Announce: MailWatch for MailScanner 0.2 (was MailScanner-Con sole )
Mike Zanker
mike at ZANKER.ORG
Tue Jun 17 09:31:00 IST 2003
On 17 June 2003 09:18 +0100 Steve Freegard
<steve.freegard at LBSLTD.CO.UK> wrote:
> The regex works against the report field on the database which
> contains all the reports from MailScanner joined together, so it will
> be slightly different to what you see in the maillog. If you look at
> the message detail for an infected message and look at the 'Report:'
> field, you'll see what I mean.
This is the Report: field for an infected message:
Report: >>> Virus 'EICAR-AV-Test' found in file
/h5H8NBg22318/eicar_com.zip/eicar.com
> Try this for the regex: '/Sophos: (\S+) found in file (.+)/' - and
> see if that does the trick.
I'm actually using this at the moment:
define(VIRUS_REGEX, '/(>>>) Virus \'(.+)\' found/');
and it seems to be extracting the virus name correctly - at least it
appears as just EICAR-AV-Test in the various reports and the box at the
top right of the main page. The (>>>) is to make sure that the virus
name ends up as the second element of your array.
Regards,
Mike.
More information about the MailScanner
mailing list