small bug in 4.66.5 - log entries missing
Greg Matthews
gmatt at nerc.ac.uk
Fri Feb 29 11:38:41 GMT 2008
Scott, Julian...
Scott Silva wrote:
> on 2-28-2008 11:28 AM Julian Field spake the following:
>> Sure. Please gzip it first. Is all the other logging working okay?
>> Does it happen only with exactly this set?
>> Virus Scanners = clamavmodule
>> Exactly what log entries don't arrive in your syslog (when compared to
>> using a different virus scanner)?
>>
>> Jules
>>
> Sorry Julian,
> I think Greg wanted a copy of mine to see if he had differences, at
> least that is what I inferred.
>
Got your SweepViruses.pm and the only difference between yours and mine
is the patch I posted to correct the log entries (ie using
"ClamAVModule" instead of $Name).
I've compared your MailScanner -V output and there are a few minor
differences, most significant is probably Mail::ClamAV - you are using
0.20 and I'm using 0.21. This may be a dead end tho as my test and dev
host also runs with 0.21 and doesnt have this problem.
Julian, this is only happening on my production servers so I cant easily
take out the other AV engines. The missing content was described at the
start of this thread. Here is an example from sending the Eicar test
virus through:
Feb 29 11:32:26 mailr-w MailScanner[609]: SophosSAVI::INFECTED::
EICAR-AV-Test:: ./m1TBUQc2032625/eicar.com
Feb 29 11:32:30 mailr-w MailScanner[609]: ::INFECTED::
Eicar-Test-Signature:: ./m1TBUQc2032625/eicar.com
Feb 29 11:32:52 mailr-w MailScanner[609]:
m1TBUQc2032625/eicar.com:infected: EICAR-Test-File (not a virus)
Sophos and Bitdefender log as expected but the clamavmodule logging is
missing the "ClamAVModule" part. It should read "ClamAVModule::INFECTED..."
Attached is the MailScanner -V output.
Peculiar behaviour - let me know if you want access to one of the
affected hosts.
GREG
--
Greg Matthews 01491 692445
Head of UNIX/Linux, iTSS Wallingford
--
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ms-vers.txt.gz
Type: application/x-gzip
Size: 928 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080229/c0f5fff1/ms-vers.txt.gz
More information about the MailScanner
mailing list