[Mimedefang] graphdefang doesn't see virus events logged by mimedefang

Larry Starr larrys at fullcompass.com
Fri Jan 6 15:31:21 EST 2006 

I found my problem, and am providing my fix, for those who may be suffering 
from a similar problem.

The problem is due to the space " " that is logged at the front of the 
virusname.

        MDLOG,k06A1Q4u015665,virus, HTML/IFrame at expl,190.48.14.42,...

The pattern in event/mimedefang.pl/general:
        m/^MDLOG,\S+?,(\S+?),(\S*?),(\S*?),(.*?),(.*?),(.*)$/

does not catch this, I updated it to (large hammer approach):
        m/^MDLOG,\S+?,(\S+?),\s*(\S*?),(\S*?),(.*?),(.*?),(.*)$/

and it now works as desired.

Hope this helps someone.

On Friday 06 January 2006 12:29, Larry Starr wrote:
> Sorry if this is a little bit off topic for this list.
>
> I just started using graphdefang and like what I'm seeing except for one
> small problem.
>
> It does not report "virus" events, that are logged by mimedefang.
>
> Environment:
> 	debian sarge 3.1.
> 	mimedefang 2.51
> 	spamassassin 3.1.0
> 	f-prot            4.6.5
>
> Events are logged (sorry for the line wrapping):
> Jan  6 04:02:23 15 mimedefang.pl[15713]: MDLOG,k06A1Q4u015665,virus, HTML/
> 	IFrame at expl,190.48.14.42,<policia at ssdnet.com.ar>,<luis at fullcompass.com>,Ma
>il System (luis at fullcompass.com)
>
> similar to spam logging:
> Jan  6 06:24:45 15 mimedefang.pl[26429]:
> 	MDLOG,k06COVqF026896,spam,,,
> 	<nerstur at vanuatu.com.hk>,
> 	<billiehessaversion at fulldiscount.com>,Re: playactor Pharamaceutsical
>
> I have added spam events, that reflect disposition:
> 	spam:quarantine
> 	spam:discard
> and have defined these events in /etc/graphdefang/graphdefang-config.
>
> Everything appears to graph correctly except that 0 virus activity is
> reported.
>
> I have tried google, and the FAQ on the graphdefang site.
> 	http://www.bl.org/~jpk/graphdefang/
> and have found nothing useful.
>
> Have I missed something?
>
> Any help, pointers would be appreciated.
>
> Thank you,

-- 
Larry G. Starr - larrys at fullcompass.com or starrl at globaldialog.com
Software Engineer: Full Compass Systems LTD.
Phone: 608-831-7330 x 1347  FAX: 608-831-6330
===================================================================
There are only three sports: bullfighting, mountaineering and motor
racing, all the rest are merely games! - Ernest Hemmingway

More information about the MIMEDefang mailing list