Re: [Clamav-users] clamav-milter logging habbits

Thu, 30 Jun 2005 15:24:13 -0700 

On Thu, 30 Jun 2005, Nigel Horne wrote:

On Thursday 30 Jun 2005 19:28, Panagiotis Christias wrote:

From /var/log/mail:


Jun 30 03:38:28 diomedes clamav-milter[60071]: j5U0cN65081507:
/var/tmp/clamav/msg.G8CVC4: HTML.Phishing.Bank-1 Intercepted virus
from <[EMAIL PROTECTED]> to
<[EMAIL PROTECTED]>
Jun 30 03:38:28 diomedes clamav-milter[60071]: File quarantined as
/var/tmp/clamav/050630/j5U0cN65081507.HTML.Phishing.Bank-1
Jun 30 03:38:28 diomedes clamav-milter[60071]: Quarantined infected
mail as /var/tmp/clamav/050630/j5U0cN65081507.HTML.Phishing.Bank-1


This is a feature request. The first line in the log carries a lot of
useful information, almost everything. Would it be possible to also
include the sender's IP address? It would save us a few lines of
scripting when analyzing the logs.


Given the number of flames I receive that it already carries too much 
information,
I feel less than inclined to add even more! A test fix is now available from 
CVS.



I'll chime in here: adding an IP would help, since right now the only 
way to find out if all your viruses are coming from the same IP is to 
write a perl script that combines lines based on message-id.  I would 
put it on the "Intercepted virus" line, since not everyone quarantines.



Also, will Stephen Gran's patch be applied to the milter (and a 
*released* version of clamav -- saying it's in CVS isn't fair) soon? 
I'm still losing some logging info due to stuff that goes to the console 
of the server (to which I have very limited physical access).  Many of 
the lines getting logged there look important (and tell me to report to 
[EMAIL PROTECTED]) but since I never see them, I can't report the bugs.


Thanks,

Damian Menscher
--
-=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html














    











					Reply via email to