small bug in 4.66.5

Greg Deputy greg at
Tue Feb 26 18:44:43 GMT 2008

So this would explain no virus scanning being called out in the logs?  This
suddenly started on my installation on 2/23, but not sure why it stopped
logging virus scanning at that time.  I confirmed messages are being scanned
and I'm getting notifications of found viruses, but nothing in the logs.  

-----Original Message-----
From: mailscanner-bounces at
[mailto:mailscanner-bounces at] On Behalf Of Greg
Sent: Monday, February 25, 2008 7:39 AM
To: MailScanner discussion
Subject: Re: small bug in 4.66.5


looks like this may have been in 4.62 as well as I found what looked 
like my own modifications in in that version too.

It looks like $Name is not getting populated in sub 
ProcessClamAVModOutput. The following patch corrects the log entry but 
doesnt address the underlying cause:

--- /tmp/        2008-02-25 15:35:28.000000000 +0000
+++ ./   2008-02-25 15:23:30.000000000 +0000
@@ -1444,7 +1444,8 @@
    ($keyword, $virusname, $filename) = split(/:: /, $line, 3);

    if ($keyword =~ /^error/i && $logout !~ /rar module failure/i) {
-    MailScanner::Log::InfoLog("%s::%s", $Name, $logout);
+    #MailScanner::Log::InfoLog("%s::%s", $Name, $logout);
+    MailScanner::Log::InfoLog("ClamAVModule::%s", $logout);
      return 1;
    } elsif ($keyword =~ /^info/i || $logout =~ /rar module failure/i) {
      return 0;
@@ -1452,7 +1453,8 @@
      return 0;
    } else {
      # Must be an infection reports
-    MailScanner::Log::InfoLog("%s::%s", $Name, $logout);
+    #MailScanner::Log::InfoLog("%s::%s", $Name, $logout);
+    MailScanner::Log::InfoLog("ClamAVModule::%s", $logout);

      ($dot, $id, $part, @rest) = split(/\//, $filename);
      $report = $Name . ': ' if $Name;

Not sure if I'll have time to look at this further - hopefully Julian 
can cast some light.


Greg Matthews wrote:
> infection reporting for ClamAVModule seems to have changed in 4.66.5 
> (just upgraded from 4.62.9-2):
> Feb 25 10:03:58 mailr-w MailScanner[9708]: ClamAVModule::INFECTED:: 
> Email.Spam.Sanesecurity.Url_1331:: ./m1PA3YS5011217/
> Feb 25 11:17:49 mailr-w MailScanner[11304]: ::INFECTED:: 
> Email.Hdr.Sanesecurity.07111002:: ./m1PBHY8C011316/
> not good for log scrapers.
> will have a quick look at the code

Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

MailScanner mailing list
mailscanner at

Before posting, read

Support MailScanner development - buy the book off the website! 

More information about the MailScanner mailing list