not logging ">>> Virus", only "Found 1 viruses"

Julian Field mailscanner at ecs.soton.ac.uk
Mon Aug 5 12:29:26 IST 2002 

At 14:38 31/07/2002, you wrote:
>Dear All,
>I am having the same problem, any ideas????

The McAfee parser doesn't log the report lines as they are broken into 2
and are therefore a real pain to log. The others log them at log level "info".


>regards
>
>Dan
>
>On Mon, 3 Jun 2002 16:48:37 -0500, Paul Rossman <pdr at EVANSTON.FLUENT.COM>
>wrote:
>
> >Hi everyone,
> >
> >I'm going crazy trying to figure out why I'm not getting log reports for
> >detected viruses.... To be more specific, I'm am getting these:
> >
> >Jun  3 16:38:18 glacier mailscanner[17266]: Found 1 viruses in messages
> >g53Lbt217631
> >
> >but not these types:
> >
> >May 28 21:42:53 quicksilver.ukc.ac.uk mailscanner[27921]: >>> Virus
> >'W32/Klez-H' found in file ./17Cnnb-0001PL-00/install.exe
> >
> >I've looked every where for the keywords "found in" and ">>>" but to no
> >relevant success. Looked at the src, in the howto/faq, in my mail archives
> >since Jan 2002, and in the online mailing list archives.
> >
> >I'm using Mcafee:
> >
> >Virus Scan for Linux v4.16.0
> >Copyright (c) 1992-2001 Networks Associates Technology Inc. All rights
>reserved.
> >(408) 988-3832  LICENSED COPY - Nov 13 2001
> >
> >Scan engine v4.1.60 for Linux.
> >Virus data file v4205 created May 29 2002
> >Scanning for 60684 viruses, trojans and variants.
> >
> >Is that type of specific virus report to syslog a result of the virus
>scanner
> >(some thing other than mcafee?).
> >
> >I've included my syslog info below just in case.
> >
> >Any help would be much appreciated.
> >
> >Thanks!
> >-paul
> >
> >-------
> >
> >syslog.conf file on mailserver contains:
> >
> >##
> >## Everything to loghost
> >##
> >*.* @loghost
> >
> >-------
> >
> >syslog.conf file on loghost server contains the following line for mail:
> >
> >mail.warning;mail.emerg;mail.alert;mail.crit;mail.info;mail.err;mail.notice
>;mail.debug;mail.*
> >                  /var/log/maillog
> >
> >-------

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list