> } elsif (($virus) = ($log =~ /^stream(?: \d+)?: (.+) FOUND/ )) {
>
> I 'think' the issue is that the ip and port have been added to the log:
>
> Fri Sep 5 03:31:14 2008 -> stream([EMAIL PROTECTED]):
> Email.Scam4.Gen668.Sanesecurity.07050106.UNOFFICIAL FOUND
>
> I 'assume' that is the port number after the @? Anyway what change would need
> to be made to the line above to have it show the found virus?
>
Just a stab in the dark here, but try this:
} elsif (($virus) = ($string =~ /^stream[^:]+: (.+) FOUND/ )) {
It doesn't appear you're trying to match anything between stream and
the virus, so just ignore it with the "[^:]". It works for me with a
sample script, but your mileage may vary.
Dave M
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
