small bug in 4.66.5 - log entries missing

Greg Deputy greg at blastzone.com
Tue Feb 26 22:50:22 GMT 2008 

This is clamav on Debian Etch

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Julian
Field
Sent: Tuesday, February 26, 2008 1:32 PM
To: MailScanner discussion
Subject: Re: small bug in 4.66.5 - log entries missing

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Does this only happen with the ClamAVModule scanner?

Greg Deputy wrote:
> Also not seeing the typical 'Virus Scanning completed at X bytes per
second'
> or 'Batch completed at X bytes per second' messages in the log.  
>
> Is this a known issue, or do I have something else going on?
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Greg
Deputy
> Sent: Tuesday, February 26, 2008 10:45 AM
> To: 'MailScanner discussion'
> Subject: RE: small bug in 4.66.5
>
> So this would explain no virus scanning being called out in the logs?
This
> suddenly started on my installation on 2/23, but not sure why it stopped
> logging virus scanning at that time.  I confirmed messages are being
scanned
> and I'm getting notifications of found viruses, but nothing in the logs.  
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Greg
> Matthews
> Sent: Monday, February 25, 2008 7:39 AM
> To: MailScanner discussion
> Subject: Re: small bug in 4.66.5
>
> hmmm....
>
> looks like this may have been in 4.62 as well as I found what looked 
> like my own modifications in SweepViruses.pm in that version too.
>
> It looks like $Name is not getting populated in sub 
> ProcessClamAVModOutput. The following patch corrects the log entry but 
> doesnt address the underlying cause:
>
> --- /tmp/SweepViruses.pm        2008-02-25 15:35:28.000000000 +0000
> +++ ./SweepViruses.pm   2008-02-25 15:23:30.000000000 +0000
> @@ -1444,7 +1444,8 @@
>     ($keyword, $virusname, $filename) = split(/:: /, $line, 3);
>
>     if ($keyword =~ /^error/i && $logout !~ /rar module failure/i) {
> -    MailScanner::Log::InfoLog("%s::%s", $Name, $logout);
> +    #MailScanner::Log::InfoLog("%s::%s", $Name, $logout);
> +    MailScanner::Log::InfoLog("ClamAVModule::%s", $logout);
>       return 1;
>     } elsif ($keyword =~ /^info/i || $logout =~ /rar module failure/i) {
>       return 0;
> @@ -1452,7 +1453,8 @@
>       return 0;
>     } else {
>       # Must be an infection reports
> -    MailScanner::Log::InfoLog("%s::%s", $Name, $logout);
> +    #MailScanner::Log::InfoLog("%s::%s", $Name, $logout);
> +    MailScanner::Log::InfoLog("ClamAVModule::%s", $logout);
>
>       ($dot, $id, $part, @rest) = split(/\//, $filename);
>       $report = $Name . ': ' if $Name;
>
> Not sure if I'll have time to look at this further - hopefully Julian 
> can cast some light.
>
> GREG
>
> Greg Matthews wrote:
>   
>> infection reporting for ClamAVModule seems to have changed in 4.66.5 
>> (just upgraded from 4.62.9-2):
>>
>> Feb 25 10:03:58 mailr-w MailScanner[9708]: ClamAVModule::INFECTED:: 
>> Email.Spam.Sanesecurity.Url_1331:: ./m1PA3YS5011217/
>> Feb 25 11:17:49 mailr-w MailScanner[11304]: ::INFECTED:: 
>> Email.Hdr.Sanesecurity.07111002:: ./m1PBHY8C011316/
>>
>> not good for log scrapers.
>>
>> will have a quick look at the code
>>
>> GREG
>>     
>
>
>   

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.0 (Build 2158)
Comment: Use Thunderbird Enigmail to verify this message
Charset: ISO-8859-1

wj8DBQFHxIVsEfZZRxQVtlQRAmDWAKCq/QZXdVFqw5fY4dysLCkWBeiNXQCginit
fpZLo9XVKaOWwxFk2ZZVx/E=
=R/58
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list