Announce: MailWatch for MailScanner 0.2 (was MailScanner-Con sole )

Steve Freegard steve.freegard at LBSLTD.CO.UK
Tue Jun 17 09:18:03 IST 2003

Hi Mike,

The regex works against the report field on the database which contains all
the reports from MailScanner joined together, so it will be slightly
different to what you see in the maillog.  If you look at the message detail
for an infected message and look at the 'Report:' field, you'll see what I

Try this for the regex:  '/Sophos: (\S+) found in file (.+)/' - and see if
that does the trick.

Kind regards,

Steve Freegard
Systems Manager
Littlehampton Book Services Ltd.

-----Original Message-----
From: Mike Zanker [mailto:mike at ZANKER.ORG]
Sent: 17 June 2003 08:43

On 16 June 2003 23:10 +0100 Steve Freegard
<steve.freegard at LBSLTD.CO.UK> wrote:

> Sorry - but I forgot to copy the create.sql file into the distribution
> directory before I created the tarball.

Thanks for this - I have created the database and logging works fine.
However, I'm struggling with a VIRUS_REGEX for Sophos. The output is

">>> Virus 'W32/Gibe-D' found in file ./h5F5Y0U18034/MeCLBuITR.exe"

so the virus name and file name are the other way round.

Has anybody got round this?

(It would be too much work to use SophosSAVI.)



This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender and delete the message from your mailbox.

This footnote also confirms that this email message has been swept by
MailScanner ( for the presence of computer viruses.

More information about the MailScanner mailing list