Hi,
thank you very much for your help. But it looks like I need to escape the [].
Without it did not work. With
ALERT:: : \[(.*)\]
it worked like I need. (I'm quite sure I reloaded exim before testing without
escaping [].)
Tommi
Am Montag, 24. Mai 2004 12:38 schrieb Anand Buddhdev:
> On Mon, May 24, 2004 at 12:19:22PM +0200, Tommi Maekitalo wrote:
> > Hi,
> >
> > I try to set up a commandline scanner with exiscan. My setup detects
> > viruses, but don't identify them. I think, there is something wrong with
> > my regex. Here is my setup:
> >
> > av_scanner = cmdline:\
> > /usr/bin/antivir --allfiles -noboot -nombr -rs -s -z %s : \
> > ALERT:: : \[.*\]
>
> The third option is missing one pair of braces, as required by
> exiscan. Refer to the documentation. Your regex needs to look like
> this:
>
> ALERT:: [(.*)]
>
> The stuff captured by the () will be used as the name of the malware.
> Note that there's no need to escape the [].
>
> > The output of the scanner is here:
> >
> > AntiVir / Linux Version 2.1.0-26
> > Copyright (c) 1994-2004 by H+BEDV Datentechnik GmbH.
> > All rights reserved.
> >
> > Loading /usr/lib/AntiVir/antivir.vdf ...
> >
> > VDF version: 6.25.0.73 created 19 May 2004
> >
> > AntiVir license: xxxxxxxx
> >
> > checking drive/path (list): .
> > ALERT: [Worm/Sober.G worm] ./stuff_1412.zip <<< Contains signature of the
> > worm Worm/Sober.G
> >
> >
> > ----- scan results -----
> > directories: 1
> > files: 1
> > alerts: 1
> > suspicious: 0
> > repaired: 0
> > deleted: 0
> > renamed: 0
> > scan time: 00:00:01
> > ------------------------
> > Thank you for using AntiVir.
> >
> > #>
> >
> >
> > It looks like the text "ALERT:" is found, but not this [.*]-stuff.
> >
> > Tommi
> >
> > --
> >
> > ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> > details at http://www.exim.org/ ##
>
> --
> Anand Buddhdev
> Celtel International
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##
