[Mimedefang] Virus messages changed in new version of Vexira and Antivir

Nels Lindquist nlindq at maei.ca
Wed Feb 11 12:49:22 EST 2004


I noticed this morning that my graphdefang summary showed a sudden 
influx of unknown-Vexira-viruses, and MyDoom dropped to zero.  Sure 
enough, the H+BEDV engine appears to have been updated today, and the 
output message has been slightly altered.

It appears that a distinction is now made between "virus" and "worm" 
as far as the software is concerned, but the regexp in 
interpret_hbedv_code and interpret_vexira_code doesn't pick up the 
virus name if it's a worm.

Example new-style alert:

ALERT: [Worm/Sobig.B worm]

The relevant regexp is as follows:

$CurrentVirusScannerMessage =~ m/ALERT: \[(\S+) virus\]/

I haven't had time to fix it yet, but I assume something like:

$CurrentVirusScannerMessage =~ m/ALERT: \[(\S+) virus|worm\]/ 

would work?

----
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.



More information about the MIMEDefang mailing list