ClamAV module logging changed in 4.62

Rick Cooper rcooper at dwford.com
Wed Aug 8 04:13:06 IST 2007 

 

 > -----Original Message-----
 > From: mailscanner-bounces at lists.mailscanner.info 
 > [mailto:mailscanner-bounces at lists.mailscanner.info] On 
 > Behalf Of Greg Matthews
 > Sent: Tuesday, August 07, 2007 5:14 AM
 > To: MailScanner discussion
 > Subject: Re: ClamAV module logging changed in 4.62
 > 
 > Julian Field wrote:
 > > -----BEGIN PGP SIGNED MESSAGE-----
 > > Hash: SHA1
 > > 
 > > 
 > > 
 > > Rick Cooper wrote:
 > >> Bear in mind that when clamd was added the name of the 
 > scanner is taked from
 > >> the structure and not hard coded so if he has the display 
 > of virus scanners
 > >> off there would be no name
 > 
 > ok. but I dont understand, what is "the structure" if you mean my 
 > MailScanner.conf, then clamavmodule is explicitly specified. I'm not 
 > sure what you mean by having "the display of virus scanners 
 > off" either.

By structure I was referring to the internal information MailScanner passes
from function to functions. ClamAVModule used to be hard coded to log
ClamAVModule as the virus scanner but since Clamd and ClamAVModule pass the
same info back in the same format the code that parses the information is
used by both and part of the information that is passed is the scanner name
so the name logged now is dependant upon which scanner is being parsed.
There is an option to hide the scanner name and I honestly don't remember
what it is. If Julian hasn't looked at this yet I will in the morning but
it's late and I have been going since 3:00am so it will have to wait until
morning

 
 > My SophosSAVI still shows log lines like the following:
 > 
 > Aug  6 08:29:20 mailr-w MailScanner[17999]: SophosSAVI::INFECTED:: 
 > Troj/Dloadr-BCP Troj/Dloadr-BCP:: ./l767T9Op023287/amazing.zip
 > 
 > but the corresponding clamavmodule line for the same message is:
 > 
 > Aug  6 08:29:21 mailr-w MailScanner[17999]: INFECTED:: 
 > Trojan.Downloader-12155:: ./l767T9Op023287/amazing.zip
 > 
 > > Good point. That's probably it, I didn't think any of the 
 > clamavmodule 
 > > logging should have changed.
 > 
 > excuse my ignorance, please explain the solution...
 > 
 > GREG
 > 
 > >> Rick
 > 
 > 
 > -- 
 > Greg Matthews           01491 692445
 > Head of UNIX/Linux, iTSS Wallingford
 > 
 > -- 
 > This message (and any attachments) is for the recipient only. NERC
 > is subject to the Freedom of Information Act 2000 and the contents
 > of this email and any reply you make may be disclosed by NERC unless
 > it is exempt from release under the Act. Any material supplied to
 > NERC may be stored in an electronic records management system.
 > 
 > -- 
 > MailScanner mailing list
 > mailscanner at lists.mailscanner.info
 > http://lists.mailscanner.info/mailman/listinfo/mailscanner
 > 
 > Before posting, read http://wiki.mailscanner.info/posting
 > 
 > Support MailScanner development - buy the book off the website! 
 > 
 > --
 > This message has been scanned for viruses and
 > dangerous content by MailScanner, and is
 > believed to be clean.
 > 
 > 


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list