On Sunday 18 February 2007 4:46 pm, Jan-Pieter Cornet wrote:
> On Sat, Feb 17, 2007 at 07:50:37PM -0600, Chris wrote:
> > Wed Feb 14 15:25:59 2007 -> stream: Html.Img.Gen013.Sanesecurity.06112900
> > FOUND Wed Feb 14 20:55:26 2007 -> stream 1907: HTML.Phishing.Azon-17
> > FOUND
> >
> > A numeric value is placed after the word "stream". I'm not good at
> > regex's, I suppose its a simple fix, would someone be kind enough to show
> > me how to make the change? I think this is the line that needs editing:
> >
> > } elsif (/(\w+)\s(\w+)\s{1,2}(\d{1,2})\s(\d+:\d+:\d+)\s(\d+).+stream:\s(.
> > +)\sFOUND/ ) {
>
> Quick fix: turn "stream:" into "stream[\s\d]*:"Thanks Jan-Pieter, that worked perfectly. Hopefully the log format won't change again soon. Appreciate the help Chris -- Chris KeyID 0xE372A7DA98E6705C
pgphxM5Ep7Je1.pgp
Description: PGP signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
