[Clamav-devel] Writing a logcheck rule, need some info about clamav log syntax
Joel Esler (jesler)
jesler at cisco.com
Mon Apr 18 10:06:13 EDT 2016
I think [a-z]+ should get it. I don’t know if we have anyone with numbers in their names..
Manager, Talos Group
On Apr 16, 2016, at 6:08 AM, Steffen Langenbach <steffen.l at gmx.org<mailto:steffen.l at gmx.org>> wrote:
I'm currently writing a logcheck rule for clamav on debian jessie
systems that I would like to add to the public logcheck repo.
Because the rule is heavily depended on regex I need to know which
characters the name of a builder of the bydecode.cvd/cld can contain.
Apr 16 10:29:27 server1 freshclam: bytecode.cld is up to date
(version: 277, sigs: 47, f-level: 63, builder: neo)
The builders name in this example (neo) contains just lowercase latin
letters, so if this would be the general case I could use a regex like
So I need to know if there is any policy that describes what characters
the name of a builder can contain (Can it contain only lowercase, or
lower- and upercase letters, or also numbers, dots, dashes and so far)
Thanks in advance for your help!
Please submit your patches to our Bugzilla: http://bugs.clamav.net
More information about the clamav-devel