Community Discussions and Support
Policy problem with return code

It depends on the policy action. If you "forward the message" it is policy1.mer; if you "save to file" it is policy3.mer.

Both are very similar. All the other substitutions except ~p2 work.

Its not a problem at all. Maybe just an item on the To Do for the next Mercury release [:)]

 

Bernward

<p>It depends on the policy action. If you "forward the message" it is policy1.mer; if you "save to file" it is policy3.mer.</p><p>Both are very similar. All the other substitutions except ~p2 work.</p><p>Its not a problem at all. Maybe just an item on the To Do for the next Mercury release [:)]</p><p> </p><p>Bernward </p>

Hello,

I have set up a policy to scan all incoming mail for viruses. The task type is "Run a program and examine return code"

My command line is "C:\scan\scan.bat ~A" which calls a batch file scan.bat. This batch calls my commandline scanner with its needed parameters, and returns 1 in case a virus was found, and 0 when no virus is found.

The specified action is "Save to file and notify user", with the parameter "C:\scan\badmail, myname@company.de"

Regardless of the return value, Mercury never takes the specified action. All mails are passed unaffected.

I checked the batchfile manually on the EICAR testfile and other files. The return values are correct.

I also checked the process by sending the EICAR testmail to myself. While the scanner found the virus (seen in the logfile), Mercury took no action.

 

Bernward

 

<p>Hello,</p><p>I have set up a policy to scan all incoming mail for viruses. The task type is "Run a program and examine return code"</p><p>My command line is "C:\scan\scan.bat ~A" which calls a batch file scan.bat. This batch calls my commandline scanner with its needed parameters, and returns 1 in case a virus was found, and 0 when no virus is found.</p><p>The specified action is "Save to file and notify user", with the parameter "C:\scan\badmail, myname@company.de"</p><p>Regardless of the return value, Mercury never takes the specified action. All mails are passed unaffected.</p><p>I checked the batchfile manually on the EICAR testfile and other files. The return values are correct.</p><p>I also checked the process by sending the EICAR testmail to myself. While the scanner found the virus (seen in the logfile), Mercury took no action.</p><p> </p><p>Bernward </p><p> </p>

A Mercury add-on called Virprot was designed to do exactly what you are trying to accomplish.  Find it in the downloads section of this site.  http://community.pmail.com/files/folders/mercadd/default.aspx

I used Virprot and a command line scanners for many years but when ClamWall was introduced with Mercury I found the ClamWall/ClamAV solution a better way to go.

 

<p>A Mercury add-on called Virprot was designed to do exactly what you are trying to accomplish.  Find it in the downloads section of this site.  http://community.pmail.com/files/folders/mercadd/default.aspx</p><p>I used Virprot and a command line scanners for many years but when ClamWall was introduced with Mercury I found the ClamWall/ClamAV solution a better way to go.</p><p> </p>

[quote user="bmpan"]

Hello,

I have set up a policy to scan all incoming mail for viruses. The task type is "Run a program and examine return code"

My command line is "C:\scan\scan.bat ~A" which calls a batch file scan.bat. This batch calls my commandline scanner with its needed parameters, and returns 1 in case a virus was found, and 0 when no virus is found.

The specified action is "Save to file and notify user", with the parameter "C:\scan\badmail, myname@company.de"

Regardless of the return value, Mercury never takes the specified action. All mails are passed unaffected.

I checked the batchfile manually on the EICAR testfile and other files. The return values are correct.[/quote]

How are you checking the return code after your batch file completes?  Have you tested it with different actions?

In the past I used a policy to run a commandline scanner from a batch file but chose the sentinal file option.  Clamwall works best for me now.

[quote user="bmpan"] <P>Hello,</P> <P>I have set up a policy to scan all incoming mail for viruses. The task type is "Run a program and examine return code"</P> <P>My command line is "C:\scan\scan.bat ~A" which calls a batch file scan.bat. This batch calls my commandline scanner with its needed parameters, and returns 1 in case a virus was found, and 0 when no virus is found.</P> <P>The specified action is "Save to file and notify user", with the parameter "C:\scan\badmail, myname@company.de"</P> <P>Regardless of the return value, Mercury never takes the specified action. All mails are passed unaffected.</P> <P>I checked the batchfile manually on the EICAR testfile and other files. The return values are correct.[/quote]</P> <P>How are you checking the return code after your batch file completes?  Have you tested it with different actions?</P> <P>In the past I used a policy to run a commandline scanner from a batch file but chose the sentinal file option.  Clamwall works best for me now.</P>

Thank you Brian and Paul. I will check for the virprot plugin.

We have a commercial licensed virus checker by Avira company. I like to use this also for email checking. My batchfile is similar to:

REM Batch command line scanner
REM Avira V13
echo off

C:\Scan\scancl.exe --workingdir="C:\Programme\Avira\AntiVir Desktop" --config=C:\Scan\scancl.conf %1
REM this calls scancl.exe with parameter %1 (the file to be checked)

if errorlevel 1 goto virus

:novirus
echo NO Virus found
exit /b 0

:virus
echo !!!Found Virus!!!
exit /b 1

(Sorry, don't know how to get this formatted as Code view)

Called in a CMD shell, this batch does exactly what I expect.I tested the return code by calling this batch from within another batch and echoing the %ERRORLEVEL% value.

Called by Mercury, the return value seems always 0. The action should always be "save to file and notify a user". I did not test other actions yet.

Does it make a difference if Mercury checks the return values of a batch or of an .exe executable?

 

Thank you,

Bernward

<p>Thank you Brian and Paul. I will check for the virprot plugin.</p><p>We have a commercial licensed virus checker by Avira company. I like to use this also for email checking. My batchfile is similar to:</p><p><b>REM Batch command line scanner REM Avira V13 echo off C:\Scan\scancl.exe --workingdir="C:\Programme\Avira\AntiVir Desktop" --config=C:\Scan\scancl.conf %1 REM this calls scancl.exe with parameter %1 (the file to be checked) if errorlevel 1 goto virus :novirus echo NO Virus found exit /b 0 :virus echo !!!Found Virus!!! exit /b 1</b> </p><p>(Sorry, don't know how to get this formatted as Code view)</p><p>Called in a CMD shell, this batch does exactly what I expect.I tested the return code by calling this batch from within another batch and echoing the %ERRORLEVEL% value. </p><p>Called by Mercury, the return value seems always 0. The action should always be "save to file and notify a user". I did not test other actions yet. </p><p>Does it make a difference if Mercury checks the return values of a batch or of an .exe executable?</p><p> </p><p>Thank you,</p><p>Bernward </p>

Perhaps the Quit or Cancel command would work better than Exit.

http://jpsoft.com/help/index.htm?quit.htm

Dig into Virprot though.  It is tried and true.

 

<p>Perhaps the Quit or Cancel command would work better than Exit.</p><p>http://jpsoft.com/help/index.htm?quit.htm</p><p>Dig into Virprot though.  It is tried and true.</p><p> </p>

[quote user="bmpan"]

Thank you Brian and Paul. I will check for the virprot plugin.

We have a commercial licensed virus checker by Avira company. I like to use this also for email checking. My batchfile is similar to:

REM Batch command line scanner
REM Avira V13
echo off

C:\Scan\scancl.exe --workingdir="C:\Programme\Avira\AntiVir Desktop" --config=C:\Scan\scancl.conf %1
REM this calls scancl.exe with parameter %1 (the file to be checked)

if errorlevel 1 goto virus

:novirus
echo NO Virus found
exit /b 0

:virus
echo !!!Found Virus!!!
exit /b 1

[/quote]

Try the exits without the "/b" - that way it should set the return code.

... 

[quote]Does it make a difference if Mercury checks the return values of a batch or of an .exe executable?[/quote]

It appears so.

[quote user="bmpan"] <P>Thank you Brian and Paul. I will check for the virprot plugin.</P> <P>We have a commercial licensed virus checker by Avira company. I like to use this also for email checking. My batchfile is similar to:</P> <P><B>REM Batch command line scanner REM Avira V13 echo off C:\Scan\scancl.exe --workingdir="C:\Programme\Avira\AntiVir Desktop" --config=C:\Scan\scancl.conf %1 REM this calls scancl.exe with parameter %1 (the file to be checked) if errorlevel 1 goto virus :novirus echo NO Virus found exit /b 0 :virus echo !!!Found Virus!!! exit /b 1</B> [/quote]</P> <P>Try the exits without the "/b" - that way it should set the return code.</P> <P>... </P> <P>[quote]Does it make a difference if Mercury checks the return values of a batch or of an .exe executable?[/quote]</P> <P>It appears so.</P>

I removed the /b option from the EXIT command. Now the batch file and the policy work as expected.

Even the content of my virus scanners result file gets copied into the Policy Exception Advice email that I receive from Mercury.

Just some other thing: The "Message sender" field within that mail is empty. I checked the policy1.mer file, which appears to be the template for that email. There is a parameter ~p2 in the "Message sender" field, which is in turn the FROM field of the original message.

I checked the original message, and the From field was not empty.

<p>I removed the /b option from the EXIT command. Now the batch file and the policy work as expected.</p><p>Even the content of my virus scanners result file gets copied into the Policy Exception Advice email that I receive from Mercury. </p><p>Just some other thing: The "Message sender" field within that mail is empty. I checked the policy1.mer file, which appears to be the template for that email. There is a parameter ~p2 in the "Message sender" field, which is in turn the FROM field of the original message.</p><p>I checked the original message, and the From field was not empty. </p>

[quote user="bmpan"]

I removed the /b option from the EXIT command. Now the batch file and the policy work as expected.[/quote]

Good :)

[quote]Even the content of my virus scanners result file gets copied into the Policy Exception Advice email that I receive from Mercury.

Just some other thing: The "Message sender" field within that mail is empty. I checked the policy1.mer file, which appears to be the template for that email. There is a parameter ~p2 in the "Message sender" field, which is in turn the FROM field of the original message.

I checked the original message, and the From field was not empty.[/quote]

I think it is policy3.mer for the notification email.  Do the other ~p substitutions work?  I can't find any other reference to them not working.

[quote user="bmpan"] <P>I removed the /b option from the EXIT command. Now the batch file and the policy work as expected.[/quote]</P> <P>Good :)</P> <P>[quote]Even the content of my virus scanners result file gets copied into the Policy Exception Advice email that I receive from Mercury. </P> <P>Just some other thing: The "Message sender" field within that mail is empty. I checked the policy1.mer file, which appears to be the template for that email. There is a parameter ~p2 in the "Message sender" field, which is in turn the FROM field of the original message.</P> <P>I checked the original message, and the From field was not empty.[/quote]</P> <P>I think it is policy3.mer for the notification email.  Do the other ~p substitutions work?  I can't find any other reference to them not working.</P>
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft