Hello,
Sorry for disturbing big guys, but I faced with the following: my
`cmdline' av_scanner gives different `trigger' strings when it catches
EICAR and real viruses, like this:
Found: EICAR test file NOT a virus.
Found the W32/Mydoom.o@MM!zip virus !!!
When I try to play with cluster-not-capture PCRE (?:<PATTERN>), it
probably conflicts with a semicolon string_nextinlist() separator. When
I try to use different separator with `<', option parser gets stuck with
an `unknown scanner: <; cmdline', obviously.
I'd like to have the following PCRE:
av_scanner = <; cmdline;\
/path/to/prog -arg %s;\
Found;\
Found:?(?: the)? (.+) (?:NOT a )?virus
Anyway, since malware name is captured, having a way to use cluster-only
PCRE parenthesis seems to be a good idea.
Did I miss something? Is it possible with current exiscan?
If not, could it be fixed in the near future?
Thanks.
