small bug in 4.66.5 - log entries missing

Julian Field MailScanner at ecs.soton.ac.uk
Thu Feb 28 18:43:36 GMT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Greg Matthews wrote:
> Scott Silva wrote:
>> on 2/26/2008 1:32 PM Julian Field spake the following:
>>> Does this only happen with the ClamAVModule scanner?
>>>
>> I just had some time to look at my systems and I am not seeing this.
>>
>> Back in December I saw the report change from
>>
>> Dec 30 05:38:03 mail MailScanner[28877]: ClamAV Module::INFECTED:: 
>> Email.Hdr.San
>> esecurity.07091600:: ./lBUDb5e1031892/
>>
>> to
>>
>> Feb 26 15:30:02 mail MailScanner[17626]: ClamAVModule::INFECTED:: 
>> Email.Spam.Gen
>> 2443.Sanesecurity.08020714:: ./m1QNTefQ019501/
>
> hmmm... wierd, so it works ok for you - what version of MS? can you 
> send me the SweepViruses.pm for comparison?
>
>>
>> Just the space between ClamAV and Module.
>>
>> Maybe there was some change in the perl logging module?
>
> my virus.scanners.conf has:
>
> clamav          /usr/lib/MailScanner/clamav-wrapper     /usr/local
> clamd           /bin/false                              /usr/local
> clamavmodule    /bin/false                              /tmp
>
> which seems ok to me, clam is installed under /usr/local. The hosts 
> are bog standard CentOS 4.6.
>
> GREG
>
>>
>
>
I'm seeing this:
Feb 28 18:42:03 alegria MailScanner[7283]: Virus and Content Scanning: 
Starting
Feb 28 18:42:04 alegria MailScanner[7283]: ClamAVModule::INFECTED:: 
Eicar-Test-Signature:: ./gBJNiNQG014777/
Feb 28 18:42:04 alegria MailScanner[7283]: ClamAVModule::INFECTED:: 
Eicar-Test-Signature:: ./j279YpRC016236/
Feb 28 18:42:04 alegria MailScanner[7283]: ClamAVModule::INFECTED:: 
Eicar-Test-Signature:: ./gBJNiNQG014777/eicar1.com
...
Feb 28 18:42:05 alegria MailScanner[7283]: Virus Scanning: ClamAVModule 
found 9 infections
Feb 28 18:42:05 alegria MailScanner[7283]: Infected message 
j279YpRC016236 came from 152.78.69.139
Feb 28 18:42:05 alegria MailScanner[7283]: Infected message 
gBJNiNQG014777 came from 152.78.236.133
Feb 28 18:42:05 alegria MailScanner[7283]: Virus Scanning: Found 9 viruses
Feb 28 18:42:05 alegria MailScanner[7283]: Virus Scanning completed at 
1559 bytes per second

which all looks just fine to me.
What differences are you seeing on your systems?

This is running on RHEL5 with clamavmodule as the only virus scanner.

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.0 (Build 2158)
Comment: Use Thunderbird Enigmail to verify this message
Charset: UTF-8

wj8DBQFHxwDaEfZZRxQVtlQRAjpSAJ0fT9XAB/AS/xDx9Ev7U0O9mndEegCgnVEu
gOMmQypvo3O8Ze7n+yH+WZE=
=qkWn
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list