ClamAV module logging changed in 4.62
Greg Matthews
gmatt at nerc.ac.uk
Tue Aug 7 10:14:17 IST 2007
Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Rick Cooper wrote:
>> Bear in mind that when clamd was added the name of the scanner is taked from
>> the structure and not hard coded so if he has the display of virus scanners
>> off there would be no name
ok. but I dont understand, what is "the structure" if you mean my
MailScanner.conf, then clamavmodule is explicitly specified. I'm not
sure what you mean by having "the display of virus scanners off" either.
My SophosSAVI still shows log lines like the following:
Aug 6 08:29:20 mailr-w MailScanner[17999]: SophosSAVI::INFECTED::
Troj/Dloadr-BCP Troj/Dloadr-BCP:: ./l767T9Op023287/amazing.zip
but the corresponding clamavmodule line for the same message is:
Aug 6 08:29:21 mailr-w MailScanner[17999]: INFECTED::
Trojan.Downloader-12155:: ./l767T9Op023287/amazing.zip
> Good point. That's probably it, I didn't think any of the clamavmodule
> logging should have changed.
excuse my ignorance, please explain the solution...
GREG
>> Rick
--
Greg Matthews 01491 692445
Head of UNIX/Linux, iTSS Wallingford
--
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.
More information about the MailScanner
mailing list