Don't look for keyword at start of line

glenpp / cacti-uloganalyser

Cacti Templates, data collection with Universal Loganalyser and plugins via SNMP

GNU General Public License v2.0

5 stars 4 forks source link

Don't look for keyword at start of line #5

Closed jangrewe closed 7 years ago

jangrewe commented 7 years ago

The log message

Feb  5 23:55:06 hades clamav-milter[1387]: Message 6B1792407C from <emailcheck-robot@ct.de> to <jan@faked.org> with subject 'c t-Emailcheck: Netsky.P (lbebasb)' message-id '<E1caVi6-0002rA-4R.octo04@web.heise.de>' date 'Sun, 05 Feb 2017 23:55:06 +0100' infected by Html.Exploit.IFrame-17

was detected as "Other", even though it contained "Exploit". With this change it is detected correctly.

glenpp commented 7 years ago

Thank! I don't get a lot of malware to test this on so feedback is useful.