On Wed, May 24, 2006 at 07:15:03PM -0500, Chris said: (mail reformatted so I can see the regex next to the log line)
> I'm really not that familar with clamav log files, but the script is
> looking for patterns in the log that it is not finding. This regular
> expression test on line 96 is never true:
>
> if
> (/(\w+)\s(\w+)\s{1,2}(\d{1,2})\s(\d+:\d+:\d+)\s(\d+).+mdefang-(\w+)\/Work\/msg-\d+-\d+\.(\w+):\s+(.+)\sFOUND/)
> {
>
> Wed May 24 18:33:49 2006 -> stream:
> Html.Phishing.Bank.Gen503.Sanesecurity.06042004 FOUND
I have roughly lined up the regex with the pattern it matches - do you
see where it breaks down? It looks to me like this was written for a
mime defang log, not a clamav log.
I think
^\w{3}\s\w{3}\s{1,2}\d{1,2}\s(\d+:){2}\d{2}\s\d{4}\s->\sstream:\s(\w\.\d-)+\sFOUND$
or so is more what you want. You may need to poke it a bit to make it
work - this is just off the top of my head.
Hope that helps,
--
--------------------------------------------------------------------------
| Stephen Gran | A quarrel is quickly settled when |
| [EMAIL PROTECTED] | deserted by one party; there is no |
| http://www.lobefin.net/~steve | battle unless there be two. -- Seneca |
--------------------------------------------------------------------------
signature.asc
Description: Digital signature
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html
