Pegasus Mail & Mercury

Welcome to the Community for Pegasus Mail and
The Mercury Mail Transport System, the Internet's longest-serving PC e-mail system!
Welcome to Pegasus Mail & Mercury Sign in | Join | Help
in
Home Blogs Forums Downloads Pegasus Mail Overview Mercury Overview Wiki

F-Prot v6's fpscan.exe

Last post 12-15-2007, 5:24 by mgolden. 11 replies.
Sort Posts: Previous Next
  •  08-01-2007, 17:54

    • mgolden is not online. Last active: 02-20-2012, 0:57 mgolden
    • Top 150 Contributor
    • Joined on 05-14-2007
    • Florida
    • Member
    • Points 640

    F-Prot v6's fpscan.exe

    Has anyone written a policy to get F-Prot's new command line scanner fpscan.exe working with Mercury/32?
    Filed under: ,
  •  08-02-2007, 6:56

    • irelam is not online. Last active: 02-19-2020, 3:30 irelam
    • Top 10 Contributor
    • Joined on 03-23-2007
    • Edmonton, Alberta, Canada
    • SuperStar
    • Points 22,385
    • BetaTeam Moderator

    Re: F-Prot v6's fpscan.exe

    The commandline is documented in:

     http://www.f-prot.com/support/windows/fpwin_faq/446.html and

    http://www.f-prot.com/support/windows/fpwin_faq/445.html

     

    The return codes are defined in http://www.f-prot.com/support/windows/fpwin_faq/310.html

    Differences between V3 and V6 are shown in:

    http://www.f-prot.com/support/windows/fpwin_faq/357.html 

     

    No where does it show how to scan a file, just mapped drives, but a posting to a newsgroup suggests that you can address a single file using: "c:\pathtofprot\fpscan /disinfect %1"

    I would like to hear if this works ok

     

    Martin 

     

    Filed under:
  •  08-10-2007, 19:38

    • toaster is not online. Last active: 05-28-2009, 11:09 toaster
    • Not Ranked
    • Joined on 05-08-2007
    • United Kingdom
    • Member
    • Points 105

    Re: F-Prot v6's fpscan.exe

    I have created a policy for fpscan.exe version 6 and it seems to work fine.

    If anyone wants it, just shout. 

    Regards,

    Martin 

  •  08-10-2007, 23:40

    • irelam is not online. Last active: 02-19-2020, 3:30 irelam
    • Top 10 Contributor
    • Joined on 03-23-2007
    • Edmonton, Alberta, Canada
    • SuperStar
    • Points 22,385
    • BetaTeam Moderator

    Re: F-Prot v6's fpscan.exe

    Yes please.  Send it to irelam@telus.net please   I will then update Virscan and Virprot documentation

     

    Martin 

  •  08-12-2007, 16:34

    • rene is not online. Last active: 10-10-2013, 22:26 rene
    • Not Ranked
    • Joined on 08-12-2007
    • Member
    • Points 25

    Re: F-Prot v6's fpscan.exe

    Hi Martin,

    Is it possible to send me the policy to use the fprot 6  fpscan.exe by mail?

    Or is it possible to download it anywhere?

    Thanks a lot for your help !

     

    regards, Rene 

     

  •  08-12-2007, 22:20

    • toaster is not online. Last active: 05-28-2009, 11:09 toaster
    • Not Ranked
    • Joined on 05-08-2007
    • United Kingdom
    • Member
    • Points 105

    Re: F-Prot v6's fpscan.exe

    Martin, sent as requested.

    Also, if anyone is interested I have a method for allowing e-mails with specific to or from addresses to effectively bypass a policy.

    I use this myself as I handle lots of malware samples and I need to be able to send them onto the AV companies and other researchers without the anti-virus policy blocking them. Likewise, I receive new samples from people, and these also need to be able to bypass the anti-virus policy. All other mail gets scanned as normal.

    The technique I use could be used for any mercury policy. 

    Hope this is of interest?

    Regards,

    Martin 

     


     

  •  08-15-2007, 23:30

    • subelman is not online. Last active: 10-20-2016, 19:10 subelman
    • Top 75 Contributor
    • Joined on 05-10-2007
    • Los Angeles, California
    • Member
    • Points 1,140

    Re: F-Prot v6's fpscan.exe

    toaster:

    I have created a policy for fpscan.exe version 6 and it seems to work fine.

    If anyone wants it, just shout. 

    Regards,

    Martin 

    Martin:

    I'd appreciate a copy of your policy. Can you post it here, or email it to me: subelman@markmatrix.com ?

    Thanks 

  •  08-16-2007, 23:58

    • rene is not online. Last active: 10-10-2013, 22:26 rene
    • Not Ranked
    • Joined on 08-12-2007
    • Member
    • Points 25

    Re: F-Prot v6's fpscan.exe

    Hi Martin,

     

    Tested the policy, it works fine!

    Thanks for helping!

     

    Rene

  •  08-17-2007, 11:42

    • toaster is not online. Last active: 05-28-2009, 11:09 toaster
    • Not Ranked
    • Joined on 05-08-2007
    • United Kingdom
    • Member
    • Points 105

    Re: F-Prot v6's fpscan.exe

    To save anyone else e-mailing me for the policy, here it is:

    Obviously you'll need to change the paths and policy options to suit your
    own needs.

    Policy:
    -------------------------------------------------------------------------
    Type of task: Run a program using a sentinel file
    Commandline: c:\f-prot\mailnew.bat ~X ~R ~S
    This task should be applied before any filtering rules: TRUE
    Action: Save to file and notify a user
    Parameter: c:\samples\mail, mo
    -------------------------------------------------------------------------

    Mailnew.bat: (Bat/CMD file to run the scanner.)
    -------------------------------------------------------------------------

    @echo off
    : Rem - %1 is the file to scan %2 is the name of the result file %3 is the
    : Rem - sentinel file. The report from the scan is sent to the Result file.
    : Rem - If No virus is found then the Result file is deleted prior to
    : Rem - deleting the sentinel file. If a virus, or other error is
    : Rem - found, then a message indicating the meaning of the return code
    : Rem - is tacked on to the end of the result file. Deletion of the sentinel
    : Rem - file is the last thing that takes place.
    : Rem - Note 1: Some of the error codes should never occur, in this context,
    : Rem - but I put them in anyway for documentation purposes, if nothing else.
    : Rem - Note 2: There's colons in front of the Rem statements because blank
    : Rem - labels process faster than Rem statements (the entire Rem statement
    : Rem - is parsed even though it's a comment)
    : Rem - No extended batch command features are used so this should work with
    : Rem - *any* MS OS.
    : Rem
    c:\PROGRA~1\FRISKS~1\F-PROT~1\fpscan.exe %1 -s 4 -o %2
    If Errorlevel 5 goto err5
    If Errorlevel 4 goto err4
    If Errorlevel 3 goto err3
    If Errorlevel 2 goto err2
    If Errorlevel 1 goto err1
    Del %2
    goto Finished
    :Err1
    echo !!!!!VIRUS FOUND!!!! >> %2
    goto Finished
    :Err2
    echo !!!!!VIRUS FOUND!!!! >> %2
    goto Finished
    :Err3
    echo !!!!!VIRUS FOUND!!!! >> %2
    goto Finished
    :Err4
    echo Program terminated via ^C or Esc >> %2
    goto Finished
    :Err5
    echo Program terminated via ^C or Esc >> %2
    goto Finished
    :Finished
    Del %3
    exit

    -------------------------------------------------------------------------------- 

    This works fine with the commandline component of F-Prot version 6 for Windows. 

    Regards,

    Martin 

  •  08-18-2007, 2:38

    • mgolden is not online. Last active: 02-20-2012, 0:57 mgolden
    • Top 150 Contributor
    • Joined on 05-14-2007
    • Florida
    • Member
    • Points 640

    Re: F-Prot v6's fpscan.exe

    Thanks, Martin!
  •  12-14-2007, 1:38

    • mgolden is not online. Last active: 02-20-2012, 0:57 mgolden
    • Top 150 Contributor
    • Joined on 05-14-2007
    • Florida
    • Member
    • Points 640

    Re: F-Prot v6's fpscan.exe

    On the Mercury/32 machine do I need to tell F-Prot to exclude any directories from scanning?

     

    Filed under:
  •  12-15-2007, 5:24

    • mgolden is not online. Last active: 02-20-2012, 0:57 mgolden
    • Top 150 Contributor
    • Joined on 05-14-2007
    • Florida
    • Member
    • Points 640

    Re: F-Prot v6's fpscan.exe

    Another question.  I'm looking at replacing Captaris WebMail with SquirrelMail.  I've gone so far as actually sending a test message from SM.  Does anyone know if it's possible to remove the SM identifiers from the header records?  I don't personally but I'm sure there are plenty of mail administrators out there that are blocking SM due to all the spam with SM in the headers.

    Return-path: <x@bkbusa.com>
    Received: from 192.168.1.3 (192.168.1.1) by BKBUSA.COM (Mercury/32 v4.01b) with ESMTP ID MG000E34;
       25 Nov 2007 16:10:04 -0400
    Received: from 0.0.0.0
            (SquirrelMail authenticated user x)                 <-------
            by 192.168.1.3 with HTTP;
            Thu, 25 Nov 2007 16:10:06 -0400 (Eastern Daylight Time)
    Message-ID: <0.0.0.0.0.1193343006.squirrel@192.168.1.3>
    Date: Thu, 25 Nov 2007 16:10:06 -0400 (Eastern Daylight Time)
    Subject: Test
    From: x@bkbusa.com
    To: x@bkbusa.com
    User-Agent: SquirrelMail/1.4.11                             <-------
    MIME-Version: 1.0
    Content-Type: text/plain;charset=iso-8859-1
    Content-Transfer-Encoding: 8bit
    X-Priority: 3 (Normal)
    Importance: Normal
    X-PMFLAGS: 34078848 0 1 723C85FA.CNM                        

View as RSS news feed in XML

Contact | Advertise | Host provider: PraktIT | Terms of Use | Privacy Statement
Copyright © 2007-2011 David Harris / Peter Strömblad. | Pegasus Mail Home Page