Dodgy RAV output using RAV8.4.0 for OpenBSD/Exim
Michael Sullenszino
mylists at SULLENSZINO.ORG
Tue Oct 15 22:02:23 IST 2002
I have been running RAV for OpenBSD3.x/Exim-8.4.0 for a little while
now and decided to use MailScanner-3.23-5 to also use SpamAssassin.
Noticed this when I hit it with a subseven attachment to test:
---------------------------------------------------------------------
Oct 15 11:09:35 home mailscanner[28119]: Scanning 1 messages, 1401338
bytes
Oct 15 11:09:37 home mailscanner[28119]: Dodgy things going on in Rav
output:
Oct 15 11:09:37 home mailscanner[28119]:
./181W8K-0002s6-00/subseven20.zip->SubSeven.exe Infected:
Backdoor:Win32/SubSeven.2_0
---------------------------------------------------------------------
Checked out sweep.pl and found on line 1014:
$line =~ s/^.*(\/.*\/.*)\s+Infected:[^:]*$/$1/
Seeing that my RAV output had an extra colon after "Backdoor",
I removed the "[^:]" and cavalierly replaced it with "."
$line =~ s/^.*(\/.*\/.*)\s+Infected:.*$/$1/
It worked, but I do not know what I have broken by doing so! Can
anyone advise why the second colon was excluded so I/we can write a
regex that will fix the issue?
Thanks in advance for any help.
Mike
--
Mike Sullenszino
mike at sullenszino.org
More information about the MailScanner
mailing list