[Clamav-devel] Writing a logcheck rule, need some info about clamav log syntax

Joel Esler (jesler) jesler at cisco.com
Mon Apr 18 10:06:13 EDT 2016


I think [a-z]+ should get it.  I don’t know if we have anyone with numbers in their names..


--
Joel Esler
Manager, Talos Group




On Apr 16, 2016, at 6:08 AM, Steffen Langenbach <steffen.l at gmx.org<mailto:steffen.l at gmx.org>> wrote:

Hello list,

I'm currently writing a logcheck rule for clamav on debian jessie
systems that I would like to add to the public logcheck repo.
Because the rule is heavily depended on regex I need to know which
characters the name of a builder of the bydecode.cvd/cld can contain.

For example:
Apr 16 10:29:27 server1 freshclam[276]: bytecode.cld is up to date
(version: 277, sigs: 47, f-level: 63, builder: neo)

The builders name in this example (neo) contains just lowercase latin
letters, so if this would be the general case I could use a regex like
"[a-z]+".
So I need to know if there is any policy that describes what characters
the name of a builder can contain (Can it contain only lowercase, or
lower- and upercase letters, or also numbers, dots, dashes and so far)

Thanks in advance for your help!

Kind regards
Steffen

_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml



More information about the clamav-devel mailing list