/usr/sbin/amavisd-new - why is pcmd/regex not working for this command in csf.pignore?

For some reason I cannot get CSF's LFD (/etc/csf/csf.pignore) to ignore amavisd-new running via perl. The daemon runs via /usr/bin/perl /usr/sbin/amavisd-new (some mode) however it seems that when I use regex based pcmd:, LFD won't ignore it. Is there something up with LFD and/or the regex used with pcmd: that I am not understanding? The other stuff I have used with pcmd: has worked fine. I do not want to ignore the amavis user, nor ignore perl. I am reloading changes with csf -ra.

Various ways I have tried:

pcmd:/usr/bin/perl\s/usr/sbin/amavisd-new.*
pcmd:.*/usr/bin/perl\s/usr/sbin/amavisd-new.*
pcmd:/usr/bin/perl.*/usr/sbin/amavisd-new.*
pcmd:.*/usr/bin/perl.*/usr/sbin/amavisd-new.*
pcmd:.*\s/usr/sbin/amavisd-new\s.*
pcmd:.*/usr/sbin/amavisd-new.*
pcmd:.*/usr/sbin/amavis.*

CSF: v9.24 (generic) on Ubuntu 16.04.1 - x86_64

Executable: /usr/bin/perl
Command Line (often faked in exploits): /usr/sbin/amavisd-new (master)
Command Line (often faked in exploits): /usr/sbin/amavisd-new (virgin child)
Command Line (often faked in exploits): /usr/sbin/amavisd-new (ch3-avail)
Command Line (often faked in exploits): /usr/sbin/amavisd-new (ch4-avail)

Solution 1:

Try not to use regexp. Just do

exe:/usr/sbin/amavisd-new

in csf.pignore and see what happens. According to their forums this is the way to go for perl daemons. They're admitting it's unclear, since their lfd alarm speaks of a different executable (i.e. perl).