Mailscanner Version 4.71.10-1 / ClamAV 0.94 infection reporting.

Alex Broens ms-list at alexb.ch
Fri Sep 5 22:10:11 IST 2008


On 9/5/2008 10:55 PM, Julian Field wrote:
> Try the attached SweepViruses.pm.
> It will only help if the log output contains the attachment log entry 
> first, followed by the message log entry. If it's the other way around, 
> I can't suppress the message log entry on the basis that an attachment 
> log entry may appear afterwards.
> If you have any better ideas on how to predict what may be logged in the 
> future, I'm all ears :-)

__
Sep  5 23:04:16 ms1 MailScanner[25357]: Clamd::INFECTED:: 
Eicar-Test-Signature :: ./411661008C85.5B8DE/eicar_com.zip
__

maillog / clamd look GOOD
Mailwatch agrees with one line /entry


Now, can you do the magic on esets? :-)

here's what its doing.
I tried fiddling with the log formating in esets.cfg but have the 
feeling its being ignored.

__
Sep  5 23:04:17 ms1 MailScanner[25357]: 
name="./411661008C85.5B8DE/eicar_com.zip", threat="Eicar test file", 
action="", info=""
Sep  5 23:04:17 ms1 MailScanner[25357]: 
name="./411661008C85.5B8DE/eicar_com.zip » ZIP » eicar.com", 
threat="Eicar test file", action="", info=""
__

thanks

Alex




More information about the MailScanner mailing list