Can't parse virus log

[Michael Janssen]

On Wed, 6 Aug 2003, [windows-1250] Kamil Juøík - AFX wrote:

> Hi,
> I've got a problem described below. I tried to repair regexp but it
> didn't work.
>
> I'm sending you a log made by ProcessBitDefenderOutput, printed $line:

> Aug  6 17:00:59 itest MailScanner[12168]: Variable
> Line............^[[0;37;40m/var/spool/MailScanner/incoming/12168/./E0612C0DC/eicar_com.zip=>eicar.com

>  ^[[1;31;40minfected: EICAR-Test-File (not a virus)^[[0;37;40m
> <------------|       Why is there ^[[1;31;40m instead of '\t'??? Parser
> can't found infection because it search for \tinfected: Original
> antivirus log contains all lines with \t and
> no ^[[1;31;40m and nothing similar.

I can't tell you from where this code comes, but it seems to me like
broken ansi colordefinitions. Try:

echo -e "\033[1;36;40mHello\033[0;37;40m World\033[0m"

to see how it works. \033 is one way to express "now comes ansi
color". ^[ is possibly broken (OTOH ansi TERM color is broken, when
written into a file ;-). 1m is bold, 36m is bluish, 40m is
black background. 0m sets back to normal.

You should turn color off in whatever writes into your log.

cheers
Michael