ClamAV logging

Mark Meelhuysen mark at meelhuysen.com
Tue Aug 21 07:49:34 UTC 2018 

Hi Thom,

I noticed that indeed and removed the main.cvd, so now there are only *.cld files.
The –lint does not produce the error anymore, but stil no logging.

Thanks.

Mark

Van: MailScanner <mailscanner-bounces+mark=meelhuysen.com at lists.mailscanner.info> Namens Thom van der Boon
Verzonden: dinsdag 21 augustus 2018 09:35
Aan: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Onderwerp: Re: ClamAV logging

Hi Mark,

Take a look at the error message in you MailScanner --lint output


LibClamAV Warning: Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them"


Met vriendelijke groet, Best regards,



Thom van der Boon
E-Mail: thom at vdb.nl<mailto:thom at vdb.nl>




=====




Thom.H. van der Boon b.v.
Transito 4

6909 DA  Babberich
Tel.: +31 (0)88 4272727
Fax: +31 (0)88 4272789
Home Page: http://www.vdb.nl/

Op 21 aug. 2018 09:24 schreef Mark Meelhuysen <mark at meelhuysen.com<mailto:mark at meelhuysen.com>>:

Hi All,



Was just testing my system for AV response and concluded that in the maillog there are no entries for ClamAV. If I remember correctly this was the case in the past and i never noticed that it is not anymore. I think after installing a new MailScanner box.

Anyone can point me in the right direction of checking why logging is not added?



Mailscanner – lint gives me:





Trying to setlogsock(unix)



Reading configuration file /etc/MailScanner/MailScanner.conf

Reading configuration file /etc/MailScanner/conf.d/README

Read 1500 hostnames from the phishing whitelist

Read 16729 hostnames from the phishing blacklists

Config: calling custom init function SQLBlacklist

MailWatch: Starting up MailWatch SQL Blacklist

MailWatch: Read 1 blacklist entries

Config: calling custom init function MailWatchLogging

MailWatch: Started MailWatch SQL Logging child

Config: calling custom init function SQLWhitelist

MailWatch: Starting up MailWatch SQL Whitelist

MailWatch: Read 4 whitelist entries



Checking version numbers...

Version number in MailScanner.conf (5.0.6) is correct.



Your envelope_sender_header in spamassassin.conf is correct.

MailScanner setting GID to  (89)

MailScanner setting UID to  (89)



Checking for SpamAssassin errors (if you use it)...

Using SpamAssassin results cache

Connected to SpamAssassin cache database

SpamAssassin reported no errors.

Connected to Processing Attempts Database

Created Processing Attempts Database successfully

There are 0 messages in the Processing Attempts Database

Using locktype = posix

MailScanner.conf says "Virus Scanners = clamav"

Found these virus scanners installed: clamav

===========================================================================

Filename Checks: Windows/DOS Executable (1 eicar.com)

Other Checks: Found 1 problems

Virus and Content Scanning: Starting

LibClamAV Warning: Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them

./1/eicar.com: Eicar-Test-Signature FOUND



Virus Scanning: ClamAV found 2 infections

Infected message 1 came from 10.1.1.1

Virus Scanning: Found 2 viruses

===========================================================================

Virus Scanner test reports:

ClamAV said "eicar.com contains Eicar-Test-Signature"



If any of your virus scanners (clamav)

are not listed there, you should check that they are installed correctly

and that MailScanner is finding them correctly via its virus.scanners.conf.

Config: calling custom end function SQLBlacklist

MailWatch: Closing down MailWatch SQL Blacklist

Config: calling custom end function MailWatchLogging

Config: calling custom end function SQLWhitelist

MailWatch: Closing down MailWatch SQL Whitelist





Versions:

MailWatch Versie: 1.2.6

Operating System Version: CentOS Linux 7 (Core)

Postfix Versie: 2.10.1

MailScanner Versie: 5.0.6

ClamAV Versie: 0.100.1

SpamAssassin Versie: 3.4.0



(Yes, I know, i’m not running latest versions).



Thank you in advance.



Mark



--
This message has been scanned for viruses and
dangerous content by MailScanner<http://www.mailscanner.info/>, and is
believed to be clean.


--
This message has been scanned for viruses and
dangerous content by MailScanner<http://www.mailscanner.info/>, and is
believed to be clean.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20180821/d82aeabc/attachment.html>

More information about the MailScanner mailing list