<html><head><style type='text/css'>body { font-family: 'Verdana'; font-size: 10pt; color: #000000}</style></head><body>Hi Rick,<br><br>I changed the code too :-<br><br>&nbsp;&nbsp; &nbsp; &nbsp;my ($dot,$childname,$filename,$rest) = split('/',$results);<br>&nbsp;&nbsp; &nbsp; &nbsp;if ($filename =~ /.+?\sFOUND$/ &amp;&amp; $rest eq '') {<br>&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; $rest = $filename;<br>&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; $childname =~ s/\.header//;<br>&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; $filename = "message.header";<br>&nbsp;&nbsp; &nbsp; &nbsp; }<br><br>and it now detects okay, including in MailWatch :D<br><br><table class="data" border="0" cellpadding="0" cellspacing="0" width="700"><tbody><tr><th width="6%">Rank</th>
<th width="44%">Virus</th>
<th width="50%">Percentage of detection</th></tr><tr>
</tr><tr><td>1</td><td nowrap="nowrap">Html.Loan.Gen006.Sanesecurity.06120200</td><td><table class="data" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr>
<td style="padding: 0px; background-color: rgb(238, 2, 4);" width="43%">&nbsp;</td>
<td style="border: 0px none ; padding: 0px;" width="57%">&nbsp;43%</td></tr></tbody></table></td></tr>
<tr><td>2</td><td nowrap="nowrap">Html.Phishing.Bank.Rockv2Gen14.Sanesecurity.07060400</td><td><table class="data" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr>
<td style="padding: 0px; background-color: rgb(238, 2, 4);" width="37%">&nbsp;</td>
<td style="border: 0px none ; padding: 0px;" width="63%">&nbsp;37%</td></tr></tbody></table></td></tr>
<tr><td>3</td><td nowrap="nowrap">Email.Stk.Gen596.Sanesecurity.07071900.pdf</td><td><table class="data" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr>
<td style="padding: 0px; background-color: rgb(238, 2, 4);" width="11%">&nbsp;</td>
<td style="border: 0px none ; padding: 0px;" width="89%">&nbsp;11%</td></tr></tbody></table></td></tr>
<tr><td>4</td><td nowrap="nowrap">Html.Img.Gen013.Sanesecurity.06112900</td><td><table class="data" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr>
<td style="padding: 0px; background-color: rgb(238, 2, 4);" width="2%">&nbsp;</td>
<td style="border: 0px none ; padding: 0px;" width="98%">&nbsp;2%</td></tr></tbody></table></td></tr>
<tr><td>5</td><td nowrap="nowrap">Email.Hdr.Sanesecurity.07061900</td><td><table class="data" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr>
<td style="padding: 0px; background-color: rgb(238, 2, 4);" width="2%">&nbsp;</td>
<td style="border: 0px none ; padding: 0px;" width="98%">&nbsp;2%</td></tr></tbody></table></td></tr>
<tr><td>6</td><td nowrap="nowrap">Html.Phishing.Bank.Rockv2Gen28.Sanesecurity.07061800</td><td><table class="data" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr>
<td style="padding: 0px; background-color: rgb(238, 2, 4);" width="2%">&nbsp;</td>
<td style="border: 0px none ; padding: 0px;" width="98%">&nbsp;2%</td></tr></tbody></table></td></tr>
<tr><td>7</td><td nowrap="nowrap">Email.Stk.Gen591.Sanesecurity.07071800.pdf</td><td><table class="data" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr>
<td style="padding: 0px; background-color: rgb(238, 2, 4);" width="2%">&nbsp;</td>
<td style="border: 0px none ; padding: 0px;" width="98%">&nbsp;2%</td></tr></tbody></table></td></tr>
<tr><td>8</td><td nowrap="nowrap">Worm.Somefool.AR</td><td><table class="data" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr>
<td style="padding: 0px; background-color: rgb(238, 2, 4);" width="2%">&nbsp;</td>
<td style="border: 0px none ; padding: 0px;" width="98%">&nbsp;2%</td></tr></tbody></table></td></tr></tbody></table><br><br><br><br>----- Original Message -----<br>From: "Rick Cooper" &lt;rcooper@dwford.com&gt;<br>To: "MailScanner discussion" &lt;mailscanner@lists.mailscanner.info&gt;<br>Sent: Thursday, July 19, 2007 1:56:10 PM (GMT) Europe/London<br>Subject: RE: UNKNOWN CLAMD RETURN<br><br>&nbsp;<br><br>&nbsp;&gt; -----Original Message-----<br>&nbsp;&gt; From: mailscanner-bounces@lists.mailscanner.info <br>&nbsp;&gt; [mailto:mailscanner-bounces@lists.mailscanner.info] On <br>&nbsp;&gt; Behalf Of Rick Cooper<br>&nbsp;&gt; Sent: Thursday, July 19, 2007 8:51 AM<br>&nbsp;&gt; To: 'MailScanner discussion'<br>&nbsp;&gt; Subject: RE: UNKNOWN CLAMD RETURN<br>&nbsp;&gt; <br>&nbsp;&gt; &nbsp;<br>&nbsp;&gt; <br>&nbsp;&gt; &nbsp;&gt; -----Original Message-----<br>&nbsp;&gt; &nbsp;&gt; From: mailscanner-bounces@lists.mailscanner.info <br>&nbsp;&gt; &nbsp;&gt; [mailto:mailscanner-bounces@lists.mailscanner.info] On <br>&nbsp;&gt; &nbsp;&gt; Behalf Of UxBoD<br>&nbsp;&gt; &nbsp;&gt; Sent: Thursday, July 19, 2007 8:33 AM<br>&nbsp;&gt; &nbsp;&gt; To: MailScanner discussion<br>&nbsp;&gt; &nbsp;&gt; Subject: Re: UNKNOWN CLAMD RETURN<br>&nbsp;&gt; &nbsp;&gt; <br>&nbsp;&gt; &nbsp;&gt; Rick,<br>&nbsp;&gt; &nbsp;&gt; <br>&nbsp;&gt; &nbsp;&gt; That is the problem as it does not get flagged by MailWatch <br>&nbsp;&gt; &nbsp;&gt; as a Virus, which I believe just grabs the whole line from <br>&nbsp;&gt; &nbsp;&gt; MailScanner.<br>&nbsp;&gt; &nbsp;&gt; <br>&nbsp;&gt; [...]<br>&nbsp;&gt; <br>&nbsp;&gt; I really wish I had that message |-&gt;(<br>&nbsp;&gt; <br>&nbsp;&gt; Try this:<br>&nbsp;&gt; <br>&nbsp;&gt; &nbsp; &nbsp; &nbsp; if ($filename =~ /.+?\sFOUND$/ &amp;&amp; $childname =~ <br>&nbsp;&gt; /^.+\.header$) {<br>&nbsp;&gt; &nbsp; &nbsp; &nbsp; &nbsp; $rest = $filename;<br>&nbsp;&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$filename = $childname;<br>&nbsp;&gt; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$childname =~ s/(.+)\.header$/$1/;<br>&nbsp;&gt; &nbsp; &nbsp; &nbsp; }<br>&nbsp;&gt; <br><br>[...]<br><br>Doh! Of course the first line should be:<br><br>if ($filename =~ /.+?\sFOUND$/ &amp;&amp; $childname =~ &nbsp;/^.+\.header$/) {<br><br>Forgot the last '/' in "$childname =~ &nbsp;/^.+\.header$/" sorry<br><br>Rick<br><br><br>--<br>This message has been scanned for viruses and<br>dangerous content by MailScanner, and is<br>believed to be clean.<br><br><br>-- <br>MailScanner mailing list<br>mailscanner@lists.mailscanner.info<br>http://lists.mailscanner.info/mailman/listinfo/mailscanner<br><br>Before posting, read http://wiki.mailscanner.info/posting<br><br>Support MailScanner development - buy the book off the website! <br><br>-- <br>This message has been scanned for viruses and<br>dangerous content by MailScanner, and is<br>believed to be clean.<br><br></body><br />-- 
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br />believed to be clean.
</html>