Robert S wrote:
> I have been getting these messages in my logs when a message is detected as
> a virus:
>
> Mar 8 08:44:56 mypc clamav-milter[6112]: Message o27LiRP8029635 from
> <UNKNOWN> to <UNKNOWN> with subject 'Important notice: Google'
> message-id 'UNKNOWN' date 'UNKNOWN' infected by
> Sanesecurity.Junk.22168.UNOFFICIAL
>
> Is it possible to get some more information appearing than <UNKNOWN> as
> the sender and recipient?
Hi Robert,
You get "UNKNOWN" because you, your distro, or your package provider has
tuned the confMILTER_MACROS_ENVFROM variable (aka Milter.macros.envfrom
in .cf) in a way that hides those info from the milters.
For the records clamav-milter use: i, mail_addr, rcpt_addr, auth_authen
whenever available.
The sendmail default is: i, {auth_type}, {auth_authen}, {auth_ssf},
{auth_author},{mail_mailer}, {mail_host}, {mail_addr}.
If you are using postfix, double check your milter_XXX_macros directives.
HtH,
-aCaB
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
