Announce: MailWatch for MailScanner 0.2 (was MailScanner-Con sole )

Mike Zanker mike at ZANKER.ORG
Tue Jun 17 09:31:00 IST 2003

On 17 June 2003 09:18 +0100 Steve Freegard
<steve.freegard at LBSLTD.CO.UK> wrote:

> The regex works against the report field on the database which
> contains all the reports from MailScanner joined together, so it will
> be slightly different to what you see in the maillog.  If you look at
> the message detail for an infected message and look at the 'Report:'
> field, you'll see what I mean.

This is the Report: field for an infected message:

Report: >>> Virus 'EICAR-AV-Test' found in file

> Try this for the regex:  '/Sophos: (\S+) found in file (.+)/' - and
> see if that does the trick.

I'm actually using this at the moment:

define(VIRUS_REGEX, '/(>>>) Virus \'(.+)\' found/');

and it seems to be extracting the virus name correctly - at least it
appears as just EICAR-AV-Test in the various reports and the box at the
top right of the main page. The (>>>) is to make sure that the virus
name ends up as the second element of your array.



More information about the MailScanner mailing list