Robert S wrote: > I have been getting these messages in my logs when a message is detected as > a virus: > > Mar 8 08:44:56 mypc clamav-milter[6112]: Message o27LiRP8029635 from > <UNKNOWN> to <UNKNOWN> with subject 'Important notice: Google' > message-id 'UNKNOWN' date 'UNKNOWN' infected by > Sanesecurity.Junk.22168.UNOFFICIAL > > Is it possible to get some more information appearing than <UNKNOWN> as > the sender and recipient?
Hi Robert, You get "UNKNOWN" because you, your distro, or your package provider has tuned the confMILTER_MACROS_ENVFROM variable (aka Milter.macros.envfrom in .cf) in a way that hides those info from the milters. For the records clamav-milter use: i, mail_addr, rcpt_addr, auth_authen whenever available. The sendmail default is: i, {auth_type}, {auth_authen}, {auth_ssf}, {auth_author},{mail_mailer}, {mail_host}, {mail_addr}. If you are using postfix, double check your milter_XXX_macros directives. HtH, -aCaB _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml