ClamAV module logging changed in 4.62
Rick Cooper
rcooper at dwford.com
Wed Aug 8 13:58:41 IST 2007
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On
> Behalf Of Greg Matthews
> Sent: Tuesday, August 07, 2007 5:14 AM
> To: MailScanner discussion
> Subject: Re: ClamAV module logging changed in 4.62
>
> Julian Field wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> >
> > Rick Cooper wrote:
> >> Bear in mind that when clamd was added the name of the
> scanner is taked from
> >> the structure and not hard coded so if he has the display
> of virus scanners
> >> off there would be no name
>
> ok. but I dont understand, what is "the structure" if you mean my
> MailScanner.conf, then clamavmodule is explicitly specified. I'm not
> sure what you mean by having "the display of virus scanners
> off" either.
> My SophosSAVI still shows log lines like the following:
>
> Aug 6 08:29:20 mailr-w MailScanner[17999]: SophosSAVI::INFECTED::
> Troj/Dloadr-BCP Troj/Dloadr-BCP:: ./l767T9Op023287/amazing.zip
>
> but the corresponding clamavmodule line for the same message is:
>
> Aug 6 08:29:21 mailr-w MailScanner[17999]: INFECTED::
> Trojan.Downloader-12155:: ./l767T9Op023287/amazing.zip
>
[...]
Ok I had a look this morning and the only reason I can see would be having
the display scanner name set to no. And BTW, The Sohpos scanner name is hard
coded so it would display regardless. The setting in MailScanner.conf you
are looking for is: Include Scanner Name In Reports = and it is probably
set to no and should be set to yes.
As a side note, anyone using MailWatch will need this set to yes for the
next version as the name is used in his new parsing code (from the MailWatch
list)
Rick
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list