[Mimedefang] Virus messages changed in new version of Vexira and Antivir
Nels Lindquist
nlindq at maei.ca
Wed Feb 11 12:49:22 EST 2004
I noticed this morning that my graphdefang summary showed a sudden
influx of unknown-Vexira-viruses, and MyDoom dropped to zero. Sure
enough, the H+BEDV engine appears to have been updated today, and the
output message has been slightly altered.
It appears that a distinction is now made between "virus" and "worm"
as far as the software is concerned, but the regexp in
interpret_hbedv_code and interpret_vexira_code doesn't pick up the
virus name if it's a worm.
Example new-style alert:
ALERT: [Worm/Sobig.B worm]
The relevant regexp is as follows:
$CurrentVirusScannerMessage =~ m/ALERT: \[(\S+) virus\]/
I haven't had time to fix it yet, but I assume something like:
$CurrentVirusScannerMessage =~ m/ALERT: \[(\S+) virus|worm\]/
would work?
----
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.
More information about the MIMEDefang
mailing list