Release 4.62.6 beta

UxBoD uxbod at splatnix.net
Thu Jul 26 21:33:04 UTC 2007 

Jules,

1) Yes worth a try ;)
2) Due to people putting slashes in virus names ;) MSRBL is the only one I have hit, but on checking clamav degault signatures these get hit aswell :-

Trojan.Aimbot-8./0132624
Trojan.Aimbot-8./0132624

Therefore using the split function I don't believe that they will be reported correctly, and will be shown as UNKNOWN.  Just thought by applying a different methology for CLAMAV output would cover all scenarios when a signature writer uses a hash in the name.

Regards,

Phil

--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net

----- Original Message -----
From: "Julian Field" <MailScanner at ecs.soton.ac.uk>
To: "MailScanner Beta-testers" <mailscanner-beta at lists.mailscanner.info>
Sent: 26 July 2007 22:11:38 o'clock (GMT) Europe/London
Subject: Re: Release 4.62.6 beta

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



UxBoD wrote:
> Jules,
>
> Two things :-
>
> 1) I have spoken to MSRBL and they are not willing to change the '/' too a '.' for the MSRBL-Images files
>   
I think you were rather optimistic there, in their position I wouldn't 
have changed it either :-)
> 2) I have been thinking about the parsing for ClamD. What is returned by ClamD contains three or more slashes in the result. If using split on the '/' the first two elements are definately queue name, and the second is either the filename or header. So based on that instead of using split could we use a substr and parse through the whole result string?
>   
Why/how does that actually help? I used the same basic parser structure 
I use in all the other output parsers. What is the good reason to change it?

> I will work on some code tomorrow as I have plenty of samples. Once done you could them work your "pure" perl magic on it :)
>
> Best Regards,
>
> --[ UxBoD ]--
> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
> // Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
> // Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
>
>
>   

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)
Charset: UTF-8

wj8DBQFGqQ4LEfZZRxQVtlQRAhXdAJ98j7jvWlCYIoONPalbAJ1zTknHhgCgz2PR
SQK4zAF9cXLLYR+Bmmx6p+I=
=Hap7
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

--
MailScanner-Beta mailing list
mailscanner-beta at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner-beta

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner-Beta mailing list