I am trying to create a message record and action for eTrust Antivirus messages that contain "File Status: Cure failed, file restored." Here's an example of a message from the Console Log:
[time 12/17/2004 1:58:02 AM: ID 14: machine hostname.domain.com: response 12/17/2004 2:03:30 AM] The HTML.Phishbank.BD was detected in Volume:\Folder1\Folder2\Folder3\File.AVB. Machine: hostname, User: administrator. File Status: Cure failed, file restored.
The problem I'm running into is that the "File Status: Cure failed, file restored." part of the message is not always in the same position (as in &(24:29)). Is there a way to search for this string in the message record, or filter for it somehow in the message action using TEST, regardless of the position of the string?
Thanks.
[time 12/17/2004 1:58:02 AM: ID 14: machine hostname.domain.com: response 12/17/2004 2:03:30 AM] The HTML.Phishbank.BD was detected in Volume:\Folder1\Folder2\Folder3\File.AVB. Machine: hostname, User: administrator. File Status: Cure failed, file restored.
The problem I'm running into is that the "File Status: Cure failed, file restored." part of the message is not always in the same position (as in &(24:29)). Is there a way to search for this string in the message record, or filter for it somehow in the message action using TEST, regardless of the position of the string?
Thanks.