Re: [AMaViS-user] Amavis conf typo/bug?

Sean,

> Hi All,
>
> is it me or is there a fault in the default conf file for amavisd-new 2.2.1?
> I first noticed this in 2.2.0, the here's a section from the conf file:
>
> @viruses_that_fake_sender_maps = (new_RE(
> qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizz er|palyh|peido|holar'i,
> qr'tanatos|lentin|bridex|mimail|trojan\.dropper|du maru|parite|spaces'i,
> qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|s ober|rox|val(hal)?la'i,
>
> qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg |netsky|somefool|moodown'i
> ,
> qr'badtrans|magistr|bagle'i,
> qr'mthredir|sdboot.gen|funlove|yaha|zafi|gibe|lovg ate|nyxem|mabutu'i
> qr'plexus'q,
> qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan
> qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc
> [qr'^(EICAR|Joke\.|Junk\.)'i => 0],
> [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
> [qr/.*/ => 1], # true by default (remove or comment-out if undesired)
> ));
>
> but I found I had to change it like this:
>
> @viruses_that_fake_sender_maps = (new_RE(
> qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizz er|palyh|peido|holar'i,
> qr'tanatos|lentin|bridex|mimail|trojan\.dropper|du maru|parite|spaces'i,
> qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|s ober|rox|val(hal)?la'i,
>
> qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg |netsky|somefool|moodown'i
> ,
> qr'badtrans|magistr|bagle'i,
> qr'mthredir|sdboot.gen|funlove|yaha|zafi|gibe|lovg ate|nyxem|mabutu'i,
> qr'plexus'i,
> qr'@mm|@MM'i, # mass mailing viruses as labeled by f-prot and uvscan
> qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc
> [qr'^(EICAR|Joke\.|Junk\.)'i => 0],
> [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
> [qr/.*/ => 1], # true by default (remove or comment-out if undesired)
> ));
>
>
> (change starts just before the line qr'plexus'q,)
>
> Is there a typo or do I have a problem with my system? (and have I changed
> it correctly?)

first: I don't see many differences...

In the first paragraph you use "qr'plexus'q," which is not an correct
perl regex. You should use "qr'plexus'i," which means that this is a
case-insensitive pattern matching. "Q" is also known by perl but as
"quote (disable) pattern metacharacter".

The second I see is "qr'@mm|@MM'," and "qr'@mm|@MM'i,". I mean that it
is enough to set only "qr'@mm|@MM'," (without "i") because the anti
virus programs uses only @mm or @MM in their reports. If not sure You
can also set "qr'@mm',i". Then it doesn't matter if it's case
sensitive. In the default conf file the entry looks like
"qr'@mm|@MM',".


--
Best Regards
Daniel Luttermann




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/