ClamAV module logging changed in 4.62

Gareth list-mailscanner at linguaphone.com
Wed Aug 8 14:58:36 IST 2007 

On Wed, 2007-08-08 at 13:58, Rick Cooper wrote:
>  
>  > -----Original Message-----
>  > From: mailscanner-bounces at lists.mailscanner.info 
>  > [mailto:mailscanner-bounces at lists.mailscanner.info] On 
>  > Behalf Of Greg Matthews
>  > Sent: Tuesday, August 07, 2007 5:14 AM
>  > To: MailScanner discussion
>  > Subject: Re: ClamAV module logging changed in 4.62
>  > 
>  > Julian Field wrote:
>  > > -----BEGIN PGP SIGNED MESSAGE-----
>  > > Hash: SHA1
>  > > 
>  > > 
>  > > 
>  > > Rick Cooper wrote:
>  > >> Bear in mind that when clamd was added the name of the 
>  > scanner is taked from
>  > >> the structure and not hard coded so if he has the display 
>  > of virus scanners
>  > >> off there would be no name
>  > 
>  > ok. but I dont understand, what is "the structure" if you mean my 
>  > MailScanner.conf, then clamavmodule is explicitly specified. I'm not 
>  > sure what you mean by having "the display of virus scanners 
>  > off" either. 
>  > My SophosSAVI still shows log lines like the following:
>  > 
>  > Aug  6 08:29:20 mailr-w MailScanner[17999]: SophosSAVI::INFECTED:: 
>  > Troj/Dloadr-BCP Troj/Dloadr-BCP:: ./l767T9Op023287/amazing.zip
>  > 
>  > but the corresponding clamavmodule line for the same message is:
>  > 
>  > Aug  6 08:29:21 mailr-w MailScanner[17999]: INFECTED:: 
>  > Trojan.Downloader-12155:: ./l767T9Op023287/amazing.zip
>  > 
> [...]
> 
> Ok I had a look this morning and the only reason I can see would be having
> the display scanner name set to no. And BTW, The Sohpos scanner name is hard
> coded so it would display regardless. The setting in MailScanner.conf you
> are looking for is: Include Scanner Name In Reports =  and it is probably
> set to no and should be set to yes.
> 
> As a side note, anyone using MailWatch will need this set to yes for the
> next version as the name is used in his new parsing code (from the MailWatch
> list)
> 
> Rick

I have encountered a problem with this aswell as it stopped logwatch
from recognising the clamavmodule infections.

I have tweaked logwatch to just look for INFECTED:: for now which works
for me as I am just using clamavmodule and bitdefender.

More information about the MailScanner mailing list