User manual
Avira GmbH Avira AntiVir Server/ Professional (UNIX) 23
External
Program
Starting External Programs When Suspicious Files Are Found:
AntiVir Guard can start an external program when a virus or an unwanted program is
found. This can send a notification or perform an action using AntiVir Guard options.
It is possible to send an SMS, to call the appointed responsible person, to show a dialog
window on the local screen or on another computer, to save the data in another format or
another file.
You can use macros (preceded by %) to pass the results as arguments to the external
program. Thus the data can be treated differently and adjusted to the local conditions.
The following table shows the supported macros and their significance:
ExternalProgram /bin/sh /usr/lib/AntiVir/guard/popup_message.sh
[%Sn] %p
Default: NONE
Please use this feature with extreme caution! Check your external
programs for correctness and keep in mind, that an attacker might
use crafted file names (containing spaces, commands, etc.) for
injecting arguments into your external program.
Option Function
%h Path to file (may contain special characters)
%f Filename only (may contain special characters)
%p Full path and filename (such as %h/%f), may contain special
characters
%U UID of file (owner identifier )
%G GID of file (UNIX group identifier)
%s File size
%m File access mode (octal)
%De Event type
%DF File system or partition (device) on which the file is located
(hexadecimal)
%Dp PID of the process
%Du UID of the process
%Df Flag of file operation (hexadecimal)
%Dm Access mode of file operation (hexadecimal)
%Sn Name of the detected virus / unwanted program
%Sa Extra information about the alert (if available)
%SU Alert URL.
Some of these parameters are not checked by AntiVir but are taken
from the file properties and forwarded to the running process, so
they must be checked before further processing.