executable (EXE), OS/2 or MS Windows
200403151305(_dot_)IAA28392(_at_)anet(_dot_)at
This version's Change Log is:
____________________________________________________________________________
v0.5 (2004 03 15)
+ all AntiVirus files' locations have been re-structured, to avoid any
mess-up. Softlabs AntiVirus now has its own installation directory under
which all its files reside. If you are updating from a previous version,
a fresh installation and the entire removal of the old installation is
recommended.
+ the package's ReadMe.txt has been enhanced and now includes a detailed
Installation chapter, now being "the Manual".
+ the shipped etc/procmailrc file has been enhanced and is now divided into
three sections, reflecting the installation stategy described in the
Manual.
+ the shipped etc/procmailrc file now also gives the recommended settings
for those who prefer the classic "old-style" mailbox locations, having
them under the '/var/spool/mail' directory for all users. Thanks to
Frank Bures for that suggestion.
+ since attachment extraction has been proven to work fine as of
version 0.4.1, EXTRACT_VIRUSES is now turned on by default.
+ an own "viruses.log" file (residing in the same directory as procmail's
log file) will now be maintained, containing detailed informations about
each extracted virus.
+ the (pure-procmail) routine used to print a variable's content into a
file (introduced in version 0.4) has been outsourced into an own,
re-usable .inc file
+ there is no more a chance for the routine used to print a variable's
content into a file to fail due to insufficient file permissions. This
problem has been solved by ensuring the file in question is owned by
the recipient's user (and not by root).
+ the routine used to remove a (temporary) file has been outsourced into
an own .inc file
+ removing temporary files is now handled using TRAP
+ cases where the Unix 'test' program could not be executed directly have
now been eliminated by adding a TEST variable into the
etc/procmailrc file. Thanks to David W. Tamkin for making it clear
when such cases may occur.
+ calling external programs with delivering a path now allows spaces
within the path
The full history is available at
http://antivirus.softlabs.info/SoftlabsAV/history.txt
This filter has already freed me from hundreds of viruses, with yet a
0% false-negative and 0% false-positive detection rate.
Happy virus killing :-)
rob.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail