On 2013-10-13 15:11 , Jeremy Harris wrote: > On 12/10/13 21:21, Ralf G. R. Bergs wrote: >> On 2013-10-12 22:03 , Ralf G. R. Bergs wrote: >>> I'm now at a point where it triggers, but the malware name is still >>> wrong. I'm confident that I will fix this soon. >> This is what I had, and I cannot make this extract the malware name: >>> warn message = This message contains malware >>> ($malware_name) >>> set acl_m0 = cmdline:\ >>> /usr/lib/AntiVir/guard/avscan -s --batch >>> --scan-mode=all %s;\ >>> /bin/echo -e \N"\navira_retval $?"\N:\ >>> \N^avira_retval 1$\N:\ >>> \N^.*ALERT: ([^;]*) ;.*$\N >>> malware = * > [...] >> Any idea why my original expression doesn't extract the name properly? >> I'm sure the characters after "ALERT:" and before the ";" are spaces, >> since I redirected the output into a file and looked at it with a >> hexdump. >> >> I somehow have the suspicion that the ":" (colon) character is confusing >> ExiScan/Exim (even though the whole thing is included in between >> \N...\N)?! > > The av_scanner string is parsed by Exim's list-handling code, splitting > on (by default) the colon character. To get a colon into the > name-expression for the cmdline processor you need to double it, Yes!!! That did it, it's working now completely as I wanted it to be.
Thanks for refreshing my mind, as I said it's a long time since I knew the Exim manual by heart... ;-) > I'll see about adding a warning to the documentation on this point. That would certainly be helpful, thank you. KR, Ralf -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
