I noticed this morning that my graphdefang summary showed a sudden influx of unknown-Vexira-viruses, and MyDoom dropped to zero. Sure enough, the H+BEDV engine appears to have been updated today, and the output message has been slightly altered.
It appears that a distinction is now made between "virus" and "worm" as far as the software is concerned, but the regexp in interpret_hbedv_code and interpret_vexira_code doesn't pick up the virus name if it's a worm. Example new-style alert: ALERT: [Worm/Sobig.B worm] The relevant regexp is as follows: $CurrentVirusScannerMessage =~ m/ALERT: \[(\S+) virus\]/ I haven't had time to fix it yet, but I assume something like: $CurrentVirusScannerMessage =~ m/ALERT: \[(\S+) virus|worm\]/ would work? ---- Nels Lindquist <*> Information Systems Manager Morningstar Air Express Inc. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
