small bug in 4.66.5 - log entries missing
Greg Matthews
gmatt at nerc.ac.uk
Fri Feb 29 13:35:49 GMT 2008
Replying to myself... and top posting too, apologies
it just occurred to me that a possibly significant difference between my
production and test/dev environments is that the test/dev is 64bit and
therefore does not use the SophosSAVI stuff. Instead, it uses plain Sophos.
I tried switching from SAVI to plain Sophos in MailScanner.conf on the
prod box but MailScanner is still detecting SAVI even tho is uses plain
Sophos, and the missing "ClamAVModule" text is still a problem.
But, could there be a subtle clash between SophosSAVI and ClamAVModule
given that their logging is very similar?
GREG
Greg Matthews wrote:
>
> Feb 29 11:32:26 mailr-w MailScanner[609]: SophosSAVI::INFECTED::
> EICAR-AV-Test:: ./m1TBUQc2032625/eicar.com
> Feb 29 11:32:30 mailr-w MailScanner[609]: ::INFECTED::
> Eicar-Test-Signature:: ./m1TBUQc2032625/eicar.com
> Feb 29 11:32:52 mailr-w MailScanner[609]:
> m1TBUQc2032625/eicar.com:infected: EICAR-Test-File (not a virus)
>
> Sophos and Bitdefender log as expected but the clamavmodule logging is
> missing the "ClamAVModule" part. It should read "ClamAVModule::INFECTED..."
>
> Attached is the MailScanner -V output.
>
> Peculiar behaviour - let me know if you want access to one of the
> affected hosts.
>
> GREG
>
--
Greg Matthews 01491 692445
Head of UNIX/Linux, iTSS Wallingford
--
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.
More information about the MailScanner
mailing list