ClamAv Logging Virus Name
Antony Stone
Antony at SOFT-SOLUTIONS.CO.UK
Wed Aug 20 22:18:49 IST 2003
On Wednesday 20 August 2003 8:58 pm, Stephe Campbell wrote:
> I seem to recall something about inserting the name of the virus found into
> the maillog entry when a virus was found. I use ClamAV. I have looked in
> the archives and also keep all of the mail from the list, but can't seem to
> find the right search parameters. Can anyone help me here or tell me how I
> might track virus detection other than just the generic "virus found" stuff
My MailScanner / ClamAV installation syslogs the name of the virus detected
by ClamAV right after the line saying "Virus and Content Scanning: Starting",
with a line something like
"/var/spool/MailScanner/incoming/20692/./h7KLCYr23617/your_document.pif:
Worm.Sobig.F FOUND"
This is then followed by the line saying: "Virus Scanning: ClamAV found 1
infections"
I haven't turned on any extra debugging etc.
What do your syslogs show when a virus is found?
Antony.
--
Most people have more than the average number of legs.
More information about the MailScanner
mailing list