Bill, > Here are two samples at log level 5:
> 220 Welcome to avast! Virus scanning daemon 2.0.0 (VPS 0607-0 13.02.2006) > 200 OK > /var/amavis/tmp/.../parts/p005 [+] > /var/amavis/tmp/.../parts/p004 [L] Win32:Beagle-HZ [Wrm] > /var/amavis/tmp/.../parts/p001 [+] > > 221 Service closing transmission channel > PS, here is what I found to be most optimal settings for the Avast command > line (avastcmd) scanner entry for amavisd.conf: ... > Here is a sample of what an avastcmd scan reports using the above scan > options: Thanks, useful. > > Here is my blind guess at improvement: > > qr/\t\[.\]/, qr/\t\[L\]\t/, qr/\t\[L\]\t([^[\015\012]+)/ ], > The output looks great. Let me know if you want to revise the parse string > and would like me to do any further testing for you. Ok, a little refinement to not include a space after a virus name, and to match a '+' literally. Here are the latest avast entries: ### http://www.avast.com/ ['avast! Antivirus daemon', \&ask_daemon, # greets with 220, terminate with QUIT ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'], qr/\t\[\+\]/, qr/\t\[L\]\t/, qr/\t\[L\]\t([^[ \t\015\012]+)/ ], ### http://www.avast.com/ ['avast! Antivirus - Client/Server Version', 'avastlite', '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1], qr/\t\[L\]\t([^[ \t\015\012]+)/ ], ### http://www.avast.com/ ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'], '-a -i -n -t=A {}', [0], [1], qr/\[infected by: ([^ \t\n\[\]]+)/ ], Mark ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
