Norman Sandbox and MailScanner
sjakie07 at chello.nl
Wed Jul 12 14:40:09 IST 2006
> Yep the problem is the sandbox output is multiple lines, AND the last
> line BEGINS with a single quote (see below). So using Julian's original
> REGEX, it will definitely NOT work. REGEX, unless you seriously get
> funky, deals with single lines in the pattern space, so multi-line
> output is a royal pain.
> Also, Julian's REGEX has this:
> /^[^']+'([^']+)' -> '([^']+)'\s*$/
> Specifically, it is DESIGNED to ignore lines the begin with one, or
> more, single quotes. See the problem? The sandbox output spans
> multiple lines until it reaches the terminator (a single quote), BUT the
> single quote is the first character on the line. No cigar :(
> It's too late and I'm too tired to think about how a single REGEX
> pattern could be written to match BOTH Norman's outputs. So I'll leave
> that as an exercise for someone who doesn't a have deadline tomorrow
> morning, a dead database tonight and 11 hours until the world ends :P
Thanks for your help!
If it's really difficult to write a single REGEX pattern to match BOTH
then maybe as a workaround it would be possible to add a new virusscanner
i.e. "normansandbox" in MailScanner?
It might not be the best solution and it maybe slower (Virus Scanners =
norman normansandbox clamav) but i can live with that.
I could even disable sandbox scanning in the default "norman" virusscanner
of MailScanner (options -sb:0) so that this one will be a little bit faster.
Is this possible and what would the REGEX for "normansandbox" look like?
More information about the MailScanner