From: Dallman Ross
Sent: Thursday, February 12, 2004 6:26 AM
On Wed, Feb 11, 2004 at 08:16:55PM -0800, Gary Funck wrote:
* VIRUS ?? ^.*: \/.* FOUND
Above, is there a procmail idiom for finding the part of MATCH that
doesn't include " FOUND"? In other words, the equivalent of:
MATCH=`echo $MATCH | sed -e 's/ FOUND$//'`
There is, but (given the case where (.*) might include
whitespace) it's ugly. And there are some cases where it
won't work, but the example given isn't one of them.
(It won't work if what you want to cut off has a repeating
char right there.) Also, I don't see the point of your
left anchor only to follow it by ".*" for any number of
chars. Get rid of the anchor and that and start with the
colon.
[...]
* VIRUS ?? : \/.* FOUND\>
* MATCH ?? ^^\/.*F
* MATCH ?? ^^\/.*[^ ]
{ VIRUS = $MATCH }
Got it.
(I added the "\>" at the end to forestall problems if the
virus name itself is, e.g., "Circular Foundling".) :-)
Good point. As you point out in the following example, a check
of the status code is more reliable.
BTW, I think you would prefer the -i flag to the clamscan test.
If there is no virus, you're not using the result, which without
that flag is "OK".
I use the following, btw:
:0
* B ?? ! ? clamscan -i --disable-summary -
{
MYEXIT = $?
:0: # positive exit codes other than 1 are problems
* -1^0
* $ $MYEXIT^0
PROBLEM
:0:
MYVIRUS
}
I like this approach, but we are missing the X-Virus-Status: header
that says what kind of virus was found, that was present in the
original example.
Basically, I see no reason to include the header only to then
add the --mbox option to the clamscan command in order to
strip it off again. And I don't redirect the result from
stderr to stdout, because by keeping it stderr, it shows up
in my log.
Not sure what you mean here. Here's the original example:
:0 wic
VIRUS=|/usr/bin/clamscan --mbox --disable-summary --stdout -
:0 hfw
* VIRUS ?? ^.*: \/.* FOUND
| formail -A "X-Virus-Status: yes, $MATCH"
:0 E hfw
| formail -A "X-Virus-Status: no"
I guess you're saying that by default clamscan will add a header,
unless the --mbox switch is present? (Found a manpage here,
http://www.go.dlr.de/cgi-bin/man?clamdscan
but it didn't say anything about headers.)
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail