> > I'm following up on a previous post about logging to maillog: > > > > http://lurker.clamav.net/message/20090408.063308.16623e5a.en.html > > > > I am using Sendmail 8.13 on CentOS-4 but whereas previously with > 0.94.2 I would get a log entry in /var/log/maillog for every scanned > message I now only get a log event for infected messages or those with > an existing "X-Virus-Scanned" or "X-Virus-Status" header. > > This won't happen with: > > LogSyslog disabled > > LogFacility = "LOG_LOCAL6" > > If you want messages logged to syslog, please config those options > properly. > > > I have configured clamd to log every scanning event to > /var/log/clamav/clamd.log but whereas before it would log a message ID > and status I can now only get entries like these: > > Clamd has got no idea about message ids. Clamav-milter does. The place > to look for them is therefore clamav-milter.log (or syslog if you > follow > the advice above). > > > I would appreciate some guidance on whether I am missing something > obvious in the configuration that would allow me to: > > See above. > > > 1) log every scanning event in /var/log/maillog > > In *clamav-milter.conf* set: > LogSyslog yes > LogFacility LOG_MAIL > LogInfected Basic or LogInfected Full > > > 2) get more detailed log entries in /var/log/clamav/clamd.log > > If "more detailed" means "i want the message id's" then forget about > that. Clamd does not know what a message id is. > Again, the place for id's is clamav-milter's log.
I appreciate the quick response but I'm sorry to say that making the changes you suggested to clamav-milter.conf does not have the desired effect. With these values in clamav-milter.conf... LogFile /var/log/clamav/clamav-milter.log LogSyslog yes LogFacility LOG_MAIL LogInfected Full ...clamav-milter still does not log every scanning event to either /var/log/maillog or its own logfile /var/log/clamav/clamav-milter.log Here are the contents of the clamav-milter.log file after clamav-milter is started with this configuration. You can see the process being started and an infected message being logged but there's no indication of the clean message that was sent prior to the infected one. Thu Apr 16 10:13:38 2009 -> +++ Started at Thu Apr 16 10:13:38 2009 Thu Apr 16 10:13:38 2009 -> Local socket unix:/var/run/clamav/clamd.sock added to the pool (slot 1) Thu Apr 16 10:13:38 2009 -> Probe for slot 1 returned: success Thu Apr 16 10:19:49 2009 -> Message n3GAJnia022168 from <root> to <ke...@xxx.co.uk> with subject 'test infected' message-id '<200904161019.n3gajmjw022...@aaa.xxx.co.uk>' date 'Thu, 16 Apr 2009 10:19:48 GMT' infected by Eicar-Test-Signature The only indication that anything was scanned is given in the clamd.log file: Thu Apr 16 10:13:47 2009 -> fd[11]: OK Thu Apr 16 10:19:49 2009 -> fd[11]: Eicar-Test-Signature FOUND Thu Apr 16 10:19:49 2009 -> fd[11]: OK And in the message headers when the email arrives on the client: Date: Thu, 16 Apr 2009 10:13:47 GMT From: root <r...@aaa.xxx.co.uk> Message-Id: <200904161013.n3gadlx1021...@aaa.xxx.co.uk> To: ke...@xxx.co.uk Subject: test X-Virus-Scanned: clamav-milter 0.95.1 at aaa X-Virus-Status: Clean X-Logged: Logged by aaa.xxx.co.uk as n3GADlDY021695 at Thu Apr 16 10:13:47 2009 Should I report this as a bug? _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
