bastian+security.clamav at collax
Aug 11, 2008, 4:42 AM
Views: 515
Permalink
|
|
Origins of "VirusEvent" events
|
|
Hi,
I have a need to differentiate between "regular scanning" and "dazuko" events
for scripts run through the "VirusEvent" mechanism. The C function that is
finally called, "virusaction()", does currently not know about its
origin/caller.
The attached (trivial) patch adds an additional argument "initiator" to
virusaction(); all calling instances pass an informative string (dir, file,
multifile, stream, dazuko) which is put in the environment
variable "CLAM_VIRUSEVENT_INITIATOR".
I'm unsure about good names for various entities, especially about the name
for the env var (_INITIATOR, _ORIGIN, _TYPE, _SCANNER, ...?).
Feel free to use.
Patch applies to 0.93.3
Best regards
Bastian Friedrich
--
Collax GmbH . Burkheimer Straße 3 . 79111 Freiburg . Germany
p: +49 (0) 761-45684-24
f: +49 (0) 761-45684-10 www.collax.com
Geschäftsführer: William K. Hite / Boris Nalbach
AG München HRB 158898 . Ust.-IdNr: DE 814464942
\ The Majority is never right unless it includes me.
|
010-clamd-report-type-to-virusevent.patch
Origins of "VirusEvent" events