SweepViruses.pm: minor patch to 4.29.7, for 4.30

Julian Field mailscanner at ecs.soton.ac.uk
Sat May 1 12:39:36 IST 2004 

All done. Now outputs either "SophosSAVI::" or "ClamAVModule::" at the
start of the log output from each scanner.

At 21:00 30/04/2004, you wrote:
>Julian,
>    This is fine by me, I can work with whatever you implement here.
>
>Jeff Earickson
>
>On Fri, 30 Apr 2004, Mark Nienberg wrote:
>
> > Date: Fri, 30 Apr 2004 12:56:14 -0700
> > From: Mark Nienberg <mark at TIPPINGMAR.COM>
> > Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: SweepViruses.pm: minor patch to 4.29.7, for 4.30
> >
> > <?xml version="1.0" ?>
> > On 30 Apr 2004 at 8:59, Julian Field wrote:
> > > You can't do that without changing the parser. You got away with it as
> > > you also mistakenly changed the separator from ":: " to "::" so it
> > > didn't pick up your change. I'll fix it for you and put it in 4.30.
> > >
> > > At 15:32 29/04/2004, you wrote:
> > > >The purpose of the patch is to
> > > >change the syslog output for ClamAVmodule and SophosSAVI from:
> > > >
> > > >MailScanner[29668]: INFECTED:: W32/Bagle-AA:: (pathname)
> > > >MailScanner[29668]: INFECTED:: Worm.Bagle.Z:: (pathname)
> > > >
> > > >to:
> > > >
> > > >MailScanner[24988]: INFECTED::SophosSAVI:: W32/Bagle-AA:: (pathname)
> > > >MailScanner[24988]: INFECTED::ClamAVModule:: Worm.Bagle.Z::
> > > >(pathname)
> > I wonder if it would be better to change it to something like:
> > MailScanner[24988]: SophosSAVI::INFECTED:: W32/Bagle-AA:: (pathname)
> > so it wouldn't break all of the log parsing scripts that currently
> search for
> > INFECTED and expect to find the virus name immediately after.
> > --
> > Mark W. Nienberg, SE
> > Tipping Mar + associates
> > 1906 Shattuck Ave, Berkeley, CA 94704
> > (510) 549-1906
> > visit our website www.tippingmar.com
> > -------------------------- MailScanner list ---------------------- To
> leave,
> > send leave mailscanner to jiscmail at jiscmail.ac.uk Before posting,
> please see
> > the Most Asked Questions at http://www.mailscanner.biz/maq/ and the
> archives
> > at http://www.jiscmail.ac.uk/lists/mailscanner.html
> >
>
>-------------------------- MailScanner list ----------------------
>To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/     and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list