[Mimedefang] Virus messages changed in new version of Vexira and Antivir
Matthew.van.Eerde at hbinc.com
Matthew.van.Eerde at hbinc.com
Wed Feb 11 13:05:26 EST 2004
> From: Nels Lindquist [mailto:nlindq at maei.ca]
> ...
> Example new-style alert:
>
> ALERT: [Worm/Sobig.B worm]
>
> The relevant regexp is as follows:
>
> $CurrentVirusScannerMessage =~ m/ALERT: \[(\S+) virus\]/
>
> I haven't had time to fix it yet, but I assume something like:
>
> $CurrentVirusScannerMessage =~ m/ALERT: \[(\S+) virus|worm\]/
>
> would work?
I believe parentheses are necessary around the virus|worm construct,
otherwise it means
Something that has ALERT: [blahblah virus, or alternatively has worm]
$CurrentVirusScannerMessage =~ m/ALERT: \[(\S+) (virus|worm)\]/
More information about the MIMEDefang
mailing list