small bug in 4.66.5
Greg Deputy
greg at blastzone.com
Tue Feb 26 18:44:43 GMT 2008
So this would explain no virus scanning being called out in the logs? This
suddenly started on my installation on 2/23, but not sure why it stopped
logging virus scanning at that time. I confirmed messages are being scanned
and I'm getting notifications of found viruses, but nothing in the logs.
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Greg
Matthews
Sent: Monday, February 25, 2008 7:39 AM
To: MailScanner discussion
Subject: Re: small bug in 4.66.5
hmmm....
looks like this may have been in 4.62 as well as I found what looked
like my own modifications in SweepViruses.pm in that version too.
It looks like $Name is not getting populated in sub
ProcessClamAVModOutput. The following patch corrects the log entry but
doesnt address the underlying cause:
--- /tmp/SweepViruses.pm 2008-02-25 15:35:28.000000000 +0000
+++ ./SweepViruses.pm 2008-02-25 15:23:30.000000000 +0000
@@ -1444,7 +1444,8 @@
($keyword, $virusname, $filename) = split(/:: /, $line, 3);
if ($keyword =~ /^error/i && $logout !~ /rar module failure/i) {
- MailScanner::Log::InfoLog("%s::%s", $Name, $logout);
+ #MailScanner::Log::InfoLog("%s::%s", $Name, $logout);
+ MailScanner::Log::InfoLog("ClamAVModule::%s", $logout);
return 1;
} elsif ($keyword =~ /^info/i || $logout =~ /rar module failure/i) {
return 0;
@@ -1452,7 +1453,8 @@
return 0;
} else {
# Must be an infection reports
- MailScanner::Log::InfoLog("%s::%s", $Name, $logout);
+ #MailScanner::Log::InfoLog("%s::%s", $Name, $logout);
+ MailScanner::Log::InfoLog("ClamAVModule::%s", $logout);
($dot, $id, $part, @rest) = split(/\//, $filename);
$report = $Name . ': ' if $Name;
Not sure if I'll have time to look at this further - hopefully Julian
can cast some light.
GREG
Greg Matthews wrote:
> infection reporting for ClamAVModule seems to have changed in 4.66.5
> (just upgraded from 4.62.9-2):
>
> Feb 25 10:03:58 mailr-w MailScanner[9708]: ClamAVModule::INFECTED::
> Email.Spam.Sanesecurity.Url_1331:: ./m1PA3YS5011217/
> Feb 25 11:17:49 mailr-w MailScanner[11304]: ::INFECTED::
> Email.Hdr.Sanesecurity.07111002:: ./m1PBHY8C011316/
>
> not good for log scrapers.
>
> will have a quick look at the code
>
> GREG
--
Greg Matthews 01491 692445
Head of UNIX/Linux, iTSS Wallingford
--
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list