F-secure logging

Julian Field mailscanner at ecs.soton.ac.uk
Tue Nov 5 09:07:36 GMT 2002


At 09:01 05/11/2002, you wrote:
>Im trying really hard to make my F-secure log to the maillog as other
>scanners do, like:
>
>Nov  4 17:15:31 host-2 MailScanner[1163]: >>> Virus 'W32/Klez-H' found in
>file ./gA4HFT803745/coords.scr
>
>(this is a Sophos log entry)
>
>Has anyone any knowledge about how this could be done?
>I know it logs the virus type to std out when I run it manually on a virus
>infected file;
>.....
>[root at pop 20021104]# /usr/lib/MailScanner/f-secure-wrapper *
>F-Secure Anti-Virus for i386-linux Release 4.15 build 4370
>Frisk Software International F-PROT engine version 3.11 build 802
>sign.def version 2002-11-04
>fssign2.def version 2002-11-04
>fsmacro.def version 2002-11-04
>
>gA48ARS02843/.scr       infection: W32/Klez.H at mm
>gA4BbfS11505/love.scr   infection: W32/Lentin.F at mm
>gA4K6kS27585/friends.scr        infection: W32/Lentin.F at mm
>
>        3 files scanned
>        3 infections found
>.....
>
>So why doesnt it do the same in MS?
>Any ideas?

Are you saying you would like a log entry for F-Secure that included the
name of the virus found?
The latest code already logs the whole of the line that includes the name
of the virus (the latest version does, anyway), so you should get a log
entry that says things like
gA4K6kS27585/friends.scr        infection: W32/Lentin.F at mm
--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ



More information about the MailScanner mailing list