Release 4.62.6 beta

Julian Field MailScanner at ecs.soton.ac.uk
Thu Jul 26 21:44:56 UTC 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



UxBoD wrote:
> Jules,
>
> 1) Yes worth a try ;)
> 2) Due to people putting slashes in virus names ;) MSRBL is the only one I have hit, but on checking clamav degault signatures these get hit aswell :-
>
> Trojan.Aimbot-8./0132624
> Trojan.Aimbot-8./0132624
>
> Therefore using the split function I don't believe that they will be reported correctly, and will be shown as UNKNOWN.  Just thought by applying a different methology for CLAMAV output would cover all scenarios when a signature writer uses a hash in the name.
>   
Right, yes, I see the problem now. Some other parsing strategy would be 
a good idea, yes.
> Regards,
>
> Phil
>
> --[ UxBoD ]--
> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
> // Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
> // Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
>
> ----- Original Message -----
> From: "Julian Field" <MailScanner at ecs.soton.ac.uk>
> To: "MailScanner Beta-testers" <mailscanner-beta at lists.mailscanner.info>
> Sent: 26 July 2007 22:11:38 o'clock (GMT) Europe/London
> Subject: Re: Release 4.62.6 beta
>
>
> * PGP Signed by an unmatched address: 07/26/07 at 22:11:39
>
>
>
> UxBoD wrote:
>   
>> Jules,
>>
>> Two things :-
>>
>> 1) I have spoken to MSRBL and they are not willing to change the '/' too a '.' for the MSRBL-Images files
>>   
>>     
> I think you were rather optimistic there, in their position I wouldn't 
> have changed it either :-)
>   
>> 2) I have been thinking about the parsing for ClamD. What is returned by ClamD contains three or more slashes in the result. If using split on the '/' the first two elements are definately queue name, and the second is either the filename or header. So based on that instead of using split could we use a substr and parse through the whole result string?
>>   
>>     
> Why/how does that actually help? I used the same basic parser structure 
> I use in all the other output parsers. What is the good reason to change it?
>
>   
>> I will work on some code tomorrow as I have plenty of samples. Once done you could them work your "pure" perl magic on it :)
>>
>> Best Regards,
>>
>> --[ UxBoD ]--
>> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
>> // Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
>> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
>> // Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
>>
>>
>>   
>>     
>
> Jules
>
>   

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)
Charset: UTF-8

wj8DBQFGqRXZEfZZRxQVtlQRAghTAJ9eMs/YTkY5Zoz6YR6kR0ac9cVdqQCfZcvP
zCq4QTJLkyX3rqw66GywcbE=
=8ZIN
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

More information about the MailScanner-Beta mailing list