[exim] exiscan and generic scanner: PCRE features

Top Pagina
Delete this message
Reply to this message
Auteur: Peter Savitch
Datum:  
Aan: Tom Kistner
CC: exim-users
Onderwerp: [exim] exiscan and generic scanner: PCRE features
Hello,

Sorry for disturbing big guys, but I faced with the following: my
`cmdline' av_scanner gives different `trigger' strings when it catches
EICAR and real viruses, like this:

Found: EICAR test file NOT a virus.
Found the W32/Mydoom.o@MM!zip virus !!!

When I try to play with cluster-not-capture PCRE (?:<PATTERN>), it
probably conflicts with a semicolon string_nextinlist() separator. When
I try to use different separator with `<', option parser gets stuck with
an `unknown scanner: <; cmdline', obviously.

I'd like to have the following PCRE:

av_scanner = <;    cmdline;\
            /path/to/prog -arg %s;\
            Found;\
            Found:?(?: the)? (.+) (?:NOT a )?virus


Anyway, since malware name is captured, having a way to use cluster-only
PCRE parenthesis seems to be a good idea.

Did I miss something? Is it possible with current exiscan?
If not, could it be fixed in the near future?

Thanks.