On Fri, Sep 5, 2008 at 7:34 PM, Chris <[EMAIL PROTECTED]> wrote:
> On Friday 05 September 2008 6:14 pm, Dave M wrote:
>> > } elsif (($virus) = ($log =~ /^stream(?: \d+)?: (.+) FOUND/ )) {
>> >
>> > I 'think' the issue is that the ip and port have been added to the log:
>> >
>> > Fri Sep 5 03:31:14 2008 -> stream([EMAIL PROTECTED]):
>> > Email.Scam4.Gen668.Sanesecurity.07050106.UNOFFICIAL FOUND
>> >
>> > I 'assume' that is the port number after the @? Anyway what change would
>> > need to be made to the line above to have it show the found virus?
>>
>> Just a stab in the dark here, but try this:
>>
>> } elsif (($virus) = ($string =~ /^stream[^:]+: (.+) FOUND/ )) {
>>
>> It doesn't appear you're trying to match anything between stream and
>> the virus, so just ignore it with the "[^:]". It works for me with a
>> sample script, but your mileage may vary.
>>
>> Dave M
>
> Thanks Dave but that didn't seem to do the trick:
>
Sorry, I was copying and pasting from the test script. That should be:
} elsif (($virus) = ($log =~ /^stream[^:]+: (.+) FOUND/ )) {
Dave M
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
