<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<title></title>
</head>
<body>
Antony;<br>
<br>
I'm using MS 4-22.5 and Clam 0.60. The viruses.db2 is dated<br>
<br>
-rw-r--r-- 1 clamav clamav 1319371 Aug 20 21:04 viruses.db<br>
-rw-r--r-- 1 clamav clamav 4960 Aug 21 18:01 viruses.db2<br>
<br>
The very strange thisn is that I just grepped the maillog and it shows this:<br>
<br>
[root@TBNET log]# grep FOUND maillog<br>
Aug 4 13:12:57 TBNET MailScanner[29665]: /var/spool/MailScanner/incoming/29665/./h74GCUd31049/TELE
REDES.doc.exe: Worm.BugBear.B FOUND<br>
<br>
And now it also showed:<br>
<br>
Aug 21 18:01:01 TBNET update.virus.scanners: Found clamav installed<br>
Aug 21 18:01:01 TBNET update.virus.scanners: Updating clamav<br>
Aug 21 18:01:03 TBNET ClamAV-autoupdate[7997]: ClamAV updated<br>
<br>
Note that this line for Bugbear is a few weeks old. So this is the 'only'
virus FOUND in the last 45 days. And it shows the name of the virus! However,
others were found later on and now Clam gets updated. All I did this morning
is restart "freshclam".<br>
<br>
Of course it could be that this installation really gets very few viruses.
The last time anything was reported was here:<br>
<br>
Aug 20 22:52:12 TBNET MailScanner[28239]: New Batch: Scanning 1 messages,
26307 bytes<br>
Aug 20 22:52:12 TBNET MailScanner[28239]: Virus and Content Scanning: Starting<br>
Aug 20 22:52:13 TBNET MailScanner[28239]: Content Checks: Detected HTML-specific
exploits in h7L1pUd30656<br>
Aug 20 22:52:13 TBNET MailScanner[28239]: Content Checks: Found 1 problems<br>
Aug 20 22:52:13 TBNET MailScanner[28239]: Saved infected "msg-28239-6.html"
to /var/spool/MailScanner/quarantine/200308<br>
Aug 20 22:52:13 TBNET MailScanner[28239]: Cleaned: Delivered 1 cleaned messages<br>
Aug 20 22:52:13 TBNET sendmail[30665]: h7L1qD030665: from=<>, size=721,
class=0, nrcpts=1, msgid=<200308210152.h7L1qD03<br>
Aug 20 22:52:13 TBNET MailScanner[28239]: Sender Warnings: Delivered 1 warnings
to virus senders<br>
Aug 20 22:52:13 TBNET sendmail[30669]: h7L1qDf30669: from=postmaster, size=451,
class=0, nrcpts=1, msgid=<200308210152.<br>
Aug 20 22:52:13 TBNET MailScanner[28239]: Notices: Warned about 1 messages<br>
<br>
but this seems like a form tag in an html mail.<br>
<br>
So in the end it looks like I could be fine, justa having a nice, low virus
load.<br>
<br>
Miguel<br>
<br>
Antony Stone wrote:<br>
<blockquote type="cite"
cite="mid200308211252.h7LCqF517877@onyx.rockstone.co.uk">
<pre wrap="">On Thursday 21 August 2003 1:43 pm, Miguel Koren OBrien de Lacy wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I have the same problem/symptom. My log always shows this type of output:
</pre>
</blockquote>
<pre wrap=""><!---->
What version of MailScanner do you have?
What version of ClamAV do you have?
What date/time and size is your viruses.db2 file from the ClamAV directory?
I'm using MS 4.21-9, ClamAV 0.60, and my /usr/local/share/clamav/viruses.db2
is 4732 bytes Aug 21 01:43
I get the virus names logged by syslog with FOUND at the end of the line.
Antony.
--
Having been asked to provide a reference for this man,
I can confidently state that you will be very lucky indeed
if you can get him to work for you.
</pre>
</blockquote>
<br>
</body>
</html>