Mailscanner Version 4.71.10-1 / ClamAV 0.94 infection reporting.
Julian Field
MailScanner at ecs.soton.ac.uk
Fri Sep 5 21:55:14 IST 2008
Try the attached SweepViruses.pm.
It will only help if the log output contains the attachment log entry
first, followed by the message log entry. If it's the other way around,
I can't suppress the message log entry on the basis that an attachment
log entry may appear afterwards.
If you have any better ideas on how to predict what may be logged in the
future, I'm all ears :-)
Cheers,
Jules.
Kevin Miller wrote:
> Julian Field wrote:
>
>> Alex Broens wrote:
>>
>>> ClamAV Full Message Scan = yes
>>>
>>> writes 2 "lines"
>>>
>>> Sep 5 17:53:09 ms1 MailScanner[2747]: ClamAVModule::INFECTED::
>>> HTML.Phishing.Bank-1272 :: ./815BD10082B5.02C82/msg-2747-17.html
>>> Sep 5 17:53:09 ms1 MailScanner[2747]: ClamAVModule::INFECTED::
>>> HTML.Phishing.Bank-1272 FOUND :: ./815BD10082B5.02C82/ ___
>>>
>>> I don't understand why this is necessary and would like to request
>>> consistency so that "ClamAV Full Message Scan = yes" logs like
>>> "ClamAV Full Message Scan = no"
>>>
>> So you want me to *not* log the fact that the Full Message Scan found
>> a virus? Seems a bit strange to me...
>> Do other people agree with me or Alex?
>>
>
> I think what he wants is that "... = yes" output a single line, not a
> duplicate. It should be logged, but not twice, one right after the
> other...
>
> ...Kevin
>
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SweepViruses.pm.zip
Type: application/zip
Size: 33927 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080905/e8e6f75d/SweepViruses.pm-0001.zip
More information about the MailScanner
mailing list