* Russ Tyndall wrote: > The system these questions involve is OS X.4.11 Intel using the ClamAV > engine 0.95.2. > > ClamD is running and Clamdscan will perform scans manually and successfully > finds the test EICAR file. > > ClamD is running as Root (as identified in Activity Monitor), started from > a LaunchDaemon. > > Questions: > 1) When scans are manually executed vis clamdscan and a virus is > found, will the VirusEvent defined in clamd.conf still fire?
Yes. > I can find no evidence that it is firing, nor any signs (log entries) that > the command is failing. > Usually all that I see are log entries like this Jul 6 05:11:32 host clamd[30362]: /path/to/infected/file/infectedfile: VirusName FOUND or this Jul 6 05:12:26 host clamd[30362]: stream: VirusName FOUND Nothing is logged about the VirusEvent Script. There may be a way to get that out of clamd, but I'm not sure. > 2) Can the VirusEvent command be to run a console app? (e.g., > /local/bin/mycustomconsoleapp "%v" ) > I don't see why not. Clamd also passes the virus name and file via variables in the virusevent's environment. <shameless plug> A virusevent script can be found at http://www.cmpublishers.com/oss </shameless plug> -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
