small bug in 4.66.5 - log entries missing

Greg Matthews gmatt at
Fri Feb 29 13:35:49 GMT 2008

Replying to myself... and top posting too, apologies

it just occurred to me that a possibly significant difference between my 
production and test/dev environments is that the test/dev is 64bit and 
therefore does not use the SophosSAVI stuff. Instead, it uses plain Sophos.

I tried switching from SAVI to plain Sophos in MailScanner.conf on the 
prod box but MailScanner is still detecting SAVI even tho is uses plain 
Sophos, and the missing "ClamAVModule" text is still a problem.

But, could there be a subtle clash between SophosSAVI and ClamAVModule 
given that their logging is very similar?


Greg Matthews wrote:
> Feb 29 11:32:26 mailr-w MailScanner[609]: SophosSAVI::INFECTED:: 
> EICAR-AV-Test:: ./m1TBUQc2032625/
> Feb 29 11:32:30 mailr-w MailScanner[609]: ::INFECTED:: 
> Eicar-Test-Signature:: ./m1TBUQc2032625/
> Feb 29 11:32:52 mailr-w MailScanner[609]: 
> m1TBUQc2032625/ EICAR-Test-File (not a virus)
> Sophos and Bitdefender log as expected but the clamavmodule logging is 
> missing the "ClamAVModule" part. It should read "ClamAVModule::INFECTED..."
> Attached is the MailScanner -V output.
> Peculiar behaviour - let me know if you want access to one of the 
> affected hosts.

Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

More information about the MailScanner mailing list