ClamAV logging

Tue Aug 21 08:51:23 UTC 2018

Mark,

Not sure when this behavior changed (a v5 change?), but I only see entries
when a virus is detected.

On Tue, Aug 21, 2018 at 3:24 AM Mark Meelhuysen <mark at meelhuysen.com> wrote:

> Hi All,
>
>
>
> Was just testing my system for AV response and concluded that in the
> maillog there are no entries for ClamAV. If I remember correctly this was
> the case in the past and i never noticed that it is not anymore. I think
> after installing a new MailScanner box.
>
> Anyone can point me in the right direction of checking why logging is not
> added?
>
>
>
> Mailscanner – lint gives me:
>
>
>
>
>
> Trying to setlogsock(unix)
>
>
>
> Reading configuration file /etc/MailScanner/MailScanner.conf
>
> Reading configuration file /etc/MailScanner/conf.d/README
>
> Read 1500 hostnames from the phishing whitelist
>
> Read 16729 hostnames from the phishing blacklists
>
> Config: calling custom init function SQLBlacklist
>
> MailWatch: Starting up MailWatch SQL Blacklist
>
> MailWatch: Read 1 blacklist entries
>
> Config: calling custom init function MailWatchLogging
>
> MailWatch: Started MailWatch SQL Logging child
>
> Config: calling custom init function SQLWhitelist
>
> MailWatch: Starting up MailWatch SQL Whitelist
>
> MailWatch: Read 4 whitelist entries
>
>
>
> Checking version numbers...
>
> Version number in MailScanner.conf (5.0.6) is correct.
>
>
>
> Your envelope_sender_header in spamassassin.conf is correct.
>
> MailScanner setting GID to  (89)
>
> MailScanner setting UID to  (89)
>
>
>
> Checking for SpamAssassin errors (if you use it)...
>
> Using SpamAssassin results cache
>
> Connected to SpamAssassin cache database
>
> SpamAssassin reported no errors.
>
> Connected to Processing Attempts Database
>
> Created Processing Attempts Database successfully
>
> There are 0 messages in the Processing Attempts Database
>
> Using locktype = posix
>
> MailScanner.conf says "Virus Scanners = clamav"
>
> Found these virus scanners installed: clamav
>
> ===========================================================================
>
> Filename Checks: Windows/DOS Executable (1 eicar.com)
>
> Other Checks: Found 1 problems
>
> Virus and Content Scanning: Starting
>
> LibClamAV Warning: Detected duplicate databases /var/lib/clamav/main.cvd
> and /var/lib/clamav/main.cld, please manually remove one of them
>
> ./1/eicar.com: Eicar-Test-Signature FOUND
>
>
>
> Virus Scanning: ClamAV found 2 infections
>
> Infected message 1 came from 10.1.1.1
>
> Virus Scanning: Found 2 viruses
>
> ===========================================================================
>
> Virus Scanner test reports:
>
> ClamAV said "eicar.com contains Eicar-Test-Signature"
>
>
>
> If any of your virus scanners (clamav)
>
> are not listed there, you should check that they are installed correctly
>
> and that MailScanner is finding them correctly via its virus.scanners.conf.
>
> Config: calling custom end function SQLBlacklist
>
> MailWatch: Closing down MailWatch SQL Blacklist
>
> Config: calling custom end function MailWatchLogging
>
> Config: calling custom end function SQLWhitelist
>
> MailWatch: Closing down MailWatch SQL Whitelist
>
>
>
>
>
> Versions:
>
> MailWatch Versie: 1.2.6
>
> Operating System Version: CentOS Linux 7 (Core)
>
> Postfix Versie: 2.10.1
>
> MailScanner Versie: 5.0.6
>
> ClamAV Versie: 0.100.1
>
> SpamAssassin Versie: 3.4.0
>
>
>
> (Yes, I know, i’m not running latest versions).
>
>
>
> Thank you in advance.
>
>
>
> Mark
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 x1171
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20180821/2bb50918/attachment.html>