ClamAv Logging Virus Name

Stephe Campbell campbell at CNPAPERS.COM
Thu Aug 21 13:48:52 IST 2003


Never mind - I guess I wasn't grepping for the right stuff. Your clue
pointed me to the right phrase. I had just updated to 4.22-5 and the
/var/spool/MailScanner/incoming directory is not used in the prior release I
used.  I see exactly what you see.

Thank you very much!

Steve Campbell
campbell at cnpapers.com
Charleston Newspapers
----- Original Message -----
From: "Antony Stone" <Antony at SOFT-SOLUTIONS.CO.UK>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Wednesday, August 20, 2003 5:18 PM
Subject: Re: ClamAv Logging Virus Name


> On Wednesday 20 August 2003 8:58 pm, Stephe Campbell wrote:
>
> > I seem to recall something about inserting the name of the virus found
into
> > the maillog entry when a virus was found. I use ClamAV. I have looked in
> > the archives and also keep all of the mail from the list, but can't seem
to
> > find the right search parameters. Can anyone help me here or tell me how
I
> > might track virus detection other than just the generic "virus found"
stuff
>
> My MailScanner / ClamAV installation syslogs the name of the virus
detected
> by ClamAV right after the line saying "Virus and Content Scanning:
Starting",
> with a line something like
> "/var/spool/MailScanner/incoming/20692/./h7KLCYr23617/your_document.pif:
> Worm.Sobig.F FOUND"
> This is then followed by the line saying: "Virus Scanning: ClamAV found 1
> infections"
>
> I haven't turned on any extra debugging etc.
>
> What do your syslogs show when a virus is found?
>
> Antony.
>
> --
>
> Most people have more than the average number of legs.



More information about the MailScanner mailing list