Re: [Clamav-users] Capturing message header data

Tue, 24 Nov 2009 05:07:15 -0800 

G.W. Haywood wrote:

Hi there,

On Tue, 24 Nov 2009 Ken Campney wrote:


What I'm trying to do is log message virus statistics either to a
database or log file ...


Grab syslog-ng, it can do anything you need of that nature.


I can't use the maillog because the destination isn't logged


Er, what MTA are you using?  I don't know of one that can't log what
you need.
The MTA is Sendmail, and mail logging works just fine except for messages where an infection is found.
I"m thinking the logging issue is due to clamav-milter which is why I'm posting to this list. 

Running cat /var/log/maillog | grep Infected I get:
Nov 24 05:42:09 myserver sm-mta[22365]: nAOAg8uf022365: Milter add: header: X-Virus-Status: Infected (Phishing.Heuristics.Email.SSL-Spoof) 

Running cat /var/log/maillog | grep nAOAg8uf022365 I get:
Nov 24 05:42:09 myserver sm-mta[22365]: nAOAg8uf022365: from=<u...@somedomain.com>, size=27436, class=0, nrcpts=1,msgid=<de.8c.15584.978bb...@prs>, bodytype=8BITMIME, 
proto=ESMTP, daemon=MTA, relay=somedomain.net [xxx.xxx.xx.xxx]
Nov 24 05:42:09 myserver sm-mta[22365]: nAOAg8uf022365: Milter add: header: X-Virus-Scanned: clamav-milter 0.95.3 at myserver Nov 24 05:42:09 myserver sm-mta[22365]: nAOAg8uf022365: Milter add: header: X-Virus-Status: Infected (Phishing.Heuristics.Email.SSL-Spoof) Nov 24 05:42:09 myserver sm-mta[22365]: nAOAg8uf022365: Milter: data, discard 
Nov 24 05:42:09 myserver sm-mta[22365]: nAOAg8uf022365: discarded

Clamav-milter.log has:
Message from <u...@somedomain.com> to <JoeK> infected by Phishing.Heuristics.Email.SSL-Spoof
As you can see there is no destination logged when a infection is processed. My guess this is because its not being delivered. Which would explain why the clamav-milter.log has the intended "local" delivery address. 
Unfortunately I'm needing the Envelope Recipient

Ken



--

73,
Ged.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml




--
---------------------------------------------------------------------------
Campney Business Solutions
http://www.campney.net
Phone: (585)663-5616    [9am-5pm M-F EST]

Email:
supp...@campney.net
serv...@campney.net
---------------------------------------------------------------------------

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Reply via email to