- ['CAI InoculateIT', 'inocucmd', # retired product
- '-sec -nex {}', [0], [100],
- qr/was infected by virus (.+)/ ],
- # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html
-
- ### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT)
- ['CAI eTrust Antivirus', 'etrust-wrapper',
- '-arc -nex -spm h {}', [0], [101],
- qr/is infected by virus: (.+)/ ],
- # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer
- # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783
-
- ### http://mks.com.pl/english.html
- ['MkS_Vir for Linux (beta)', ['mks32','mks'],
- '-s {}/*', [0], [1,2],
- qr/--[ \t]*(.+)/ ],
-
- ### http://mks.com.pl/english.html
- ['MkS_Vir daemon', 'mksscan',
- '-s -q {}', [0], [1..7],
- qr/^... (\S+)/ ],
-
-# ### http://www.nod32.com/, version v2.52 and above
-# ['ESET NOD32 for Linux Mail servers',
-# ['/opt/eset/nod32/bin/nod32cli', 'nod32cli'],
-# '--subdir --files -z --sfx --rtp --adware --unsafe --pattern --heur '.
-# '-w -a --action-on-infected=accept --action-on-uncleanable=accept '.
-# '--action-on-notscanned=accept {}',
-# [0,3], [1,2], qr/virus="([^"]+)"/ ],
-
- ### http://www.eset.com/, version v2.7
- ['ESET NOD32 Linux Mail Server - command line interface',
- ['/usr/bin/nod32cli', '/opt/eset/nod32/bin/nod32cli', 'nod32cli'],
- '--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/ ],
-
- ## http://www.nod32.com/, NOD32LFS version 2.5 and above
- ['ESET NOD32 for Linux File servers',
- ['/opt/eset/nod32/sbin/nod32','nod32'],
- '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '.
- '-w -a --action=1 -b {}',
- [0], [1,10], qr/^object=.*, virus="(.*?)",/ ],
-
-# Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31
-# ['ESET Software NOD32 Client/Server (NOD32SS)',
-# \&ask_daemon2, # greets with 200, persistent, terminate with QUIT
-# ["SCAN {}/*\r\n", '127.0.0.1:8448' ],
-# qr/^200 File OK/, qr/^201 /, qr/^201 (.+)/ ],
-
- ### http://www.norman.com/products_nvc.shtml
- ['Norman Virus Control v5 / Linux', 'nvcc',
- '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14],
- qr/(?i).* virus in .* -> \'(.+)\'/ ],
-
- ### http://www.pandasoftware.com/
- ['Panda CommandLineSecure 9 for Linux',
- ['/opt/pavcl/usr/bin/pavcl','pavcl'],
- '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}',
- qr/Number of files infected[ .]*: 0+(?!\d)/,
- qr/Number of files infected[ .]*: 0*[1-9]/,
- qr/Found virus :\s*(\S+)/ ],
- # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr'
- # before starting amavisd - the bases are then loaded only once at startup.
- # To reload bases in a signature update script:
- # /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr
- # Please review other options of pavcl, for example:
- # -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies
-
-# ### http://www.pandasoftware.com/
-# ['Panda Antivirus for Linux', ['pavcl'],
-# '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}',
-# [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0],
-# qr/Found virus :\s*(\S+)/ ],
-
-# GeCAD AV technology is acquired by Microsoft; RAV has been discontinued.
-# Check your RAV license terms before fiddling with the following two lines!
-# ['GeCAD RAV AntiVirus 8', 'ravav',
-# '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/ ],
-# # NOTE: the command line switches changed with scan engine 8.5 !
-# # (btw, assigning stdin to /dev/null causes RAV to fail)
-
- ### http://www.nai.com/
- ['NAI McAfee AntiVirus (uvscan)', 'uvscan',
- '--secure -rv --mime --summary --noboot - {}', [0], [13],
- qr/(?x) Found (?:
- \ the\ (.+)\ (?:virus|trojan) |
- \ (?:virus|trojan)\ or\ variant\ ([^ ]+) |
- :\ (.+)\ NOT\ a\ virus)/,
- # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
- # sub {delete $ENV{LD_PRELOAD}},
- ],
- # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
- # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
- # and then clear it when finished to avoid confusing anything else.
- # NOTE2: to treat encrypted files as viruses replace the [13] with:
- # qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/
-
- ### http://www.virusbuster.hu/en/
- ['VirusBuster', ['vbuster', 'vbengcl'],
- "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
- qr/: '(.*)' - Virus/ ],
- # VirusBuster Ltd. does not support the daemon version for the workstation
- # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
- # binaries, some parameters AND return codes have changed (from 3 to 1).
- # See also the new Vexira entry 'vascan' which is possibly related.
-
-# ### http://www.virusbuster.hu/en/
-# ['VirusBuster (Client + Daemon)', 'vbengd',
-# '-f -log scandir {}', [0], [3],
-# qr/Virus found = (.*);/ ],
-# # HINT: for an infected file it always returns 3,
-# # although the man-page tells a different story
-
- ### http://www.cyber.com/
- ['CyberSoft VFind', 'vfind',
- '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,
- # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
- ],
-