[Mimedefang] Graphdefang 0.9 fails to report certain viruses
Bill Maidment
bill.maidment at elgas.com.au
Sun Nov 23 17:06:06 EST 2003
Thanks for that Mark.
I should have looked a bit deeper into the code. The clamav people are
going to change their new virus names to not have spaces, so that should
solve it anyway.
Cheers
Bill
Mark wrote:
>
>Not to be too nit-picky, but graphdefang itself does not report, conversely,
>does not fail to report, anything. Graphdefang allows you to define events,
>in which you can look for a pattern of your choice.
>
>I suppose, though, you are referring to the "general" event?
>
>if ($text =~ m/^MDLOG,\S+?,(\S+?),(\S*?),(\S*?),(.*?),(.*?),(.*)$/ ) {
>
>Indeed, that will not match. Perhaps you can just rewrite the lot as
>follows,
>
>if ($FoundNewRow = ($text =~ m/^MDLOG,\S+?,(.+)$/)) {
> ($event,$value1,$value2,$sender,$recipient,$subject) = split (/,/, $1);
>}
>
>(assuming MimeDefang always logs enough commas). Otherwise, you could simply
>replace the \S*? sequences for .*? as well, or [^,]*? even.
>
>- Mark
>
More information about the MIMEDefang
mailing list