tons of infected files getting though??? and clamscan logging

Chris Yuzik chris at FRACTALWEB.COM
Wed Jan 28 00:04:55 GMT 2004


Chris Yuzik wrote:

> Ok, then how do we go about figuring out if ClamAV is even scanning the
> message? I don't see much in the maillog that indicates whether it was
> or wasn't scanned by Clam and what the result was.
>
> Is there a way of turning on a supplemental log for ClamAV? Adjusting
> the wrapper, perhaps?

Nothing like responding to your own emails. :-)

I've modified the clamav-wrapper file by changing the ScanOptions= line
to the following:
ScanOptions="$ScanOptions --unzip -l /tmp/clamscanlog --log-verbose"

I now have a log entry in /tmp/clamscanlog each time a message gets
logged. Unfortunately the log tells me almost nothing. A typical entry
looks like this:
--------------------------------------
Scan started: Tue Jan 27 14:32:06 2004

And an entry where it finds an infected file looks like this:
--------------------------------------
Scan started: Tue Jan 27 14:33:21 2004

/var/spool/MailScanner/incoming/26770/./i0RMXBV26943/file.pif:
Worm.SCO.A FOUND

Even with "--log-verbose" enabled, I'm not getting the kind of
information in the log file that I get if I run clamscan by hand with
the same options. Not sure why.

I'm not any closer (yet) to figuring out why some infected files walk
right by the virus scanner.

If I find a file that was originally marked as spam--but not
infected--how do I resubmit the file back to sendmail so it gets
processed by MailScanner again? For example, I've got a file called
i0RNAtV30557 that certainly looks suspicious, but when it went through
MailScanner it only got marked as Spam.

Any further thoughts out there?

Cheers,
Chris



More information about the MailScanner mailing list