[Mimedefang] Graphdefang 0.9 fails to report certain viruses
Mark
admin at asarian-host.net
Thu Nov 20 18:18:16 EST 2003
----- Original Message -----
From: "Bill Maidment" <bill.maidment at elgas.com.au>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Thursday, November 20, 2003 11:03 PM
Subject: [Mimedefang] Graphdefang 0.9 fails to report certain viruses
> Hi all
>
> I've noticed that graphdefang 0.9 ignores this type of virus MDLOG
> message.
>
> Nov 18 09:34:39 b090_lx0 mimedefang.pl[6263]:
> MDLOG,hAHMYafK007795,virus,Oversized
> Zip,1.90.1.121,<bill.maidment at elgas.com.au>,
> <data at xxx.com.au>,Subject stuff
>
> Is it because the virus name has a space in it between "Oversized"
> and "Zip"? This potential virus was detected by clamav-0.65.
Not to be too nit-picky, but graphdefang itself does not report, conversely,
does not fail to report, anything. Graphdefang allows you to define events,
in which you can look for a pattern of your choice.
I suppose, though, you are referring to the "general" event?
if ($text =~ m/^MDLOG,\S+?,(\S+?),(\S*?),(\S*?),(.*?),(.*?),(.*)$/ ) {
Indeed, that will not match. Perhaps you can just rewrite the lot as
follows,
if ($FoundNewRow = ($text =~ m/^MDLOG,\S+?,(.+)$/)) {
($event,$value1,$value2,$sender,$recipient,$subject) = split (/,/, $1);
}
(assuming MimeDefang always logs enough commas). Otherwise, you could simply
replace the \S*? sequences for .*? as well, or [^,]*? even.
- Mark
More information about the MIMEDefang
mailing list