----- Original Message -----
From: "Dave M" <[EMAIL PROTECTED]>
To: "ClamAV users ML" <clamav-users@lists.clamav.net>
Sent: Saturday, September 06, 2008 2:54 AM
Subject: Re: [Clamav-users] clamstats.pl
> On Fri, Sep 5, 2008 at 7:34 PM, Chris <[EMAIL PROTECTED]> wrote:
>> On Friday 05 September 2008 6:14 pm, Dave M wrote:
>>> > } elsif (($virus) = ($log =~ /^stream(?: \d+)?: (.+) FOUND/ )) {
>>> >
>>> > I 'think' the issue is that the ip and port have been added to the
>>> > log:
>>> >
>>> > Fri Sep 5 03:31:14 2008 -> stream([EMAIL PROTECTED]):
>>> > Email.Scam4.Gen668.Sanesecurity.07050106.UNOFFICIAL FOUND
>>> >
>>> > I 'assume' that is the port number after the @? Anyway what change
>>> > would
>>> > need to be made to the line above to have it show the found virus?
>>>
>>> Just a stab in the dark here, but try this:
>>>
>>> } elsif (($virus) = ($string =~ /^stream[^:]+: (.+) FOUND/ )) {
>>>
>>> It doesn't appear you're trying to match anything between stream and
>>> the virus, so just ignore it with the "[^:]". It works for me with a
>>> sample script, but your mileage may vary.
>>>
>>> Dave M
>>
>> Thanks Dave but that didn't seem to do the trick:
>>
> Sorry, I was copying and pasting from the test script. That should be:
>
> } elsif (($virus) = ($log =~ /^stream[^:]+: (.+) FOUND/ )) {
>
> Dave M
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
>
I have a question about clamstats and exim. Is it possible to see for which
email-address the virus was found? So that it is possible to make stats for
each email-address of domain?
Maarten
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
