Malware: make "sock" cmdline default usable. Bug 2111

author: Jeremy Harris <jgh146exb@wizmail.org> 2017-05-29 17:23:12 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2017-05-30 20:05:40 +0100
commit: ac4d558b5e07523392bab2b4468b4c9f73745af9 (patch)
tree: 264e10752b7ce64045d192c5a37333544b229e8b /doc/doc-docbook/spec.xfpt
parent: ff7b612a42f909d457870feef575ae4bb8a2be8d (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 6fb150428..b891679a0 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -31702,13 +31702,17 @@ an address (which may be an IP address and port, or the path of a Unix socket),
 a commandline to send (may include a single %s which will be replaced with
 the path to the mail file to be scanned),
 an RE to trigger on from the returned data,
-an RE to extract malware_name from the returned data.
+and an RE to extract malware_name from the returned data.
 For example:
 .code
-av_scanner = sock:127.0.0.1 6001:%s:(SPAM|VIRUS):(.*)\$
+av_scanner = sock:127.0.0.1 6001:%s:(SPAM|VIRUS):(.*)$
 .endd
+.new
+Note that surrounding whitespace is stripped from each option, meaning
+there is no way to specify a trailing newline.
+.wen
 Default for the socket specifier is &_/tmp/malware.sock_&.
-Default for the commandline is &_%s\n_&.
+Default for the commandline is &_%s\n_& (note this does have a trailing newline).
 Both regular-expressions are required.
 
 .vitem &%sophie%&
author	Jeremy Harris <jgh146exb@wizmail.org>	2017-05-29 17:23:12 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2017-05-30 20:05:40 +0100
commit	ac4d558b5e07523392bab2b4468b4c9f73745af9 (patch)
tree	264e10752b7ce64045d192c5a37333544b229e8b /doc/doc-docbook/spec.xfpt
parent	ff7b612a42f909d457870feef575ae4bb8a2be8d (diff)