[Clamav-devel] Writing a logcheck rule, need some info about clamav log syntax

Steffen Langenbach steffen.l at gmx.org
Sat Apr 16 06:08:00 EDT 2016


Hello list,

I'm currently writing a logcheck rule for clamav on debian jessie
systems that I would like to add to the public logcheck repo.
Because the rule is heavily depended on regex I need to know which
characters the name of a builder of the bydecode.cvd/cld can contain.

For example:
Apr 16 10:29:27 server1 freshclam[276]: bytecode.cld is up to date
(version: 277, sigs: 47, f-level: 63, builder: neo)

The builders name in this example (neo) contains just lowercase latin
letters, so if this would be the general case I could use a regex like
"[a-z]+".
So I need to know if there is any policy that describes what characters
the name of a builder can contain (Can it contain only lowercase, or
lower- and upercase letters, or also numbers, dots, dashes and so far)

Thanks in advance for your help!

Kind regards
Steffen



More information about the clamav-devel mailing list