cheers folks, I just started using ClamAV and it is performing great so far. :)
As I prefer to call ClamAV from procmail (actually, I used YAVR before, a procmail only based virus signature scanner) my current setup is procmail / clamassassin / clamdscan. Rather than dumping all Virii to a single location, I want to collect them in different mailboxes based on the virus family not counting the incarnation. For example all Worm.Sober.XYZ virii should be dropped to a Worm.Sober named mailbox. (clamassassin adds X-Virus-Report headers, reporting the exact virus name) I know how to do this sorting and evaluation of the ClamAV reported virus name with procmail -- however, I'm having a hard time understanding the naming conventions correctly and thus figuring out the procmail RE magic... Let's take Sober as an example again: There is the original version 'Worm.Sober' as well as later incarnations like 'Worm.Sober.B'. But then there is 'Worm.Sober.mime.2' too, which adds another dot... Are there any docs describing the naming conventions? Maybe someone else did before what I'm trying to achieve? Any pointers or hints? (Sure, I read a lot of docs and searched for this, but I don't seem to be able to find anything.) On a related note: I am using clamassassin [1], but shortly after I installed it the website and mailing list seems to be down. Does anyone know anything about it? As I'm a new ClamAV user, I do appreciate any additional hints and comments regarding my current setup. Thanks for listening and TIA... :-) ...guenther [1] http://drivel.com/clamassassin/ - a wrapper to ClamAV, adding SpamAssassin like headers. -- char *t="[EMAIL PROTECTED]"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}} _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
