Andreas, > It contains a paypal phishingmail Avira assigned an unsual log name to. > Savapi-Mode handles it correct. But I have some older systems using the > avscan interface. There the virusname is empty which breaks my backend > scripting: > I assum a virusname is at least one charakter an contains no spaces > > I dont see, why "ALERT: ([^;.]+) ;/m" should not match "ALERT: > PayPal_Limited_Form.html <<< PHISH/Paypal.27959 ; phishing : foobar" but > maybe it's related to an older amavisd-new version.
Because the regular expression requires there is no dot in the string spanning to the final semicolon - but in your case there is a dot in .html as well as in .27959. Try: qr/ALERT: ([^;]+) ;/m or maybe even: qr/ALERT: ([^;<]+) [;<]/m Mark ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
