On Wed, Feb 11, 2004 at 08:16:55PM -0800, Gary Funck wrote:
* VIRUS ?? ^.*: \/.* FOUND
Above, is there a procmail idiom for finding the part of MATCH that
doesn't include " FOUND"? In other words, the equivalent of:
MATCH=`echo $MATCH | sed -e 's/ FOUND$//'`
There is, but (given the case where (.*) might include
whitespace) it's ugly. And there are some cases where it
won't work, but the example given isn't one of them.
(It won't work if what you want to cut off has a repeating
char right there.) Also, I don't see the point of your
left anchor only to follow it by ".*" for any number of
chars. Get rid of the anchor and that and start with the
colon.
* VIRUS ?? : \/[^ ]+
Is all you need if the name of the virus is ever only one
syntactic word. Assuming it might have whitespace in it,
though,
* VIRUS ?? : \/.* FOUND\>
* MATCH ?? ^^\/.*F
* MATCH ?? ^^\/.*[^ ]
{ VIRUS = $MATCH }
(I added the "\>" at the end to forestall problems if the
virus name itself is, e.g., "Circular Foundling".) :-)
BTW, I think you would prefer the -i flag to the clamscan test.
If there is no virus, you're not using the result, which without
that flag is "OK".
I use the following, btw:
:0
* B ?? ! ? clamscan -i --disable-summary -
{
MYEXIT = $?
:0: # positive exit codes other than 1 are problems
* -1^0
* $ $MYEXIT^0
PROBLEM
:0:
MYVIRUS
}
Basically, I see no reason to include the header only to then
add the --mbox option to the clamscan command in order to
strip it off again. And I don't redirect the result from
stderr to stdout, because by keeping it stderr, it shows up
in my log.
--
dman
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail