ClamAV logging

L.P.H. van Belle belle at bazuin.nl
Tue Aug 21 09:07:13 UTC 2018 

Now, im dont know centos much but clamav is in debian logging to its own logfile. 
You could adjust the syslogger and make clamav log to mail.log 
 
Your using postfix, and you see an incoming and disconnects. 
Spammers try to abuse your server and if postfix is setup ok, then its disconnect the session. 

That is OK.  ( most of the time then ) 
And to analyse that i need much more info. ( and time. )  ;-) 
 
As far i see below, looks ok to me. 
 
Greetz, 
 
Louis
 
 
 


Van: MailScanner [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner.info] Namens Mark Meelhuysen
Verzonden: dinsdag 21 augustus 2018 10:58
Aan: MailScanner Discussion
Onderwerp: RE: ClamAV logging




Hi Shawn,

 

Thats why it triggered me. I di dan online test and the mails were not delivered (good behaviour) but i could not see anything in the log, accept that the connection was incoming and closing.

 

Mark

 

Van: MailScanner <mailscanner-bounces+mark=meelhuysen.com at lists.mailscanner.info> Namens Shawn Iverson
Verzonden: dinsdag 21 augustus 2018 10:51
Aan: mailscanner at lists.mailscanner.info
Onderwerp: Re: ClamAV logging

 

Mark,

 


Not sure when this behavior changed (a v5 change?), but I only see entries when a virus is detected.



 

On Tue, Aug 21, 2018 at 3:24 AM Mark Meelhuysen <mark at meelhuysen.com> wrote:


Hi All,

 

Was just testing my system for AV response and concluded that in the maillog there are no entries for ClamAV. If I remember correctly this was the case in the past and i never noticed that it is not anymore. I think after installing a new MailScanner box.

Anyone can point me in the right direction of checking why logging is not added?

 

Mailscanner – lint gives me:

 


 

Trying to setlogsock(unix)

 

Reading configuration file /etc/MailScanner/MailScanner.conf

Reading configuration file /etc/MailScanner/conf.d/README

Read 1500 hostnames from the phishing whitelist

Read 16729 hostnames from the phishing blacklists

Config: calling custom init function SQLBlacklist

MailWatch: Starting up MailWatch SQL Blacklist

MailWatch: Read 1 blacklist entries

Config: calling custom init function MailWatchLogging

MailWatch: Started MailWatch SQL Logging child

Config: calling custom init function SQLWhitelist

MailWatch: Starting up MailWatch SQL Whitelist

MailWatch: Read 4 whitelist entries

 

Checking version numbers...

Version number in MailScanner.conf (5.0.6) is correct.

 

Your envelope_sender_header in spamassassin.conf is correct.

MailScanner setting GID to  (89)

MailScanner setting UID to  (89)

 

Checking for SpamAssassin errors (if you use it)...

Using SpamAssassin results cache

Connected to SpamAssassin cache database

SpamAssassin reported no errors.

Connected to Processing Attempts Database

Created Processing Attempts Database successfully

There are 0 messages in the Processing Attempts Database

Using locktype = posix

MailScanner.conf says "Virus Scanners = clamav"

Found these virus scanners installed: clamav

===========================================================================

Filename Checks: Windows/DOS Executable (1 eicar.com)

Other Checks: Found 1 problems

Virus and Content Scanning: Starting

LibClamAV Warning: Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them

./1/eicar.com: Eicar-Test-Signature FOUND

 

Virus Scanning: ClamAV found 2 infections

Infected message 1 came from 10.1.1.1

Virus Scanning: Found 2 viruses

===========================================================================

Virus Scanner test reports:

ClamAV said "eicar.com contains Eicar-Test-Signature"

 

If any of your virus scanners (clamav)

are not listed there, you should check that they are installed correctly

and that MailScanner is finding them correctly via its virus.scanners.conf.

Config: calling custom end function SQLBlacklist

MailWatch: Closing down MailWatch SQL Blacklist

Config: calling custom end function MailWatchLogging

Config: calling custom end function SQLWhitelist

MailWatch: Closing down MailWatch SQL Whitelist

 


 

Versions:

MailWatch Versie: 1.2.6

Operating System Version: CentOS Linux 7 (Core)

Postfix Versie: 2.10.1 

MailScanner Versie: 5.0.6

ClamAV Versie: 0.100.1 

SpamAssassin Versie: 3.4.0

 

(Yes, I know, i’m not running latest versions).

 

Thank you in advance.

 

Mark

 



-- 
This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean. 




-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner





 


-- 

Shawn Iverson, CETL

Director of Technology


Rush County Schools


765-932-3901 x1171


iversons at rushville.k12.in.us


 

























-- 
This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean. 


-- 
This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20180821/37a79abb/attachment.html>

More information about the MailScanner mailing list