F-secure logging
Julian Field
mailscanner at ecs.soton.ac.uk
Tue Nov 5 09:07:36 GMT 2002
At 09:01 05/11/2002, you wrote:
>Im trying really hard to make my F-secure log to the maillog as other
>scanners do, like:
>
>Nov 4 17:15:31 host-2 MailScanner[1163]: >>> Virus 'W32/Klez-H' found in
>file ./gA4HFT803745/coords.scr
>
>(this is a Sophos log entry)
>
>Has anyone any knowledge about how this could be done?
>I know it logs the virus type to std out when I run it manually on a virus
>infected file;
>.....
>[root at pop 20021104]# /usr/lib/MailScanner/f-secure-wrapper *
>F-Secure Anti-Virus for i386-linux Release 4.15 build 4370
>Frisk Software International F-PROT engine version 3.11 build 802
>sign.def version 2002-11-04
>fssign2.def version 2002-11-04
>fsmacro.def version 2002-11-04
>
>gA48ARS02843/.scr infection: W32/Klez.H at mm
>gA4BbfS11505/love.scr infection: W32/Lentin.F at mm
>gA4K6kS27585/friends.scr infection: W32/Lentin.F at mm
>
> 3 files scanned
> 3 infections found
>.....
>
>So why doesnt it do the same in MS?
>Any ideas?
Are you saying you would like a log entry for F-Secure that included the
name of the virus found?
The latest code already logs the whole of the line that includes the name
of the virus (the latest version does, anyway), so you should get a log
entry that says things like
gA4K6kS27585/friends.scr infection: W32/Lentin.F at mm
--
Julian Field Teaching Systems Manager
jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
Tel. 023 8059 2817 University of Southampton
Southampton SO17 1BJ
More information about the MailScanner
mailing list