> I just started using ClamAV and it is performing great so far. :)
>
> As I prefer to call ClamAV from procmail (actually, I used YAVR before,
> a procmail only based virus signature scanner) my current setup is
> procmail / clamassassin / clamdscan.
>
>
> Rather than dumping all Virii to a single location, I want to collect
> them in different mailboxes based on the virus family not counting the
> incarnation. For example all Worm.Sober.XYZ virii should be dropped to a
> Worm.Sober named mailbox. (clamassassin adds X-Virus-Report headers,
> reporting the exact virus name)
>
> I know how to do this sorting and evaluation of the ClamAV reported
> virus name with procmail -- however, I'm having a hard time
> understanding the naming conventions correctly and thus figuring out the
> procmail RE magic...
>
> Let's take Sober as an example again: There is the original version
> 'Worm.Sober' as well as later incarnations like 'Worm.Sober.B'. But then
> there is 'Worm.Sober.mime.2' too, which adds another dot...
>
>
> Are there any docs describing the naming conventions? Maybe someone else
> did before what I'm trying to achieve? Any pointers or hints?
>
> (Sure, I read a lot of docs and searched for this, but I don't seem to
> be able to find anything.)
Anyone?
Does the absence of any replies mean, there is no real naming convention
and it is kind of random? ;-)
...guenther
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
