ClamAV logging

Mark Meelhuysen mark at meelhuysen.com
Tue Aug 21 07:23:49 UTC 2018 

Hi All,

Was just testing my system for AV response and concluded that in the maillog there are no entries for ClamAV. If I remember correctly this was the case in the past and i never noticed that it is not anymore. I think after installing a new MailScanner box.
Anyone can point me in the right direction of checking why logging is not added?

Mailscanner – lint gives me:


Trying to setlogsock(unix)

Reading configuration file /etc/MailScanner/MailScanner.conf
Reading configuration file /etc/MailScanner/conf.d/README
Read 1500 hostnames from the phishing whitelist
Read 16729 hostnames from the phishing blacklists
Config: calling custom init function SQLBlacklist
MailWatch: Starting up MailWatch SQL Blacklist
MailWatch: Read 1 blacklist entries
Config: calling custom init function MailWatchLogging
MailWatch: Started MailWatch SQL Logging child
Config: calling custom init function SQLWhitelist
MailWatch: Starting up MailWatch SQL Whitelist
MailWatch: Read 4 whitelist entries

Checking version numbers...
Version number in MailScanner.conf (5.0.6) is correct.

Your envelope_sender_header in spamassassin.conf is correct.
MailScanner setting GID to  (89)
MailScanner setting UID to  (89)

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There are 0 messages in the Processing Attempts Database
Using locktype = posix
MailScanner.conf says "Virus Scanners = clamav"
Found these virus scanners installed: clamav
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
LibClamAV Warning: Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them
./1/eicar.com: Eicar-Test-Signature FOUND

Virus Scanning: ClamAV found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
===========================================================================
Virus Scanner test reports:
ClamAV said "eicar.com contains Eicar-Test-Signature"

If any of your virus scanners (clamav)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
Config: calling custom end function SQLBlacklist
MailWatch: Closing down MailWatch SQL Blacklist
Config: calling custom end function MailWatchLogging
Config: calling custom end function SQLWhitelist
MailWatch: Closing down MailWatch SQL Whitelist


Versions:
MailWatch Versie: 1.2.6
Operating System Version: CentOS Linux 7 (Core)
Postfix Versie: 2.10.1
MailScanner Versie: 5.0.6
ClamAV Versie: 0.100.1
SpamAssassin Versie: 3.4.0

(Yes, I know, i’m not running latest versions).

Thank you in advance.

Mark


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20180821/615f1438/attachment.html>

More information about the MailScanner mailing list