Mailscanner Version 4.71.10-1 / ClamAV 0.94 infection reporting.
Alex Broens
ms-list at alexb.ch
Fri Sep 5 22:10:11 IST 2008
On 9/5/2008 10:55 PM, Julian Field wrote:
> Try the attached SweepViruses.pm.
> It will only help if the log output contains the attachment log entry
> first, followed by the message log entry. If it's the other way around,
> I can't suppress the message log entry on the basis that an attachment
> log entry may appear afterwards.
> If you have any better ideas on how to predict what may be logged in the
> future, I'm all ears :-)
__
Sep 5 23:04:16 ms1 MailScanner[25357]: Clamd::INFECTED::
Eicar-Test-Signature :: ./411661008C85.5B8DE/eicar_com.zip
__
maillog / clamd look GOOD
Mailwatch agrees with one line /entry
Now, can you do the magic on esets? :-)
here's what its doing.
I tried fiddling with the log formating in esets.cfg but have the
feeling its being ignored.
__
Sep 5 23:04:17 ms1 MailScanner[25357]:
name="./411661008C85.5B8DE/eicar_com.zip", threat="Eicar test file",
action="", info=""
Sep 5 23:04:17 ms1 MailScanner[25357]:
name="./411661008C85.5B8DE/eicar_com.zip » ZIP » eicar.com",
threat="Eicar test file", action="", info=""
__
thanks
Alex
More information about the MailScanner
mailing list