GData Virus scan implementation based on WHS 2011 example

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
Singlebit
New user
New user
Posts: 8
Joined: 2011-12-06 11:55

GData Virus scan implementation based on WHS 2011 example

Post by Singlebit » 2011-12-06 12:26

Hello,

since it took me some time to got the GData Internet Security for HomeServer integrated into the hmailserver I would like to share my solution with others in case they want to do the same thing.

Since the GData command line scanner is not supporting return codes I found another way to use it in hmailserver.

First you need to create a small batch script (I named it "virusscan.bat") and you place it where you want (Adjust the SCANBINARY value to your environment).

virusscan.bat

Code: Select all

@echo off
SETLOCAL ENABLEDELAYEDEXPANSION
set FILE=%1
set LOGFILE=%FILE%.scan.log
set MAXBYTESIZE=10
set SCANBINARY="C:\Program Files (x86)\G DATA\AVKClient\avkcmd.exe"
set RC=0
set INFECTEDSTRING=Infected

%SCANBINARY% /scan(e0a0):%FILE% /silent /nologo /noprogress /log(t0h0i0):%LOGFILE%

FOR /F "usebackq" %%A IN ('%LOGFILE%') DO set SIZE=%%~zA

if %SIZE% LSS %MAXBYTESIZE% (
    echo.Virus scanner did not find a virus or generated a message or warning.
) ELSE (
    echo.Virus scanner find a virus or generated a message or warning.
    echo.Checking if a real virus was found or only a message or warning was generated.
    for /f %%a in ('type %LOGFILE%') do (
        set s=@@@%%a
        if "%s%"=="!s:@@@%INFECTEDSTRING%=!" (
            echo.Virus found. "%LOGFILE%" contains an entry which begins with "%INFECTEDSTRING%".
            set RC=1
        )
    )
)

if "%RC%" == "0" (
    echo.No virus found.
    del %LOGFILE%
)

exit %RC%
This script is doing the actual scan.
It will call the GData virus scanner and in case the scanner writes entries in a log file (This is the case in case of a virus has been found or in case a file could not be opened or in case of other messages) it will check if it finds entries starting with the word "Infeced" which indicates a virus message.
In case of a virus was found it will not delete the LOGFILE but you can change this if you want :).

In the hmailserver Anti-Virus scanner executable you need then just to specify (Place the double quotes exactly as shown):

Code: Select all

"<PATH TO THE SCRIPT>\virusscan.bat" %FILE%
and Return value should be 1.

I know that the script might not be perfect and could be enhanced but for me it does what it should.

Good luck.

Cheers,

Singlebit

Coloratus
New user
New user
Posts: 6
Joined: 2016-02-23 18:31

Re: GData Virus scan implementation based on WHS 2011 example

Post by Coloratus » 2016-03-30 23:11

Hello,

I have just implendet this solution with the use of Gdata Internet Security (Ver. 25.1.0.12).
Unfortunally when I try the integrated [Test] of the external virus scannner Tab all i get is this error:
"Virus detection failed. Reason: Return code: 0".
I´ve tried also to run the script/Bat on a Cmd-Line that I´ve startet with "Run as Admin".
The result of it:
"Invalid command: /scan(e0a0):
"10" kann syntaktisch an dieser Stelle nicht verarbeitet werden."
Translate: "10" can not be syntactically processed at this point. "

That´s the Adjusted Code I use:

Code: Select all

@echo off
SETLOCAL ENABLEDELAYEDEXPANSION
set FILE=%1
set LOGFILE=%FILE%.scan.log
set MAXBYTESIZE=10
set SCANBINARY="C:\Program Files (x86)\G Data\InternetSecurity\AVK\avkcmd.exe"
set RC=0
set INFECTEDSTRING=Infected

%SCANBINARY% /scan(e0a0):%FILE% /silent /nologo /noprogress /log(t0h0i0):%LOGFILE%

FOR /F "usebackq" %%A IN ('%LOGFILE%') DO set SIZE=%%~zA

if %SIZE% LSS %MAXBYTESIZE% (
    echo.Virus scanner did not find a virus or generated a message or warning.
) ELSE (
    echo.Virus scanner find a virus or generated a message or warning.
    echo.Checking if a real virus was found or only a message or warning was generated.
    for /f %%a in ('type %LOGFILE%') do (
        set s=@@@%%a
        if "%s%"=="!s:@@@%INFECTEDSTRING%=!" (
            echo.Virus found. "%LOGFILE%" contains an entry which begins with "%

INFECTEDSTRING%".
            set RC=1
        )
    )
)

if "%RC%" == "0" (
    echo.No virus found.
    del %LOGFILE%
)

exit %RC%
This is the row i use in the hmailserver Anti-Virus scanner executable:

Code: Select all

"c:\virusscan.bat" %FILE%
Return value set to 1


The Software-setup I use at the moment for hMailserver:
Vista Business 64-Bit
hMailserver 5.6.4-B2283
GDATA Internet Security Ver. 25.1.0.12 (latest Ver.)

This all is still a testenvironment, on target is to use the "Gdata Client security Business" in a few months (If the avkcmd.exe ever will start to work with hMailserver).
It is pathetic to say that GData Support it self cant tell anyone how to use the cmdline-scanner at all, they really did tell me yesterday "...there is no cmdline-scanner at all". Well I can tell you Yes it is there, even in the Business security client.

Can someone please tell me how to get GDAta to work with hMailserver?
Thanks and best regards

User avatar
jimimaseye
Moderator
Moderator
Posts: 10060
Joined: 2011-09-08 17:48

Re: GData Virus scan implementation based on WHS 2011 example

Post by jimimaseye » 2016-03-30 23:26

Maybe the clue is:
"Invalid command: /scan(e0a0):
Looks like your BAT script is wrong (wrong syntax).

You should contact GData Support and ask them what the parameters are or (again) how you can perform an on-demand single-file scan and what the return code is. I suspect the script you have used is no longer useful.

But remember: not all AV solutions can be used as they dont necessarily give the ability to do so. And if they say no you cant, then maybe it really is no you cant.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 10060
Joined: 2011-09-08 17:48

Re: GData Virus scan implementation based on WHS 2011 example

Post by jimimaseye » 2016-03-30 23:38

5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Coloratus
New user
New user
Posts: 6
Joined: 2016-02-23 18:31

Re: GData Virus scan implementation based on WHS 2011 example

Post by Coloratus » 2016-03-31 15:13

Köszönöm, remélem ez segít :-)

Thanks for your quick response, I´ll test this.
But I guess the best glue is the last row in your Signature ^^

Coloratus
New user
New user
Posts: 6
Joined: 2016-02-23 18:31

Re: GData Virus scan implementation based on WHS 2011 example

Post by Coloratus » 2016-03-31 16:20

the problem is like you marked in the first place at:

%SCANBINARY% /scan(e0a0):%FILE%

if i place a filename to scan there instead using the %File%, the virusscan.bat runs through without error.
I guess the error is found here:
set FILE=%1
or at
set LOGFILE=%FILE%.scan.log

I dont have any glue in scripting, so i beg your pardon!

Singlebit
New user
New user
Posts: 8
Joined: 2011-12-06 11:55

Re: GData Virus scan implementation based on WHS 2011 example

Post by Singlebit » 2016-04-03 16:33

Hi, I updated the code a little bit.

The following works for me on WHS 2011 (Windows Server 2008 R2) with Gdata 13.2.

Code: Select all

@echo OFF
set RC=0
set FILE=%1

if NOT EXIST %FILE% (
    echo.File to scan does not exist
    GOTO endcheck
)

set LOGFILE=%FILE%.scan.log
set MINBYTESIZE=10
set SCANBINARY="C:\Program Files (x86)\G DATA\AVKClient\avkcmd.exe"
set RC=0
set INFECTEDSTRING=Infected

%SCANBINARY% /scan(e0a0):%FILE% /silent /nologo /noprogress /log(t0h0i0):%LOGFILE%

FOR /F "usebackq" %%A IN ('%LOGFILE%') DO set SIZE=%%~zA

IF %SIZE% GTR %MINBYTESIZE% (
    echo.Virus scanner found a virus or generated a message or warning.
    echo.Checking if a real virus was found or only a message or warning was generated.
    type "%LOGFILE%" | findstr /B /C:"%INFECTEDSTRING%"
    IF NOT ERRORLEVEL 1 IF NOT ERRORLEVEL 2 (
        echo.Virus found. "%LOGFILE%" contains an entry which begins with "%INFECTEDSTRING%".
        set RC=1
    )
)

if "%RC%" == "0" (
    echo.No virus found.
    del %LOGFILE%
)

:endcheck
exit %RC%

Coloratus
New user
New user
Posts: 6
Joined: 2016-02-23 18:31

Re: GData Virus scan implementation based on WHS 2011 example

Post by Coloratus » 2016-04-06 20:54

Thanks a lot Singlebit, now it works for me too. :D

But at the moment I guess (and it looks alot like that direktion) we are gona use Kaspersky Small Office Security 4.
B.t.w. forget all about the GData Support when it comes about Return Codes, wont tell a thing about Return Codes at all (some tried to help but they didnt know the code)

Again, I thank you a lot for your update on your script.

prisma
Senior user
Senior user
Posts: 325
Joined: 2010-07-09 13:16

Re: GData Virus scan implementation based on WHS 2011 example

Post by prisma » 2024-01-29 18:44

FYI:

Obviously, GDATA has understood the importance of exit codes. Especially regarding command line programs which are used for batch jobs.
So the solution, as of this writing, is quite simple:

"C:\Program Files (x86)\G Data\AVKClient\avkcmd.exe" /scan(e0a0): "%FILE%" /silent /nologo

Exit code to check in case of infection: 1

That's it, works like a charm. Until now…

Post Reply