<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.E-mailStijl20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="NL" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Hi Thom,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">I noticed that indeed and removed the main.cvd, so now there are only *.cld files.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">The –lint does not produce the error anymore, but stil no logging.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Thanks.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Mark<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><b>Van:</b> MailScanner <mailscanner-bounces+mark=meelhuysen.com@lists.mailscanner.info>
<b>Namens </b>Thom van der Boon<br>
<b>Verzonden:</b> dinsdag 21 augustus 2018 09:35<br>
<b>Aan:</b> MailScanner Discussion <mailscanner@lists.mailscanner.info><br>
<b>Onderwerp:</b> Re: ClamAV logging<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">Hi Mark,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Take a look at the error message in you MailScanner --lint output<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:9.5pt;font-family:"Arial",sans-serif">LibClamAV Warning: Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them"</span><o:p></o:p></p>
<div>
<p class="MsoNormal"><br>
<br>
Met vriendelijke groet, Best regards,<br>
<br>
<br>
<br>
Thom van der Boon<br>
E-Mail: <a href="mailto:thom@vdb.nl">thom@vdb.nl</a><br>
<br>
<br>
<br>
<br>
=====<br>
<br>
<br>
<br>
<br>
Thom.H. van der Boon b.v.<br>
Transito 4<br>
<br>
6909 DA Babberich<br>
Tel.: +31 (0)88 4272727<br>
Fax: +31 (0)88 4272789<br>
Home Page: <a href="http://www.vdb.nl/">http://www.vdb.nl/</a><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Op 21 aug. 2018 09:24 schreef Mark Meelhuysen <<a href="mailto:mark@meelhuysen.com">mark@meelhuysen.com</a>>:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<div>
<p>Hi All,<o:p></o:p></p>
<p> <o:p></o:p></p>
<p>Was just testing my system for AV response and concluded that in the maillog there are no entries for ClamAV. If I remember correctly this was the case in the past and i never noticed that it is not anymore. I think after installing a new MailScanner box.<o:p></o:p></p>
<p>Anyone can point me in the right direction of checking why logging is not added?<o:p></o:p></p>
<p> <o:p></o:p></p>
<p>Mailscanner – lint gives me:<o:p></o:p></p>
<div style="border:none;border-bottom:solid windowtext 1.0pt;padding:0cm 0cm 1.0pt 0cm">
<p> <o:p></o:p></p>
</div>
<p> <o:p></o:p></p>
<p>Trying to setlogsock(unix)<o:p></o:p></p>
<p> <o:p></o:p></p>
<p>Reading configuration file /etc/MailScanner/MailScanner.conf<o:p></o:p></p>
<p>Reading configuration file /etc/MailScanner/conf.d/README<o:p></o:p></p>
<p>Read 1500 hostnames from the phishing whitelist<o:p></o:p></p>
<p>Read 16729 hostnames from the phishing blacklists<o:p></o:p></p>
<p>Config: calling custom init function SQLBlacklist<o:p></o:p></p>
<p>MailWatch: Starting up MailWatch SQL Blacklist<o:p></o:p></p>
<p>MailWatch: Read 1 blacklist entries<o:p></o:p></p>
<p>Config: calling custom init function MailWatchLogging<o:p></o:p></p>
<p>MailWatch: Started MailWatch SQL Logging child<o:p></o:p></p>
<p>Config: calling custom init function SQLWhitelist<o:p></o:p></p>
<p>MailWatch: Starting up MailWatch SQL Whitelist<o:p></o:p></p>
<p>MailWatch: Read 4 whitelist entries<o:p></o:p></p>
<p> <o:p></o:p></p>
<p>Checking version numbers...<o:p></o:p></p>
<p>Version number in MailScanner.conf (5.0.6) is correct.<o:p></o:p></p>
<p> <o:p></o:p></p>
<p>Your envelope_sender_header in spamassassin.conf is correct.<o:p></o:p></p>
<p>MailScanner setting GID to (89)<o:p></o:p></p>
<p>MailScanner setting UID to (89)<o:p></o:p></p>
<p> <o:p></o:p></p>
<p>Checking for SpamAssassin errors (if you use it)...<o:p></o:p></p>
<p>Using SpamAssassin results cache<o:p></o:p></p>
<p>Connected to SpamAssassin cache database<o:p></o:p></p>
<p>SpamAssassin reported no errors.<o:p></o:p></p>
<p>Connected to Processing Attempts Database<o:p></o:p></p>
<p>Created Processing Attempts Database successfully<o:p></o:p></p>
<p>There are 0 messages in the Processing Attempts Database<o:p></o:p></p>
<p>Using locktype = posix<o:p></o:p></p>
<p>MailScanner.conf says "Virus Scanners = clamav"<o:p></o:p></p>
<p>Found these virus scanners installed: clamav<o:p></o:p></p>
<p>===========================================================================<o:p></o:p></p>
<p>Filename Checks: Windows/DOS Executable (1 eicar.com)<o:p></o:p></p>
<p>Other Checks: Found 1 problems<o:p></o:p></p>
<p>Virus and Content Scanning: Starting<o:p></o:p></p>
<p>LibClamAV Warning: Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them<o:p></o:p></p>
<p>./1/eicar.com: Eicar-Test-Signature FOUND<o:p></o:p></p>
<p> <o:p></o:p></p>
<p>Virus Scanning: ClamAV found 2 infections<o:p></o:p></p>
<p>Infected message 1 came from 10.1.1.1<o:p></o:p></p>
<p>Virus Scanning: Found 2 viruses<o:p></o:p></p>
<p>===========================================================================<o:p></o:p></p>
<p>Virus Scanner test reports:<o:p></o:p></p>
<p>ClamAV said "eicar.com contains Eicar-Test-Signature"<o:p></o:p></p>
<p> <o:p></o:p></p>
<p>If any of your virus scanners (clamav)<o:p></o:p></p>
<p>are not listed there, you should check that they are installed correctly<o:p></o:p></p>
<p>and that MailScanner is finding them correctly via its virus.scanners.conf.<o:p></o:p></p>
<p>Config: calling custom end function SQLBlacklist<o:p></o:p></p>
<p>MailWatch: Closing down MailWatch SQL Blacklist<o:p></o:p></p>
<p>Config: calling custom end function MailWatchLogging<o:p></o:p></p>
<p>Config: calling custom end function SQLWhitelist<o:p></o:p></p>
<div style="border:none;border-bottom:solid windowtext 1.0pt;padding:0cm 0cm 1.0pt 0cm">
<p>MailWatch: Closing down MailWatch SQL Whitelist<o:p></o:p></p>
<p> <o:p></o:p></p>
</div>
<p> <o:p></o:p></p>
<p>Versions:<o:p></o:p></p>
<p>MailWatch Versie: 1.2.6<o:p></o:p></p>
<p>Operating System Version: CentOS Linux 7 (Core)<o:p></o:p></p>
<p>Postfix Versie: 2.10.1 <o:p></o:p></p>
<p>MailScanner Versie: 5.0.6<o:p></o:p></p>
<p>ClamAV Versie: 0.100.1 <o:p></o:p></p>
<p>SpamAssassin Versie: 3.4.0<o:p></o:p></p>
<p> <o:p></o:p></p>
<p>(Yes, I know, i’m not running latest versions).<o:p></o:p></p>
<p> <o:p></o:p></p>
<p>Thank you in advance.<o:p></o:p></p>
<p> <o:p></o:p></p>
<p>Mark<o:p></o:p></p>
<p> <o:p></o:p></p>
</div>
<p class="MsoNormal"><br>
-- <br>
This message has been scanned for viruses and <br>
dangerous content by <a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br>
believed to be clean. <o:p></o:p></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><br>
-- <br>
This message has been scanned for viruses and <br>
dangerous content by <a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br>
believed to be clean. <o:p></o:p></p>
</div>
<br />--
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br />believed to be clean.
</body>
</html>