Can't parse virus log

Michael Janssen Janssen at RZ.UNI-FRANKFURT.DE
Wed Aug 6 18:42:59 IST 2003


On Wed, 6 Aug 2003, [windows-1250] Kamil Juøík - AFX wrote:

> Hi,
> I've got a problem described below. I tried to repair regexp but it
> didn't work.
>
> I'm sending you a log made by ProcessBitDefenderOutput, printed $line:

> Aug  6 17:00:59 itest MailScanner[12168]: Variable
> Line............^[[0;37;40m/var/spool/MailScanner/incoming/12168/./E0612C0DC/eicar_com.zip=>eicar.com

>  ^[[1;31;40minfected: EICAR-Test-File (not a virus)^[[0;37;40m
> <------------|       Why is there ^[[1;31;40m instead of '\t'??? Parser
> can't found infection because it search for \tinfected: Original
> antivirus log contains all lines with \t and
> no ^[[1;31;40m and nothing similar.

I can't tell you from where this code comes, but it seems to me like
broken ansi colordefinitions. Try:

echo -e "\033[1;36;40mHello\033[0;37;40m World\033[0m"

to see how it works. \033 is one way to express "now comes ansi
color". ^[ is possibly broken (OTOH ansi TERM color is broken, when
written into a file ;-). 1m is bold, 36m is bluish, 40m is
black background. 0m sets back to normal.

You should turn color off in whatever writes into your log.

cheers
Michael




More information about the MailScanner mailing list